Knowing Your Customer: Getting It Right at Sign-Up

When a customer signs up for a service, the focus is often on speed and convenience. Seamless onboarding is seen as the gold standard. Yet, in that very moment, one of the most important privacy decisions is made: do you actually know who this person is?

If you get it wrong, everything that follows rests on shaky foundations. An organisation might unwittingly enable fraud, allow someone to run up debt under another person’s name, or expose an innocent individual to harm that could ruin their credit record and reputation. For the person who has been misidentified, the consequences are not just administrative headaches, they are deeply personal, and potentially long-lasting.

The Privacy Act 2020 makes it clear: agencies must take reasonable steps to ensure personal information is accurate and up to date, not only when it is collected but also before it is used or disclosed. That obligation begins at sign-up. Misidentifying a customer isn’t a clerical mistake; it’s a risk that could ripple through someone’s life in ways they never consented to.

The challenge is balance. Put too many barriers at sign-up and customers will walk away. Lower the bar too far and you open the door to error and fraud. The Privacy Commissioner has recently highlighted how weak identification processes, particularly in utility providers, have caused real harm to individuals. The message is clear: getting customer identification wrong is not just an operational issue, it’s a privacy risk with real-world consequences.

Many organisations rely on collecting the name and date of birth contained on a driver licence or passport and matching it using the Confirmation Service. While this checks that an identity exists with that name and date of birth, it doesn’t necessarily confirm that the person standing in front of you is the genuine holder of that identity or is the person in the photo on the provided document. Fraudulent documents can and do slip through. More robust solutions exist, such as the Department of Internal Affairs’ Identity Check, which matches identity information, including appearance, against official New Zealand databases. This provides a stronger safeguard against impersonation and fraudulent sign-ups.

Ultimately, customers want to know that when they share their details, you recognise them as the right person from day one and that you’ll continue to respect and protect that identity over time.

Getting sign-up right isn’t about ticking a compliance box. It’s about building trust. It’s about signalling to your customers that their identity matters, their privacy matters, and that your relationship with them is built on solid ground. The organisations that see onboarding not just as a transaction but as the beginning of a trust-based relationship will stand apart.

Knowing your customer is more than an operational step. It’s a promise to safeguard their identity, respect their privacy, and uphold their trust throughout the journey.