Beating fraud without breaking conversion
Upgrading eKYC compliance while keeping the onboarding experience intact.

background.
The company is a leading payment platform in Vietnam. A new State Bank of Vietnam (SBV) mandate — Decision 2345 — required financial institutions to implement strict biometric authentication to combat rising financial fraud. While we already had a working digital eKYC process, its basic liveness checks were no longer legally compliant or secure enough against sophisticated deepfakes and spoofing tactics.
Problem.
Integrating NFC chip reading and advanced facial recognition meant adding significant friction to the user journey. The core challenge was implementing these heavy security measures to block fraudulent accounts without destroying our onboarding conversion rate. Furthermore, SBV gave us a strict, non-negotiable deadline to roll this out to all users.
Goal.
Achieve full SBV Decision 2345 compliance while strengthening security to reduce fraud — without significantly impacting the onboarding conversion rate.
Contribution.
- Regulatory & technical discovery
- Biometric API vendor evaluation
- Flow design & UX review
- Edge-case handling & phased rollout planning
the decisions.
We started by auditing our existing onboarding flow. The real challenge wasn't user intent — it was the fact that the new mandate turned a simple digital onboarding into a complex physical task. First, reading NFC chips across a wide variety of mobile devices is often unstable. Second, the required advanced 3D liveness detection was highly sensitive, often failing users due to poor lighting or slight movements. Our challenge wasn't just catching deepfakes; it was preventing legitimate users from getting trapped in an endless loop of failed scans and abandoning the app.
Decision 2345 required biometric authentication to block deepfakes and spoofing. We chose advanced liveness detection as our technical approach — but multiple vendor SDKs were available. With 6 months to the deadline and a capable internal AI team, how do we build this?
Pick the move you would make — you can change your answer.
NFC scanning is unavoidable — but device diversity means the experience is inconsistent and often fails on the first try. How do we design around this friction to keep users from dropping off?
Pick the move you would make — you can change your answer.
outcome.
We successfully rolled out the SBV-compliant biometric flow ahead of the regulatory deadline. By building the verification engine in-house and shipping a guided NFC experience within a tight timeline, we integrated advanced security checks without breaking the user journey. The custom-built system strengthened our defenses against fraud while keeping the overall eKYC experience under our full control.
Takeaways
Impact.
- SBV Compliance: Achieved full compliance with the new biometric mandates ahead of the regulatory deadline.
- Fraud Blocked: 99% reduction in fraudulent account attempts compared to the legacy flow.
- Operational Efficiency: Maintained an 80% auto-approval rate, minimizing the burden on our manual review team.
What I learned.
Compliance and security mandates often feel like strict technical constraints, but they are fundamentally UX challenges. Building in-house under a tight regulatory deadline carries real risk — but owning the architecture meant we could design the biometric checks in the right order, protecting the business without creating unnecessary friction for legitimate users. The lesson: treat every compliance requirement as a product design problem, not just an engineering task.
Next steps
- 1
Continue refining the facial matching model to raise confidence scores on correct matches, making verification results more decisive and reliable.
- 2
Expand anti-spoofing capabilities to detect more sophisticated attack vectors — including AI-generated faces and photo injection from secondary devices.