Why Re-Verification Matters More Than One-Time KYC

Most identity verification happens exactly once — when you create your account. After that, platforms assume you’re still you. For months. Sometimes years.

That assumption is increasingly dangerous. Accounts get compromised. Credentials get stolen. Someone who passed KYC in January isn’t necessarily the same person initiating a $10,000 withdrawal in June. Zach Meltzer, CEO of VeryAI — a company building palm biometric identity verification that runs on any smartphone camera — has spent the past two years arguing that the real value in biometric identity isn’t registration. It’s what happens after.

The Gap Between Account Creation and Account Use

Traditional KYC is a gate at the front door. You scan your passport, do a face check, maybe answer some questions. Once you’re in, the system trusts you. But the threat model has shifted. Deepfake attacks on biometric systems are up 58% this year. A Dutch bank recently discovered 46 fake accounts created by a single person using deepfakes. The front door isn’t holding.

The problem isn’t just that bad actors get through initial verification. It’s that even legitimate accounts can be compromised later. Meltzer frames this as the difference between knowing someone was real five months ago and knowing they’re real right now.

“Our partners really want — not just to verify one time that this person is a human, but when they’re completing a transaction, maybe a withdrawal for say, of $10,000 or more, not just that this user was verified five months ago, but that the re-verification they perform is matching to that original registration,” he explains.

Why Hardware-Based Biometrics Can’t Do This

Re-verification sounds obvious. Why not just check again? The blocker has always been hardware. Most biometric systems — iris scanners, fingerprint readers, even the facial recognition at airport TSA — require a dedicated device in a specific location. That works when you’re physically present at a checkpoint. It doesn’t work when you’re on your couch approving a wire transfer.

This is where the phone camera approach changes the math. VeryAI scans palm prints using the camera already in your pocket. Registration takes both palms. After that, re-verification takes one palm and about two to three seconds.

“We’re not reliant on hardware, you can come back and re-verify this account at any time under two to three seconds,” Meltzer says. “This is what’s really not possible with other options. If you’re forced to use hardware, it’s going to be very unlikely that you have this sitting on your desk at home or in your pocket on the go.”

The Use Cases That Open Up

Once re-verification becomes frictionless, it stops being a security measure bolted onto the side of an application. It becomes a product feature. Meltzer describes three distinct flows: authentication at the point of transaction (confirming a withdrawal), logging back into a platform (replacing password recovery), and credential resets (changing the email tied to your banking account).

That last one is particularly interesting. Anyone who’s tried to reset credentials on a financial platform knows the pain — calling customer service, visiting a branch, providing multiple forms of ID. Banks impose these frictions because they have no better way to confirm you’re the same person who created the account. A two-second palm scan that matches your original registration solves that without the overhead.

The broader implication goes beyond any single company. If biometric re-verification becomes fast and cheap enough, the entire model of “verify once, trust forever” starts looking like a liability. Platforms that still rely on one-time KYC are betting that the person who passed verification months ago hasn’t been compromised since. That bet gets worse every quarter.

What This Means for Platform Builders

For developers building financial or high-value transaction platforms, the takeaway is architectural. Identity isn’t a checkbox at onboarding — it’s a recurring signal at moments of risk. The technical pieces to make re-verification seamless are arriving. The question is whether platforms will redesign their flows around them, or keep relying on the one-time gate that deepfakes have already learned to walk through.

FAQ

Why isn’t one-time KYC enough to prevent fraud on financial platforms?

One-time KYC only confirms identity at account creation. Accounts can be compromised afterward through stolen credentials or social engineering. Deepfake attacks are up 58% this year, and a Dutch bank found 46 fake accounts from one person. The gap between verification and transaction is where fraud lives.

What is biometric re-verification and how is it different from login?

Re-verification confirms the person initiating a transaction matches the original biometric registration — not just that they have the right password. It can apply at withdrawal, credential reset, or high-value actions. VeryAI’s palm scan takes two to three seconds from any smartphone camera.

Which platforms benefit most from re-verification instead of one-time identity checks?

Financial platforms handling withdrawals, exchanges processing high-value trades, and any service where credential resets are a fraud vector. VeryAI’s first implementation is on MEXC, a crypto exchange with 32 million users, where palm scans authorize asset withdrawals.

How does VeryAI handle re-verification without dedicated hardware?

Users register both palms through their phone camera. Later, they re-verify with one palm in two to three seconds using the same phone. No special sensor or location required. The system checks the live scan against the original registration using proprietary matching with a false acceptance rate of one in 10 million.

Does re-verification add friction to the user experience?

A two-to-three-second palm scan adds minimal friction compared to the alternative — calling customer service, visiting a branch, or providing multiple forms of ID for credential resets. The trade-off is worth it for transactions above a certain risk threshold. Platforms can set their own trigger rules.

Can VeryAI replace traditional KYC document checks entirely?

Not yet. Legal and regulatory requirements still mandate document verification in many financial contexts. VeryAI can supplement those checks by confirming a unique human is present at the moment of transaction, but passport and ID scans remain legally required for initial onboarding in most jurisdictions.

What is the false acceptance rate for palm biometrics vs face recognition?

Apple Face ID reports a false acceptance rate of one in one million. VeryAI’s palm baseline starts at one in 10 million — 10x more accurate. Using both palms with multiple scans can push that to one in 100 trillion, though practical deployments balance accuracy with user convenience.

Why are financial platforms moving toward biometric authentication for transactions?

Password-based authentication is increasingly unreliable. Credentials get phished, leaked, and reused. Biometric re-verification at the point of transaction provides a stronger signal that the actual account holder is present — not just someone who obtained their login credentials.

How long does it take to integrate palm biometric re-verification into an existing platform?

VeryAI provides an SDK that embeds into third-party apps on iOS and Android. The integration adds registration and re-verification flows to existing user journeys. Specific integration timelines depend on the platform, but the SDK approach avoids the need for custom hardware procurement or installation.