Home 9 Blog 9 Seamless identity verification for BNPL

Seamless identity verification for BNPL

November 17, 2022
By Andrey Labunskiy

The BNPL industry is a relatively new trend in fintech, but it already has millions of customers worldwide. As more and more companies think of launching their own BNPL service, we prepared a small overview of the verification process which can help your business to avoid fraud risks relevant to financial operations.

BNPL overview

BNPL or Buy Now Pay Later, is a new version of consumer interest-free loans that appeared around 12 years ago on the market. 

It became wildly popular because of the simplified process for lending approval. It appeared that what took days for banks squeezed into minutes for new nimble business companies. As a result, a client can enjoy the purchase from the first day and fully cover its cost in 4 weeks or more. 

This abrupt improvement spurred interest in BNPL and drastically changed the online shopping experience. Users can get a pre-qualified amount for their next purchase and start ordering items they wouldn’t have been able to afford.

Before the purchase with BNPL, it’s required to verify the person behind the screen. Some providers use SSNs (social security numbers), phone numbers, and email. 

Mob.id does it with the passport and document owner. It works in three steps:

  • Taking a photo of a relevant ID document;
  • Placing a phone on top of a document to read chip data;
  • Passing a quick liveness test using a phone camera.

Authentication and trust source

The authentication term is the action of proving actual possession. You do this with your password and log in to show the system that you are the account owner. In our case, it’s the identity stated in the passport.

To access data on a chip, you need to have a code printed in the document. The code area is called the Machine-readable zone (MRZ). Its name comes from usage by devices to read data and compare it with information about a person. Moreover, the chip information covers biometric data and information conditions written on it. 

Public Key Infrastructure (PKI) is the specific approach for data authentication on a chip. Data has read-only access; only government can modify it. If there are changes in the data inside the chip, PKI allows the system to notice a mismatch and act accordingly.

When you don’t use NFC, you rely solely on the physical features of printed material. It has many features to prevent forging, but still, it allows fraudsters to create a fake identity. 

You can’t prove its origin when you have limited access to chip data. You have only:


  • The match between MRZ and the chip
  • The basic information about a person (like DOB and facial photograph)

After this, users get a different friction-free authentication method with a QR code to log in.

It’s faster to scan a code than fill in an email and password to access the account, but it also protects the user account against common fraud types like account takeover (ATO). 

Account takeover is a real threat for a user because transactions coming from an account with a reputation are reviewed differently than newly created accounts. As a result, criminals have a bigger chance to use money unnoticed for some time.

Mob.id prevents this scenario. The QR code generated by the system has unique features which can be identified only by a user’s device. So fraudsters have additional barriers to overcome, like possession of a client’s device. And even with the device, user data is protected natively with phone certificates and biometric information. It makes account access impossible without the presence of a user. 


Mob.id provides a comprehensive verification solution for clients and helps to increase conversion rate without compromising the quality of data protection with passwordless authentication and storing digital identity locally on a user’s phone. 

Related articles