I onboarded my first bank account through video KYC in late 2020, sitting cross-legged on my living room floor while a very patient bank officer asked me to tilt my Aadhaar card toward the camera. The whole thing took nine minutes. A little awkward. Definitely faster than the branch visit it replaced. That was five years ago, and the gap between what video KYC in India was then and what it has become in 2026 is enormous, not just technologically but regulatorily.
India’s e-KYC market was valued at USD 26.3 million in 2024 and is projected to reach USD 139.3 million by 2033, growing at a 20.33% CAGR. NBFCs alone processed over 100 million KYC verifications through video in 2023, cutting fraud cases by roughly 30%. If you’re running compliance at a bank, NBFC, or fintech and haven’t revisited your video KYC in India setup since the original V-CIP circular, this guide is for you.
Video KYC in India, formally called V-CIP, or Video-based Customer Identification Process, is the RBI’s framework for verifying customer identity remotely through a live, real-time video interaction. It’s treated as legally equivalent to face-to-face identification, which is a big deal. That equivalence is what allows banks and NBFCs to open fully functional accounts without the customer ever visiting a branch.
But here’s what trips people up. Video KYC in India is not just a video call. It is a regulated process with specific technical requirements around encryption, geo-tagging, liveness detection, document verification, and concurrent audit. The video part is almost the least interesting thing about it.
This is the section I’m going to spend the most time on because it’s where most of the confusion exists. The video KYC RBI guidelines have evolved significantly since V-CIP was first introduced in January 2020, and the November 2025 overhaul changed the landscape again.
On November 28, 2025, the RBI issued sector-specific KYC Master Directions covering ten institution types including commercial banks, NBFCs, payments banks, cooperative banks, and more. This replaced the original 2016 Master Direction entirely. Then, on June 12, 2025, three interlinked circulars reformed the broader KYC framework with tighter procedural requirements, the elimination of redundant processes, and stronger consumer protections. If your compliance manual still references the 2016 direction, it is out of date for video KYC in India.
I’ve broken down the video KYC RBI guidelines into what I think of as the hard requirements, the things that will get you flagged if they are missing, versus the soft guidance that gives you some implementation flexibility.
Hard requirements include the V-CIP application being proprietary, with no use of platforms like Zoom or Teams. There must be end to end encryption between the customer’s device and your hosting point. Real time liveness detection must be capable of catching spoofing attempts and deepfakes. Geo-tagging of the customer’s location must be captured along with IP validation to confirm they are in India. A concurrent audit of every session must happen before the account is activated. There must be tamper proof storage of all video recordings and verified documents. Finally, VAPT (Vulnerability Assessment and Penetration Testing) by CERT-In empaneled auditors must be conducted periodically, not just once at launch.
Soft guidance means the RBI tells you the outcome it expects but not exactly how to implement it. This includes the specific liveness detection technology, the exact encryption standard as long as it meets relevant benchmarks, and the frequency of VAPT cycles. This is where institutions have room to differentiate, and also where the most mistakes happen. I covered those mistakes in detail in a separate piece, but the short version is that flexibility does not mean optional.
The actual video KYC process in India banks follow looks roughly like this, though the specifics vary by institution. I’m describing what a compliant implementation should include, not what every bank actually does. There is often a gap.
First, the customer initiates the process through the bank’s app or website and consents to the video interaction. The system captures their device GPS coordinates and validates the IP address. A trained V-CIP officer connects via live video. Pre-recorded sessions are not allowed.
The officer verifies the customer’s identity documents such as PAN, Aadhaar, or passport by asking the customer to hold them up to the camera. The officer then inspects edges, fonts, holograms, and photo matches using frame freeze and zoom tools.
Simultaneously, the system runs liveness checks. These include both active checks, such as asking the customer to perform an action like turning their head, and passive checks that analyze micro expressions and light patterns. The officer captures a clear photograph of the customer and the documents. Aadhaar XML or QR code extraction must be completed within three working days of the session.
Finally, a second qualified official performs a concurrent audit of the entire recorded session before the account status moves from pending to active.
If the call drops mid session, the process must start over. The regulation does not allow a disconnected V-CIP call to resume, though brief pauses within a single continuous session are permitted. I’ve heard compliance teams complain about this rule more than any other, especially in rural areas where connectivity is spotty. But the RBI’s logic is sound. A broken session creates gaps in the audit trail that are impossible to verify after the fact.
Video KYC in India for NBFCs follows the same core V-CIP framework as banks, but the operational reality is different. Most NBFCs do not have the in-house technology teams that large banks do, so they are more dependent on third party V-CIP vendors.
The RBI allows this up to a point. The regulated entity must retain complete ownership of all data. If you are using a cloud based V-CIP solution, customer data must transfer to your systems immediately after the call. Nothing should remain on the vendor’s servers.
The DPDP Act, with rules notified in 2025, adds another layer. Every NBFC now operates as a Data Fiduciary under this law, which means legal liability for how video KYC data in India is collected, processed, and stored. Cross border data transfers face restrictions. Video recordings must remain in India.
For smaller NBFCs especially, this has made vendor selection a compliance exercise in its own right. You are not just buying software. You are choosing who shares your regulatory exposure.
About 76% of fintechs now use automated KYC and AML systems, and AI based verification has cut average onboarding time by 84%. Those are impressive numbers. Over 70% of fintech companies globally had integrated video KYC into their onboarding flows by 2023. These advancements are driving the adoption of digital KYC verification India platforms that combine automation with regulatory compliance.
But here’s the tension I keep seeing. Fintechs optimize for conversion speed, while digital KYC verification regulations in India optimize for fraud prevention. Those goals are not opposed, but they are not automatically aligned either.
The fintechs that get this right treat compliance infrastructure as a product feature rather than a burden. A smooth V-CIP flow with fast liveness checks and minimal drop offs becomes a competitive advantage when your rival’s onboarding takes 20 minutes and yours takes six.
The ones that get it wrong try to shortcut the concurrent audit or deploy liveness detection that is fast but weak. Then they face penalties when the RBI comes knocking.
I want to be upfront about something. No current liveness detection system is completely deepfake proof. Not one.
Deepfake related cybercrime in India has surged 550% since 2019, with projected losses of ₹70,000 crore. Synthetic identity fraud jumped 378% in just Q1 2025. Over 11 lakh video KYC calls happen daily across Indian financial institutions. The attack surface is massive, and attackers are improving faster than the defenses.
The best implementations layer multiple detection methods including active prompts, passive micro expression analysis, voice video synchronization, and light variation scanning. Even then, every session is treated as potentially adversarial.
It is not a solved problem. It is an arms race. Anyone selling you complete deepfake protection is overselling.
As regulations tighten and fraud techniques evolve, many institutions are realizing that building compliant infrastructure for video KYC in India is harder than it initially appears. What starts as a simple onboarding feature quickly becomes a complex system involving document verification, liveness detection, geo-location validation, and strict audit controls.
KYC Hub’s vCIP solution is the ideal solution for all the video KYC in India problems. Instead of stitching together multiple tools, banks, NBFCs, and fintech companies can deploy a system designed specifically around the operational realities of the video KYC in India regulators expect.
A typical implementation includes live video verification, automated document authentication, AI-driven liveness detection, and geo-location checks aligned with video KYC RBI guidelines. Every session is recorded and stored in tamper-resistant formats, creating a clear audit trail for compliance reviews.
For lenders handling large onboarding volumes, especially those implementing video KYC for NBFCs, this type of infrastructure also reduces manual workload. Identity checks, document data extraction, and verification workflows can run in parallel, helping teams maintain compliance while keeping onboarding fast.
Platforms like KYC Hub are also being used to strengthen digital KYC verification India workflows by integrating video verification with other identity checks, risk signals, and AML monitoring systems. Instead of treating video KYC as a standalone step, institutions can incorporate it into a broader compliance framework that supports secure digital onboarding at scale.
The regulatory trajectory for Video KYC in India is clear. More specificity, higher standards, and bigger consequences.
The RBI’s shift to sector specific KYC Master Directions in late 2025 signals that one size fits all guidance is over. Banks, NBFCs, payment aggregators, and cooperative banks will increasingly face tailored requirements that reflect their specific risk profiles.
I have been tracking this space since the first V-CIP circular, and the pace of change in the last 18 months has been unlike anything in the previous four years. The DPDP Act is reshaping data handling. AI driven fraud is forcing detection upgrades. And the RBI’s penalty actions in 2024 to 2025, totaling ₹54.78 crore across 353 entities, made it clear that non compliance has a price tag boards can no longer ignore.
My advice, for whatever it is worth: do not wait for the next circular of video KYC in India to start upgrading.
The institutions that treated 2025’s regulatory overhaul as a reason to rebuild their V-CIP stack from the ground up are the ones sleeping well right now. Everyone else is playing catch up, and the window for that is shrinking fast.
