TL;DR: Tenant Inc. used web-based KYC, liveness checks, document capture, and audit trails to support fully remote self-storage rentals while balancing fraud risk, conversion, and emerging compliance pressure, according to Incode. The core lesson is that identity verification must be designed as an operational control, not a checkout feature.
NHIMG editorial — based on content published by Incode: How Tenant Inc. future-proofed their self-storage SaaS business with Incode
By the numbers:
- Tenant Inc. operates in a rapidly growing $350B self-storage sector in the U.S.
Questions worth separating out
Q: How should security teams govern remote identity verification in customer onboarding?
A: Treat remote identity verification as a governed control, not a UX feature.
Q: Why do self-service rental workflows need stronger identity proofing than traditional onboarding?
A: Because the platform no longer has a human intermediary making an in-person trust judgement.
Q: What breaks when identity verification is treated as a one-time check?
A: The programme loses traceability.
Practitioner guidance
- Map identity proofing to the transaction record Ensure the verification event, decision outcome, and rental activity are retained together so disputes and investigations can reconstruct what happened without stitching logs across systems.
- Govern exception paths as policy, not improvisation Define how customers who cannot complete remote proofing are handled, who approves alternative flows, and what evidence is captured when in-store verification is used.
- Separate proofing evidence from raw PII handling Limit who can access documents, selfies, and derived identity attributes, and apply retention rules so proofing data is not kept longer than the operational need.
What's in the full article
Incode's full article covers the operational detail this post intentionally leaves for the source:
- How Tenant Inc. integrates document capture, selfie match, and liveness detection into the checkout flow.
- What the event-level audit trails and reporting outputs look like for incident handling and compliance review.
- How optional in-store verification is handled when customers cannot complete remote identity proofing.
- Why the platform links proofing data to structured form autofill and reduced manual input.
👉 Read Incode's case study on Tenant Inc.'s remote identity verification model →
Remote KYC in vertical SaaS: what it means for identity teams?
Explore further
KYC is becoming an identity governance problem, not just a fraud screen. Tenant Inc.'s use case shows that verification, auditability, and customer routing now sit inside the identity control plane for digital services. Once the platform owns the onboarding path, it also owns the trust decision, the exception path, and the evidence trail. Practitioners should treat KYC as part of broader identity governance, not as a detached point solution.
A few things that frame the scale:
- 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, according to Ultimate Guide to NHIs.
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
A question worth separating out:
Q: Who is accountable when a digital onboarding flow allows fraud or misuse?
A: Accountability sits with the organisation that designed the proofing path, exception handling, and evidence retention. If those controls are weak, responsibility cannot be outsourced to the customer, the verifier, or the regulator. For regulated workflows, the security team and business owner must share the governance model.
👉 Read our full editorial: Tenant Inc. shows how KYC-ready identity supports remote rentals