What Is Customer Due Diligence (CDD)? Processes for Data Collection

Customer due diligence is both a compliance issue and a challenge that fraudsters love to solve.

In this post we’ll show you how fraudsters fool KYC checks, and why sourcing alternative data is one of the best solutions to flag them. But first, a quick recap of the key terms.

What Is Customer Due Diligence?

Customer due diligence (CDD) is a process where companies attempt to learn key information about their customers to ensure they are who they say they are. The process includes screening and ID verification as a form of risk assessment.

CDD, just like other processes such as KYC (Know Your Customer) and AML (anti money-laundering), is a legal requirement for certain industries – especially banks and neobanks, who must therefore comply with CDD regulations to avoid fines.

How Is Customer Due Diligence Performed?

Customer due diligence is a legal requirement and it must be performed for new business relationships (new customers), for transactions over a certain threshold, upon money laundering suspicion, or if a user presents unreliable documentation.

It is a four-step process, which sees companies:

1. Establish and verify a customer’s identity. A name and address is usually needed for this.
2. The business must also understand what business activities the customer plans on doing. Financial background information may be required.
3. Store the customer information in an appropriate and secure location, so that regulators may be able to access it in case of an investigation.
4. Determine if a next step is needed, such as Enhanced Due Diligence (EDD), which also looks at information such as PEPs (politically exposed persons), understanding a source of funds, or adding ongoing monitoring procedures.

This process very often employs identity verification software, although this depends on the company and its sector.

What Is the Difference Between CDD and KYC?

Both CDD and KYC are required by law in some sectors, such as banking. CDD includes KYC checks, but also adds a focus on the source of funds, for purposes to do with money laundering and terrorism financing concerns.

Importantly, KYC is a process that takes places when a new customer signs up. On the other hand, CDD checks need to be ongoing throughout your relationship with the user.

The KYC verification happens at the onboarding stage. Its three key components include a first and last name, date of birth and residential address, but CDD typically looks into more than this.

More specifically:

Why Is CDD Required?

Customer due diligence is considered a systemic pillar of battling crime, and keeps organizations and the economy safer. The more avenues and tools fraudsters have to launder their money, the more diligent financial institutions ought to be.

Identity theft accounts for 64% of all data breaches. That means there’s no shortage of user IDs that fraudsters can purchase on the darkweb and use to sign up to your service.

But an even bigger challenge is that of money mules, hacked accounts and rent-an-ID services.

Fraudulent organizations hire real people to do their criminal bidding for them. The challenge is that these are legitimate user profiles, which have all the proper IDs, credit history and paperwork. Only the intention is different from that of a good customer: They are essentially hijacked to defraud your business.

Fraudsters aren’t the kind of people who give up after facing one hurdle, and a growing number of solutions are available for those who want to bypass ID checks:

• Synthetic ID marketplaces: You can now order manipulated IDs from specialist marketplaces. They deliver an image combining real photographs and fake IDs.
• Stolen document scans: Fraudsters can purchase real ID scans that have been previously stolen/acquired through phishing or hacks. These can be legitimate images with official documents. They are constantly exchanged on darknet forums and marketplaces, which explains why 1 in 15 people were victims of identity fraud in 2017.

Open Banking APIs and CDD

To complete the picture about their users, risk managers have begun leveraging another kind of data from alternative sources: open banking data.

On paper, this is a wonderful innovation. Networked rather than centralized accounts facilitate numerous processes such as switching bank or integrating third-party financial products. It also allows lenders to easily access someone’s:

• payment and transaction history
• income and spending patterns
• debt history
• etc…

Best of all, open banking APIs work fast, allowing you to build a modern digital credit scoring system in real-time. 

But unfortunately, such data may be:

• stale or inaccurate
• obsolete
• ineffective against hacked accounts and money mules

To make matters worse, alternative data is simply inexistent in emerging markets, or in countries like the USA where 25% of households are considered either unbanked or underbanked.

Sourcing Better Alternative Data

So what else should you look at if even the financial institution’s data isn’t helpful? Well, in the digital age, our email address is akin to our passport.

So there is alternative information you can gather by enriching data from an email address, phone number or IP address – what we call digital footprint analysis.

• Email analysis: Checking if the used email address has been used before on social media, if it has been newly created, and if the domain is trustworthy. Read more in our email analysis tool guide.
• Phone number analysis: Checking its validity, the country of carrier, social media presence, whether they are using a virtual SIM card, etc…
• IP analysis: Understanding if the traffic comes from a VPN, proxy or Tor, where the connection comes from vs where the customer has said they are based, etc.
• Device fingerprinting: Learning how users access your platform in terms of both software and hardware. Are they suspiciously switching browsers? Using emulators to spoof mobile devices?

The key is to gather data that is fresh, up-to-date and relevant. Even complex device configuration is easy enough to emulate. But a whole social media history creates a high barrier for fraudulent organizations who want to scale their operations. 

How to Save on CDD Costs Using Data Enrichment

By offering one of the most advanced social media lookup solutions on the anti-risk market, SEON can help you spend less on CDD checks. Leverage digital footprint analysis as a pre-KYC and pre-CDD step to block bad actors from gaining access, thus reducing your CDD workload and letting only good users through.

Using a single email address or a phone number, SEON checks 50+ social media and digital platforms. You will get access to public information on user profiles, bios and avatars, and even a “last seen” date, with hundreds of data points enriching what you know about a user.

This means that you can weed out many criminals before they even reach CDD. Providers charge per CDD or KYC check – or at the very least, these take up valuable resources if done in-house. So you end up conducting fewer checks, more of which will be approvals.

The data enrichment information can be aggregated via manual query, API call or even a Chrome browser extension. Working in the background, this wall of defense can streamline CDD while also keeping an organization safe from all manner of fraud.

Ready to Increase the Efficiency of Your CDD?

Don’t let legitimate-looking accounts fool your Customer Due Diligence and KYC checks. By building a fuller user profile using fresh alternative data, you get to:

• know exactly who you’re dealing with
• spot hidden connections between customers
• remove the risk of onboarding money launderers
• spend less on KYC and AML checks

All with zero extra user friction, and a choice of integration that works with your business. Would you like to find out more?

Frequently Asked Questions