5min
walk-up to boarding
Already enrolled at the bank. Walks up, scans, boards.
- Biometric already on file with the bank
- Scans palm vein at the airport gate
- Boards
Featured project · 2022·8 min read·May–Sep 2022
Quick Check-in
Integrating biometric identity across two highly regulated industries, a first for Korea.
Two passengers, two paths
Same airport. The only thing that changes is whether their bank-side enrollment travels with them.
20min
queue, paperwork, re-enrollment
Not enrolled. Has to rebuild trust from scratch on-site.
- Waits in line for biometric check-in enrollment on-site
- Checks identity with passport or ID card
- Enrolls the palm veins
- Scans palm vein at the airport gate
- Eventually boards
The bottleneck isn't the scanner. It's the re-registration. Korean users had to enroll their biometrics from scratch at every airport, even though their bank already had them on file.
TL;DR
Problem
Korean users had already enrolled their biometrics with their banks. Airports still forced a 20-minute re-registration. The reframe: make trust portable instead of rebuilding it.
Strategy
Instead of 168 direct bank↔airport integrations, I routed everything through KFTC, Korea's financial-clearing institution. I defined phone number as the primary identifier. This step bought regulatory approval and national reach.
Impact
First-ever nationwide cross-industry biometric framework. 500K users enabled within one year. 75% reduction in airport registration time. 12 banks · 14 airports.
Problem solved
01. 7M+ already trusted their bank.
Every airport asked them to start over.
The 20-minute re-registration looked like a UX problem. It wasn't. Two regulated industries can't legally share their default identifier, and they need a neutral third party between them.
- •7M+ Korean users already enrolled in bank biometrics
- •14 airports launching biometric pilots simultaneously
- •Every airport forced a fresh 20-minute enrollment, no cross-industry framework existed
The real challenge wasn't the queue. It was reusing trust across two regulated industries, without merging their identity systems or breaking privacy law. Banks used SSN. Airports were legally prohibited from using it. Mixing financial identity with travel data was unacceptable to regulators.
How I validated
02. One finding collapsed the whole design problem.
I mapped stakeholders across banks and airports, and reviewed the relevant regulations on each side: banking, aviation, and PIPA. Together they surfaced the critical insight that reshaped every downstream decision:
Phone number was the only identifier held by both sides at non-sensitive level.
Why phone number? Already familiar to users. Less sensitive than SSN. Sufficient to map identities without reconstructing them. That reframed the work, from “build a new identity layer” to “bridge the one identifier they can share.”
Strategic pivot
03. 168 integrations vs. one neutral hub.
Routing through KFTC turns 168 infrastructure integrations into 26, and a single trust contract both sides already accept.
rejected · direct
Each bank would need to integrate with each airport directly. Far too many integrations to maintain — wouldn't scale or last.
rejected · SSN
Banks already used it. Airports were legally prohibited from accepting it.
selected · KFTC + phone-number
KFTC bridges the connection; mapping data only. This step has reduced the service and regulation complexity into 5-month.
How I built · integration architecture
04. System-to-system trust across regulated domains.
Positioned KFTC as a neutral hub.
Routed all banks and airports through KFTC, while maintaining each governance and policy at maximum.
Separated identity domains by design.
Financial identity never crossed to airports. KFTC stored only the phone-number mapping — never biometric data itself.
Required explicit opt-in for cross-industry use.
Bank enrollment did not silently extend to airport contexts. Users had to actively re-consent.
Established a phone-number management framework.
Phone-number changes get updated through bank channels, invalidate old mappings instantly, and require fresh consent when a number is reassigned to a new owner.
Before & after
05. Four changes, one architectural decision.
BeforeAfter
~20 min airport registration<5 min activation (one step)
12 × 14 = 168 integrations1 neutral hub via KFTC
SSN locked into banks onlyPhone number as portable ID
18+ month approval timeline5-month approval timeline
Impact delivered
06. What it moved.
500,000 users
Enabled for biometric airport check-in within one year of launch
75 percent
Reduction in airport registration time
20 min → <5 min
5 months
Regulatory approval timeline
vs. 18+ months projected for direct integration
12 banks plus 14 airports
Banks + airports nationwide
defined the national interoperability standard
More on biometric systems
Questions readers usually ask.
Banks and airports both used 'palm vein' for the main biometric data. Banks deployed the systems in the kiosks to identify the customer identity, whereas airports leveraged them at the check-in systems.
Key Takeaways
A seamless surface, with complex logic underneath.
The highest-leverage product moves are often architectural: sit between parties who don't naturally trust one another, and give them a structure both sides can say yes to.