What Is KYC and Why Does It Matter?
KYC (Know Your Customer) verification is the process of confirming a user's identity before granting access to regulated services. It originated in banking and anti-money laundering (AML) law, but in 2026 it touches virtually every industry that handles sensitive data: fintech, healthcare, insurance, crypto exchanges, and real estate platforms. Regulators across 190+ jurisdictions now mandate some form of identity verification, and penalties for non-compliance routinely exceed seven figures.
The challenge is straightforward but brutal: you need to verify that a person is who they claim to be, that they are not on a sanctions or watchlist, and that their documents are authentic -- all without creating a honeypot of personally identifiable information (PII) that attracts attackers. Traditional KYC implementations fail on that last point. They collect document scans, selfies, and biometric templates into centralized databases, creating exactly the kind of target that leads to headline-making breaches.
The EU's eIDAS 2.0 regulation, the US FinCEN Customer Due Diligence Rule, and FATF's updated Recommendation 10 all now explicitly address digital identity verification. Critically, GDPR Article 25 ("Data Protection by Design") and the upcoming EU AI Act impose obligations on how biometric data is processed, not just whether consent was obtained. Systems that store raw biometric templates are increasingly non-compliant by design.
The Four Pillars of Modern KYC
A production-grade KYC pipeline consists of four verification stages, each addressing a different class of fraud:
| Stage | Purpose | Fraud Class Addressed | Typical Latency |
|---|---|---|---|
| Document Verification | Validate ID authenticity (passport, driver's license, national ID) | Forged / altered documents | 2-8 seconds |
| Biometric Matching | Match live face to document photo | Impersonation, stolen IDs | ~42µs (H33 FHE) |
| Liveness Detection | Confirm physical presence of applicant | Deepfakes, photo replay, mask attacks | 1-3 seconds |
| Watchlist Screening | Screen against PEP, sanctions, and adverse media lists | Sanctioned entities, money laundering | 200-500ms |
Document verification uses optical character recognition (OCR) combined with template matching to detect tampered holograms, inconsistent fonts, and manipulated MRZ codes. Biometric matching compares a 128-dimensional face embedding extracted from the live capture against the enrollment template. Liveness detection adds a layer of anti-spoofing, rejecting printed photos, screen replays, and increasingly sophisticated deepfake video injections. Finally, watchlist screening cross-references extracted identity data against OFAC, EU consolidated sanctions lists, Interpol databases, and commercial PEP registers.
The Privacy Problem With Traditional KYC
In a conventional pipeline, every stage above requires the service provider to see and store raw PII. Document images sit in S3 buckets. Face embeddings live in a vector database. Name, date of birth, and address are indexed in plaintext for screening queries. This architecture is a liability. When (not if) a breach occurs, attackers gain everything needed for identity theft at scale.
"The fundamental flaw in legacy KYC is architectural: verification requires exposure. You cannot check a document you cannot read. You cannot match a face you cannot see. Every traditional KYC provider is, by construction, a custodian of the exact data attackers want most."
This is where fully homomorphic encryption (FHE) changes the equation. FHE allows computation on encrypted data without ever decrypting it. A biometric match can be performed directly on ciphertexts -- the server that runs the comparison never sees the raw face embedding, never stores a decryptable template, and cannot be compelled to produce one because it never possessed the decryption key.
Privacy-Preserving KYC With H33
H33's KYC pipeline replaces every plaintext operation with a cryptographic equivalent. Biometric matching runs on BFV fully homomorphic encryption with SIMD batching: 32 users are packed into a single ciphertext (4096 polynomial slots divided by 128-dimensional embeddings), and the encrypted inner product completes in roughly 1,109 microseconds per batch -- approximately 42 microseconds per individual authentication. On production Graviton4 hardware (c8g.metal-48xl, 96 cores), this sustains 1.595 million authentications per second.
// Single API call — full KYC verification pipeline
POST /api/v1/kyc/verify
Authorization: Bearer h33_pk_...
Content-Type: application/json
{
"document": {
"type": "passport",
"encrypted_ocr": "<BFV ciphertext>",
"mrz_hash": "sha3_256:ab3f..."
},
"biometric": {
"encrypted_embedding": "<BFV ciphertext, 128 dims>",
"liveness_proof": "<ZKP attestation>"
},
"screening": {
"encrypted_name_hash": "<Kyber-encapsulated AES-GCM>",
"jurisdiction": "US"
}
}Every field in that request is encrypted before it leaves the client. Document OCR data is encrypted with Kyber key encapsulation (AES-256-GCM transport) and signed with Dilithium for tamper evidence. Biometric embeddings are BFV-encrypted for homomorphic matching. The liveness proof is a zero-knowledge proof (ZKP) attesting that the capture passed anti-spoofing checks, cached in an in-process DashMap for 0.085-microsecond lookups -- 44 times faster than a network-bound STARK verification.
Attestation and Audit Trail
After the encrypted match completes, H33 generates a batch attestation: a SHA3-256 digest of the verification result signed with Dilithium (ML-DSA-65). This attestation proves that verification occurred and what the outcome was, without revealing any underlying biometric or document data. Regulators can validate the signature. Auditors can confirm the timestamp. Neither party can reconstruct the raw PII. The full attestation cycle -- SHA3 digest plus one Dilithium sign and verify -- adds roughly 244 microseconds, keeping the total per-authentication cost well under a millisecond.
Every cryptographic primitive in H33's KYC pipeline is post-quantum secure. BFV encryption is lattice-based. Dilithium signatures are lattice-based (NIST FIPS 204). Kyber key exchange is lattice-based (NIST FIPS 203). ZKP cache integrity uses SHA3-256. There is no RSA, no ECDSA, no classical dependency that a quantum computer could break. Your KYC verification today will still be unforgeable and unreadable in 2040.
Implementation Considerations
Deploying privacy-preserving KYC requires decisions at three layers: regulatory mapping, client-side encryption, and server-side verification architecture.
Regulatory Mapping
Different jurisdictions mandate different verification depths. The US requires CIP (Customer Identification Program) compliance under the Bank Secrecy Act. The EU requires Strong Customer Authentication (SCA) under PSD2 for payment services. Singapore's MAS Notice 626 requires enhanced due diligence for higher-risk customers. Your KYC pipeline must be configurable per jurisdiction, and your attestation records must satisfy the specific evidentiary standards each regulator expects.
Client-Side Encryption
The critical architectural choice is encrypting biometric data on the client device before transmission. H33's SDK handles BFV encryption of face embeddings directly in the mobile or browser environment, ensuring the raw embedding never exists in plaintext on any server. The public key is distributed during onboarding; the secret key remains with the user or is split across a threshold scheme.
Reusable Credentials
Once a user completes KYC, the signed attestation becomes a reusable credential. Subsequent services can verify the Dilithium signature on the attestation to confirm that KYC was completed, when it was completed, and by which provider -- without repeating the document scan and biometric capture. This dramatically reduces onboarding friction for multi-service platforms while maintaining full regulatory compliance. The credential is portable, cryptographically bound to the user, and cannot be transferred or forged.
| Metric | Traditional KYC | H33 Privacy-Preserving KYC |
|---|---|---|
| Biometric data exposure | Plaintext on server | Never decrypted server-side |
| Verification latency | 3-15 seconds | ~42µs per auth |
| Throughput | ~100 verifications/sec | 2.17M auth/sec |
| Post-quantum secure | No | Yes (all primitives) |
| Breach impact | Full PII exposure | Ciphertexts only (useless without key) |
| Reusable credential | Provider-locked | Portable Dilithium attestation |
Getting Started
H33's KYC API is available on the standard pricing tiers, starting with 10,000 free API calls per month. Each verification call runs the full pipeline -- FHE biometric match, ZKP liveness attestation, encrypted document check, and Dilithium-signed result -- in a single request. No plaintext PII is stored, transmitted, or logged at any point in the pipeline. Integration takes a single API endpoint and an SDK that handles client-side encryption transparently.
Ready to Go Quantum-Secure?
Start protecting your users with post-quantum authentication today. 1,000 free auths, no credit card required.
Get Free API Key →