What Is Customer Due Diligence (CDD) & Processes for Data Collection?

Fraudsters know exactly how to fool KYC checks. Let’s see why alternative data helps with your customer due diligence.

In one of our webinars, we asked fastloan industry specialists which data points were the most important for them. ID verification was number one.

We suspect the same is true of a number of verticals. 

Whether it’s for digital onboarding for new users or as part of your AML software, electronic identity verification (eIDV) is an increasingly important part of many businesses as part of the KYC and eKYC verification. 

The problem? Customer due diligence is both a compliance issue, and a challenge that fraudsters love to solve. And they’re doing pretty well at evading detection.

In this post we’ll show you how fraudsters fool KYC checks, and why sourcing alternative data is one of the best solutions to flag them.

But first, a quick recap of the key terms here.

What Is Customer Due Diligence?

Customer due diligence, or CDD, is a process where companies attempt to learn key information about their customers to ensure they are who they say they are. The process includes screening and ID verification as a form of risk assessment.

CDD, just like other processes such as KYC (Know Your Customer) and AML (Anti money-laundering), is a legal requirement for certain industries – especially banks and neobanks. You must therefore comply with CDD regulations to avoid fines.

How Is Customer Due Diligence Performed?

Customer due diligence is a legal requirement and it must be performed for new business relationships (new customers), for certain transactions over a threshold, money laundering suspicion, or if a user presents unreliable documentation.

It is a four-step process, which sees companies:

1. Establish and verify a customer’s identity. A name and address is usually needed.
2. The business must also understand what business activities the customer will plan on doing. Financial information can be required.
3. Store the customer information in an appropriate and secure location, so that regulators may be able to access it in case of an investigation.
4. Determine if a next step is needed, such as Enhanced Due Diligence (EDD), which also looks at information such as PEPs (politically exposed persons), understanding a source of funds, or adding ongoing monitoring procedures.

You can read more about the best identity verification software.

What is the Difference Between Customer Due Diligence and KYC?

CDD or Customer Due Diligence includes KYC checks, but adds a focus on the source of funds. Moreover, CDD checks need to be ongoing throughout your relationship with the user, not just during signup.

KYC or Know Your Customer checks happen at the onboarding stage. The three key components include a first and last name, date of birth and residential address.

How Fraudsters Fool ID Checks

Identity theft accounts for 64% of all data breaches. That means there’s no shortage of user IDs that fraudsters can purchase on the darkweb and use to sign up to your service.

But an even bigger challenge is that of money mules, hacked accounts and rent-an-ID services.

Put simply: fraudulent organisations hire real people to do their criminal bidding for them.

The challenge is that these are legitimate user profiles, which have all the proper IDs, credit history and paperwork. Only the intention is different from that of a good customer: they are essentially highjacked to defraud your business.

Clearnet Options for Fake IDs 

Fraudsters aren’t the kind of people who give up after facing one hurdle, and a growing number of solutions are available for those who want to bypass ID checks:

• Photoshopped ID marketplaces: you can now order a photoshopped ID from specialist marketplaces. They deliver an image combining real photographs and fake IDs.
• Stolen document scans: alternatively, fraudsters can purchase real ID scans that have been previously stolen/acquired through phishing/hacks. These can be legitimate selfies with official documents. They are constantly exchanged on darknet forums and marketplaces, which explains why 1 in 15 people were victims of identity fraud in 2017.

What Is Enhanced Due Diligence?

Enhanced Due Diligence, or EDD, is required when your product or service and the types of customers it attracts is considered high risk. 

It requires a higher level of scrutiny, for instance, when: the bulk of your clients are foreigners or non-residents; Politically Exposed Persons (PEP); nominee shareholders; or if the company is cash-intensive.

The Problem with Open Banking APIs

To complete the picture about their users, risk managers have begun leveraging another kind of data from alternative sources.

On paper, this is a wonderful innovation. Networked rather than centralised accounts facilitate numerous processes such as switching bank or integrating third-party financial products. It also allows lenders to access some:

• Payment and transaction history,
• Income and spending patterns,
• Debt history,
• Etc…

Best of all, Open Banking APIs work fast, allowing you to build a modern digital credit scoring system in real-time. 

But unfortunately, that data may be:

• Stale or inaccurate,
• Obsolete,
• Ineffective against hacked accounts and money mules.

To make matters worse, that alternative data is simply inexistent in emerging markets, or in countries like the USA where 25% of households are considered either unbanked or underbanked.

Sourcing Better Alternative Data

So what else should you look at if even the financial institution’s data isn’t helpful? Alternative data you can gather by enriching data from an email address, phone number, IP address, or social media profile: what we call digital footprint analysis.

• Email analysis: checking if the used email address has been used before on social media, if it has been newly created, and if the domain is trustworthy. Read more in our email analysis tool guide here.
• Phone number analysis: checking the validity, the country of carrier, social media presence, whether they are using a virtual sim card, etc…
• IP analysis: understanding if the traffic comes from a VPN, TOR, and where the connection comes from.
• Device fingerprinting: learning how users access your platform. Are they suspiciously switching browsers? Using emulators to spoof mobile devices?

The key is to gather data that is fresh, up-to-date and relevant. Even complex device configuration is easy enough to emulate. But a whole social media history creates a high barrier for fraudulent organisations who want to scale their operations. 

How SEON Does Social Media Lookup 

We offer one of the most advanced social media lookup solutions on the anti-risk market. This finds information on a person’s social media profiles based on a single email address or phone number.

SEON checks 20+ social media sites, based on a single email address or a phone number. You will get access to the user profiles, bio and avatar, and even a “last seen” date.

Best of all, all the data enrichment information can be aggregated via manual query, API call or even a Chrome browser extension.

Ready to Increase the Efficiency of Your CDD?

Don’t let legitimate-looking accounts fool your Customer Due Diligence and KYC checks. By building a fuller user profile using fresh alternative data, you get to:

• Know exactly who you’re dealing with,
• Spot hidden customer connections,
• Remove risk of onboarding money launderers.

All with zero extra user friction, and a choice of integration that works with your business.

Read about how an iGaming operator reduced onboarding risk and improved customer due diligence with SEON.

Customer Due Diligence FAQ