Community
Millions are spent annually on Know Your Customer (KYC) and anti-money laundering (AML) procedures as businesses strive to confirm identities and fight money laundering. The rise of online banking and payments has made due diligence increasingly complex to navigate - so what elements should you consider when building a robust and reliable eKYC solution?
1. Adopt a Multi-Layered Approach to Regulatory Compliance
Any eKYC solution must be built with a multi-layered approach. When you are dealing with cybercriminals, they have a myriad of stolen data and sophisticated tools to access your system. Their methods involve stealing credentials and tampering with identity documents or circumventing biometric checks with 3D masks to try and appear compliant and genuine to successfully onboard. It is simply not enough to have one KYC or one AML check at onboarding. If cybercriminals have umpteen ways to try and subvert the onboarding process, then similarly businesses must have more than one type, or more than one layer of defence at onboarding too.
For example, having an AML layer checking for PEPs, Sanctions, Adverse Media and global watchlists should only be the first step in AML compliance - but for businesses to consistently know their customer throughout the customer lifecycle, a layer of ongoing monitoring should also be applied. After all, you may onboard a customer who is 100% compliant at that moment in time, but 6 months later that same customer might fall under the PEP or sanctions category by for instance becoming a politician or having moved to a sanctioned country, respectively.
Businesses should look for digital identity solutions that offer a curated library of identity verification services and layer automated document and biometric solutions with trusted global data sources and fraud detection signals.
2. Embed Flexibility into the eKYC Process
An eKYC process needs to be built with flexibility in mind, so that business can accommodate and target a variety of existing and new customer bases, respectively.
An eKYC process built with a layered approach in mind enables businesses to build workflows that minimize friction for the customer while carefully assessing their risk profiles. Depending on your KYC requirements, you could start with standard KYC checks against publicly available sources and databases - and for highly regulated industries such as banking, adding a document verification and biometric layer lets you anchor a customer to a legal government issued identity and feel confident that the person behind the screen is the same as that in their document.
Businesses should look to build multiple KYC workflows optimized for different market conditions, geographies, and risk tolerance that achieve the lowest fraud and highest end-user conversion rates, without the need to invest in additional customer support. This will enable your business to have the flexibility to take each customer on the right path, allowing low-risk customers to get fast access and direct riskier customers to enhanced KYC or AML verifications.
3. Fighting Fraud within the eKYC Process
Fraud starts at onboarding so there should be little surprise that fraud protection should be an integral part to any eKYC process. In the same way that financial criminals have a myriad of tools and methods at their disposal when aiming to launder money and subvert eKYC processes often in the form of first- party fraud (= when someone misidentifies themselves), third-party fraudsters (= when stealing other people’s identity) also employ a variety of attack typologies to game the system. eKYC process need to be robust to withstand this variety of attack vectors.
In addition to first-party, third-party and document fraud, repeat fraud at onboarding has emerged as a significant threat. Repeat fraud is fuelled by global data breaches which supply the stolen identity credentials used to commit the lion's share of online fraud. Fraudsters can repeatedly use the same credentials such as Social Security Number, or the same applicant image/photo, create multiple accounts and repeatedly try to onboard fraudulently. Chief among repeat fraud types is synthetic identity fraud, where commonly a valid Social Security Number is paired with fake data like name and date of birth, to create a fake identity. The danger with synthetic identity fraud is once a synthetic identity is successfully onboarded, then that fake identity can be used to wreak havoc - take out loans to finance terrorism, or human trafficking, for example.
Businesses should employ multiple fraud capabilities, enabling a layered fraud protection approach, according to the risk appetite. Be it global document verification, fingerprint, or facial biometrics solutions. They should be designed to mitigate sophisticated spoofing, or passive fraud signals, to keep fraudsters away from your platform, protecting revenue, brand, and your customers.
4. Automate, Automate, Automate
Every eKYC process has similar objectives in mind - businesses want to achieve compliance without slowing down onboarding. With 45% of consumers abandoning a sign-up process if it doesn’t meet expectations, the pressure is on! Businesses shouldn’t rely on manual reviews, which are time and cost intensive. Automating the identity verification process is how businesses can strike the balance between expedited onboarding experiences, compliance and increasing operational efficiency.
With AI-powered automation, businesses can handle surges in volume that manual processes can’t keep up with. Verifications should be tested to ensure they are consistently fast and accurate, whether you’re onboarding ten or ten thousand people. That means you can capitalise on sudden increased volumes, and legitimate customers will be up and running in no time.
Designing smart eKYc processes that provide reliable security online while not preventing legitimate users from using online services is becoming increasingly complex and sophisticated. Businesses should look to provide a variety of standard and creative solutions to ensure safety and security in customer onboarding process, while ensuring regulatory compliance and a smooth onboarding experience. The latter also reduces the impact of regulatory necessary eKYC solutions on customer acquisition cost (CAC).
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Kunal Jhunjhunwala Founder at airpay payment services
22 November
Shiv Nanda Content Strategist at https://www.financialexpress.com/
David Smith Information Analyst at ManpowerGroup
20 November
Konstantin Rabin Head of Marketing at Kontomatik
19 November
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.