Skip to main content

Know Your Customer (KYC)

The KYC flow uses EUDI Wallet credentials for identity verification during customer onboarding. Instead of manual document uploads, your app requests government-issued Personal Identification Data (PID) from the user's wallet, verifying identity through cryptographic proofs. This applies to any regulated onboarding scenario—opening a bank account, purchasing an insurance policy, registering for a government service, or any process that requires verified identity.

Flow overview

Your organization acts as the Relying Party. You request specific identity attributes from the user's wallet, and the Truvity EUDIW Connector handles the protocol exchange, verification, and result delivery.

The flow works as follows:

  1. The user initiates onboarding in your app.
  2. Your app creates a presentation request specifying the required identity attributes.
  3. The connector generates an authorization request and returns a URI.
  4. Your app displays a QR code (cross-device) or triggers a deep link (same-device).
  5. The user opens their EUDI Wallet, reviews the request, and consents to share their data.
  6. The wallet submits an encrypted presentation response to the connector.
  7. The connector decrypts, verifies signatures and trust chains, and delivers the result to your callback.
  8. Your app completes the onboarding process.

Trust and security

The flow relies on multiple layers of cryptographic verification.

Trusted issuers

The PID is signed by a government issuer. The connector verifies the issuer's signature and certificate chain, ensuring the data comes from a valid government source.

Service authentication

The connector signs the authorization request using your X.509 access certificate. The wallet checks this certificate to display your organization's verified name to the user before they consent, reducing phishing risks.

Revocation checking

The connector checks whether the credential has been revoked by the issuer. Revoked credentials are rejected even if their expiration date has not passed.

Privacy and data minimization

The flow supports GDPR data minimization principles. You request only the specific attributes necessary for KYC, such as name and date of birth, omitting fields that are not required by regulation. The user shares less data than they would by presenting a physical ID card.

The connector uses an ephemeral data model. Credential data is verified in memory, delivered to your callback, and then deleted. No user attributes persist in the connector.

Integration patterns

Cross-device flow

Common for desktop web apps. The user initiates onboarding on your website, scans a QR code with their EUDI Wallet, and your backend receives the verification result through the callback.

Same-device flow

Common for mobile apps. The user taps a button in your app, the operating system opens the EUDI Wallet through a deep link, the user approves the request, and the wallet redirects back to your app.

Further reading

  • Connector architecture—how the connector processes credentials and delivers results via callback
  • OID4VP protocol—how the OID4VP protocol enables credential verification between wallets and Relying Parties
  • Selective disclosure—how selective disclosure enables privacy-preserving credential sharing