The Rise of Online Payment Method Fraud
![The Rise of Online Payment Method Fraud](https://assets.cdn.seon.io/uploads/2022/07/payment-fraud_3-Header.png)
Last Updated: May 1, 2024 by Tamas Kadar
Customer due diligence is both a compliance issue and a challenge that fraudsters love to solve.
In this guide, we’ll show you how fraudsters fool KYC checks, and why sourcing alternative data is one of the best solutions to flag them. But first, a quick recap of the key terms.
Customer due diligence (CDD) means collecting, verifying and analyzing key information about a customer or client as a background check – so you can be confident they are who they claim to be. It is a form of risk management and can include the verification of identity documents (IDV), collection of alternative data, as well as data enrichment.
CDD is a legal requirement for certain industries – especially banks and neobanks, who must therefore comply with CDD regulations to avoid fines. It is generally split into two types: SDD (simplified CDD) and EDD (enhanced CDD).
Certain types of organizations, including banks, fintech firms, and investment companies, are required to conduct customer due diligence in a variety of scenarios. The below table shows some of these scenarios and the customer due diligence requirements that they relate to.
Type of CDD Requirement | Example of Relevant Scenario | Explanation |
Customer identification program (CIP) | a new customer starts a business relationship with an organization that they wish to sign up to | a customer carries a transaction over a certain threshold and/or arouses suspicion by being on a blacklist, PEP list, watchlist, or other form of sanctions list |
Ongoing due diligence (ODD) | an organization needs to carry out regular (e.g. annual) due diligence checks to ensure that their customer records are accurate and up-to-date | CDD not only applies during the customer onboarding stage: Organizations must also, over time, carry out ODD to ensure that they are updated of any changes, or even discrepancies, in their customers’ personal information over time, or to monitor for suspicious transactions. |
Customer risk profiling (CRP) | a prospective customer is flagged as a potential money laundering risk by an organization’s AML/CFT (countering the financing of terrorism) measures | An organization that is considering serving a customer who has been flagged as a potential money laundering risk will need to go through a process where they can decide the extent to which that person is a small, medium, or high risk. In fact, potential and existing customers are often required to assign a customer risk profile even to people they think are no risk at all to their business. |
Enhanced due diligence (EDD) | a customer carries a transaction over a certain threshold and/or arouses suspicion by being on a blacklist, PEP list, watchlist, or otherwise | EDD is when an organization has decided there is reason to escalate the level of customer due diligence, which may be due to the prospective customer having a higher-than-average customer risk profile. EDD can involve checks related to the person’s business associates, source of funds, and so on. |
As reflected above, there are many types of customer due diligence requirements, and their stringency often depends on the level at which the organization finds the given customer to be law-abiding or suspicious.
With that said, the nature of CDD requirements depends on each organization’s policy, jurisdiction, and many other factors such as the risk appetite of the business itself.
Different customers present varying levels of risk, necessitating a risk-based approach to CDD. This method ensures that the intensity and scope of your due diligence efforts align with the potential risks posed by each customer.
For most clients, standard CDD practices are sufficient. These involve not only identifying but also verifying customer identities to understand their business nature and assess associated risks.
However, for customers perceived as low-risk, simplified CDD may be adequate. In such cases, the process can be less stringent, often only requiring customer identification without the full extent of verification.
Conversely, there are scenarios where standard CDD might not suffice due to higher risk factors. Here, enhanced due diligence (EDD) becomes necessary. EDD involves a more thorough investigation, including deeper scrutiny of the customer’s source of funds, their business transactions, and more frequent transaction monitoring.
CDD is a fundamental requirement for banks and other financial institutions, mandated by anti-money laundering (AML) regulations and Know Your Customer (KYC) standards. Here are the main reasons banks need to do CDD:
Under AML/KYC regulations, banks have several obligations: they must verify the identity, address, and source of funds of new customers, a requirement for both initiating and maintaining financial relationships.
For high-risk customers, banks are required to perform Enhanced Due Diligence involving a thorough investigation into the customer’s background and financial activities. Additionally, CDD is an ongoing duty, requiring banks to monitor transactions to identify and report any suspicious activities continuously.
Overall, while CDD is a critical component of AML efforts, AML encompasses broader measures to prevent money laundering and maintain the integrity of the financial system.
SEON comes with an AML solution checking for PEP & RCA, sanctions, crime lists and watchlists – all in one place.
Learn More
Both Customer Due Diligence and KYC are required by law in some sectors, such as banking. CDD includes KYC checks, but also adds a focus on the source of funds, for purposes to do with money laundering and terrorism financing concerns.
Importantly, KYC is a process that takes places when a new customer signs up. On the other hand, CDD checks need to be ongoing throughout your relationship with the user.
The KYC happens at the onboarding stage. Its three key components include a first and last name, date of birth and residential address, but CDD typically looks into more than this.
More specifically:
CDD | KYC | |
When? | At signup and at regular intervals | When the customer signs up |
What? | Source of funds, intentions, name, address, DoB | Name, address, DoB |
Who? | Those at risk of money laundering, terrorism financing, corruption, bribery | Age-restricted products and services, certain financial services & anyone who chooses to |
The CDD process is a legal requirement, and it must be performed for new business relationships (new customers), for transactions over a certain threshold, upon money laundering suspicion, or if a user presents unreliable documentation.
The CDD process is integral to AML efforts, requiring a combination of traditional verification methods and modern technological tools to gather relevant and up-to-date data and to ensure thorough and effective risk management. This process not only helps in preventing financial crimes but also ensures that businesses comply with relevant regulatory requirements.
Partner with SEON to reduce fraud rates in your business with real time data enrichment that only lets good users through to KYC and CDD.
Ask an Expert
By offering one of the most advanced customer intelligence solutions on the anti-risk market, SEON can help you spend less on CDD checks. Leverage digital footprint analysis as a pre-KYC and pre-CDD step to block bad actors from gaining access, thus reducing your CDD workload.
Using a single email address or phone number, SEON checks 90+ social media and digital platforms. You will get access to public information on user profiles, bios and avatars, and even a “last seen” date – hundreds of data points about a user.
This means that you can weed out many criminals before they even reach CDD. IDV providers charge per CDD or KYC check. With SEON, you end up conducting fewer checks, more of which will be approvals.
The data enrichment information can be aggregated via manual query, API call or even a Chrome browser extension. Working in the background, this wall of defense can streamline CDD while also keeping an organization safe from all manner of fraud.
By building a fuller user profile using SEON’s fresh alternative data, you’ll:
All with zero extra user friction, and a choice of integration that works with your business. SEON also provides AML checks, ensuring your customer is not on any watchlists, sanctions lists, blacklists or PEP lists.
A due diligence checklist is a series of steps your organization must complete to ensure it remains legally compliant. The checklist steps may vary from one industry to the next, but they always include some form of identity and financial information verification.
Customer due diligence requirements vary from one industry to another, however, you will commonly find that a business must establish a user’s: 1) identity, 2) financial information, 3) residential address, 4) money-laundering risk.
Sources
Showing all with `` tag
Get anti-fraud and compliance insights and tips from SEONs experts.
Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.