Fraudsters know exactly how to fool KYC checks. Let’s see why alternative data helps with your customer due diligence.
In one of our webinars, we asked fastloan industry specialists which data points were the most important for them. ID verification was number one.
We suspect the same is true of a number of verticals.
Whether it’s for onboarding new neobank users or as part of your AML solution, electronic identity verification (eIDV) is an increasingly important part of many businesses as part of the KYC and eKYC procedure.
The problem? Customer due diligence is both a compliance issue, and a challenge that fraudsters love to solve. And they’re doing pretty well at evading detection.
In this post we’ll show you how fraudsters fool KYC checks, and why sourcing alternative data is one of the best solutions to flag them.
But first, a quick recap of the key terms here.
What is the Difference Between KYC and CDD?
KYC or Know Your Customer checks happen at the onboarding stage. The three key components include a first and last name, date of birth and residential address.
CDD or Customer Due Diligence includes KYC checks, but adds a focus on the source of funds. Moreover, CDD checks need to be ongoing throughout your relationship with the user, not just during signup.
How Fraudsters Fool ID Checks
Identity theft accounts for 64% of all data breaches. That means there’s no shortage of user IDs that fraudsters can purchase on the darkweb and use to sign up to your service.
But an even bigger challenge is that of money mules, hacked accounts and rent-an-ID services.
Put simply: fraudulent organisations hire real people to do their criminal bidding for them.
The challenge is that these are legitimate user profiles, which have all the proper IDs, credit history and paperwork. Only the intention is different from that of a good customer: they are essentially highjacked to defraud your business.
Clearnet Options for Fake IDs
Fraudsters aren’t the kind of people who give up after facing one hurdle, and a growing number of solutions are available for those who want to bypass ID checks:
- Photoshopped ID marketplaces: you can now order a photoshopped ID from specialist marketplaces. They deliver an image combining real photographs and fake IDs.
- Stolen document scans: alternatively, fraudsters can purchase real ID scans that have been previously stolen/acquired through phishing/hacks. These can be legitimate selfies with official documents. They are constantly exchanged on darknet forums and marketplaces, which explains why 1 in 15 people were victims of identity fraud in 2017.
What is Enhanced Due Diligence?
Enhanced Due Diligence, or EDD, is required when your product or service and the types of customers it attracts is considered high risk.
It requires a higher level of scrutiny, for instance, when: the bulk of your clients are foreigners or non-residents; Politically Exposed Persons (PEP); nominee shareholders; or if the company is cash-intensive.
The Problem With Open Banking APIs
To complete the picture about their users, risk managers have begun leveraging another kind of data from alternative sources.
On paper, this is a wonderful innovation. Networked rather than centralised accounts facilitate numerous processes such as switching bank or integrating third-party financial products. It also allows lenders to access some:
- Payment and transaction history,
- Income and spending patterns,
- Debt history,
Best of all, Open Banking APIs work fast, allowing you to build a modern digital credit scoring system in real-time.
But unfortunately, that data may be:
- Stale or inaccurate,
- Ineffective against hacked accounts and money mules.
To make matters worse, that alternative data is simply inexistent in emerging markets, or in countries like the USA where 25% of households are considered either unbanked or underbanked.
Sourcing Better Alternative Data
So what else should you look at if even the financial institution’s data isn’t helpful? Alternative data you can gather by enriching data from an email address, phone number, IP address, or social media profile: what we call digital footprint analysis.
- Email analysis: checking if the used email address has been used before on social media, if it has been newly created, and if the domain is trustworthy.
- Phone number analysis: checking the validity, the country of carrier, social media presence, whether they are using a virtual sim card, etc…
- IP analysis: understanding if the traffic comes from a VPN, TOR, and where the connection comes from.
- Device fingerprinting: learning how users access your platform. Are they suspiciously switching browsers? Using emulators to spoof mobile devices?
The key is to gather data that is fresh, up-to-date and relevant. Even complex device configuration is easy enough to emulate. But a whole social media history creates a high barrier for fraudulent organisations who want to scale their operations.
How SEON Does Social Media Lookup
We offer one of the most advanced social media lookup solutions on the anti-risk market. This finds information on a person’s social media profiles based on a single email address or phone number.
SEON checks 20+ social media sites, based on a single email address or a phone number. You will get access to the user profiles, bio and avatar, and even a “last seen” date.
Best of all, all the data enrichment information can be aggregated via manual query, API call or even a Chrome browser extension.
Ready to Increase the Efficiency of Your CDD?
Don’t let legitimate-looking accounts fool your Customer Due Diligence and KYC checks. By building a fuller user profile using fresh alternative data, you get to:
- Know exactly who you’re dealing with,
- Spot hidden customer connections,
- Remove risk of onboarding money launderers.
All with zero extra user friction, and a choice of integration that works with your business.
Learn more about our products
Florian helps tech startups and global leaders organise their thoughts, find their voices, and connect with customers worldwide.