Digital Onboarding in Southeast Asian Banking: The Role of Face Biometrics
How banks and fintechs across Indonesia, the Philippines, Vietnam, and Thailand use face verification and liveness detection to onboard customers remotely.
The Region That Onboards by Selfie
Southeast Asia is home to one of the world's largest unbanked and underbanked populations — and one of its fastest-growing digital finance markets. Digital banks, e-wallets, and lending apps across Indonesia, the Philippines, Vietnam, and Thailand acquire customers who may never visit a branch, may not have a fixed address, but almost certainly have a smartphone with a front camera.
That combination made face-based eKYC the region's default onboarding pattern: photograph an ID document, take a selfie, prove the selfie is live, match the selfie to the document. Minutes instead of days, no branch required.
This article looks at how that flow works, what regulators expect, and how to build it well.
The Standard eKYC Flow
Across the region's digital banks and e-wallets, remote onboarding converges on the same pipeline:
Steps 3 and 4 are where face biometrics carry the fraud burden. Skip liveness and the flow is trivially defeated by a photo of a stolen ID's owner — which is exactly the fraud pattern that pushed liveness detection into regional KYC expectations.
What Regulators Expect
Each market frames eKYC differently, but the direction is consistent:
Two engineering consequences follow. First, liveness is table stakes — regulators increasingly name spoof resistance explicitly. Second, data protection laws apply to the biometric artifacts: Indonesia's UU PDP, the Philippines' Data Privacy Act, Thailand's PDPA, and Vietnam's data decrees all treat biometric data as sensitive, with consent and retention obligations similar to GDPR's treatment of face data.
The Fraud Reality
Onboarding fraud in the region is industrialized: stolen ID photo sets sold in bulk, "selfie farms" that recruit people to pass verification on others' documents, and increasingly deepfake and camera-injection attacks aimed at high-value accounts. Regional fraud reports consistently rank identity fraud among the top attack vectors for digital financial services, with deepfake-assisted attempts growing fastest.
Defense follows the layered model:
Beyond Onboarding: The Face as an Ongoing Credential
Once a verified face embedding exists, banks reuse it: face login for account recovery, biometric confirmation for transfers above thresholds, and branchless service at agent locations — an agent's phone camera plus 1:N recognition can authenticate a customer without cards or PINs. Each reuse compounds the return on getting onboarding biometrics right the first time.
Build Considerations for the Region
Teams shipping eKYC across Southeast Asian markets deal with constraints that developed-market playbooks miss:
Where ARSA Fits
ARSA Technology builds face recognition from Indonesia for exactly these conditions. The Face Recognition API covers the full eKYC biometric layer — 1:1 verification, passive and active liveness, and 1:N recognition for returning-customer flows — with transparent per-plan pricing, isolated per-tenant face databases, and a self-hosted option for residency-bound deployments.
Prototype the full selfie-verification flow on the free tier with our Node.js or Flutter tutorials, or talk to us about on-premise deployment.