Digital Onboarding in Banking: How to Reduce Risk

Digital onboarding is one of the most important touchpoints for banks. Neobanks are largely responsible for the high numbers of digital onboardings, with user penetration predicted to hit 4.1% by 2026 – which means 318.72 million online bank users.

Let’s see how fraudsters complete the process so you can set up the right defenses. 

What Is Digital Onboarding in Banking?

In banking, digital onboarding is an automated process that gives customers access to financial products and services. This may include opening a bank account, taking out a loan, or simply creating an account with a digital bank or neobank.

The reason it is separate from the traditional onboarding process is that digital onboarding is done solely online. It is designed to be fast, frictionless, easy to do, and secure – but normally still needs to comply with the same laws and regulations that apply offline.

Why Is Digital Onboarding a Challenge for Banks?

Digital onboarding is the decisive moment when a bank accepts a new customer. Unfortunately, not all of these individuals have the best intentions at heart. Fraudsters, cybercriminals, and other bad actors have every incentive to open fraudulent bank accounts online, aiming to launder money, take loans they won’t repay, or fund illicit activities.

To make matters worse, every failure to prevent bad customers from opening bank accounts is also a compliance risk. The banking sector has always been under heavy scrutiny from government agencies which impose strict KYC and AML due diligence checks and punish those organizations that don’t adhere to them.

This creates a double bind for banks and neobanks: On the one hand, they want to grow their customer base as quickly as possible, offering the most pleasant and smooth onboarding journey. On the other, being too lax at the onboarding stage will open the door to fraud, fines, and a damaged business reputation. 

How Is Digital Onboarding Changing Banking?

Compared to traditional customer account creation in a brick-and-mortar bank, online-only digital onboarding has both pros and cons.

In the pros section, you will find that digital onboarding can be faster, cheaper, and better at scaling. You can automate most of the processes with very little need for human intervention, which is why neobanks and challenger banks have built their entire business model on the practice. 

It’s also much more convenient for customers – especially younger ones who grew up in the always-on economy. The lack of friction and 24/7 availability has proven to be a hit with Gen Z and millennials who eschew traditional banks for leaders like Monzo, Revolut, or Wise. 

All of the above has inspired traditional banks to follow suit and increasingly move their operations online. 

Downsides to digital onboarding include having to create an audit trail, ensuring your tech infrastructure is robust enough, and reconsidering your risk strategy – the latter of which we’ll cover below.

How to Reduce Risk for Banking Digital Onboarding

When it comes to banking digital onboarding, risk can be expressed by asking the following questions:

• Are we onboarding a real person?
• Are they using legitimate ID documents?
• Do they have good intentions?

The first two questions are essentially what your KYC verification checks should answer. Because it is mandatory in banking, there is no avoiding these standard address and ID verification checks that must take place at the onboarding stage. 

However, the third question, on whether this person has good intentions, is less tangible. It is very hard to prove bad intent, but you may still be able to measure risk using the following solutions:

• Pre-KYC checks: to filter out bad users as soon as possible
• Data enrichment: modern banks shouldn’t just rely on the data customers submit during the application; instead, they can gather more reliable and insightful extra information starting with the customer’s IP address, email address, phone number, or even device
• Automated risk scoring: to help you gauge how risky a user appears based on their data
• Dynamic friction: a smart way to only require additional verification steps based on the results of your risk scoring 

The challenge is to gather as much data as possible to make an informed decision on the risk profile of the individual, without adding so much friction that the user wants to abandon the onboarding. The above solutions will allow you to do this, so let’s look at exactly how.

3 Custom Rules for a Safer Banking Digital Onboarding

Of course, the efficacy of your risk prevention strategy at the onboarding stage is heavily reliant on the quality of your risk rules. Let’s look at concrete examples below. 

#1: Flag Users With No Socials

In our day and age, it’s becoming increasingly rare to deal with people who have no social data. From GitHub to Airbnb or LinkedIn accounts, the sheer breadth and variety of online services that are considered social signals means that it’s unlikely your customer has never registered for any of them.

Would no social media presence mean they are a fraudster? Not always, of course. But an absence of online accounts also correlates to how fraudsters create online bank accounts: They find stolen IDs, create temporary email addresses, and don’t have the time to build a full online social identity. 

Therefore, by looking at these data points in combination with more information, you can reach better conclusions. Uniquely in fraud prevention, SEON’s data enrichment modules check email addresses and phone numbers against 50+ social media platforms and online services to give you clarity on which users are provably legitimate customers – and which appear suspicious.

#2: Check the Browser 

Learning how users connect to your banking platform is a great way to gauge what they want from you. Browser data can be so varied from one person to the next that it can effectively become a personal identifier. 

This is useful to protect customer accounts from account takeovers, but also to understand if someone is trying to hide their data using one of the following browsers or emulators, for instance:

How can you know?

Many privacy-focused tools are well-known to fraud protection companies, and their technical specifications will be recognized instantly. This, combined with other useful browser information (age, cookies enabled or not, etc.) can help you calculate a risk score.

While such findings don’t necessarily mean that your customer is a criminal, you should have reasonable doubt to increase your suspicions.

On SEON’s platform, this will be reflected in a higher risk score, which can then automatically reject the application or send it for manual review.

The screenshot above shows the part of the platform where each user can set their own risk score, according to their appetite.

In this particular case, an account opening with a score of 10-30 is automatically allowed (green area). 30-50 is sent for manual review (orange area), and 50+ is automatically declined (red area).

#3: Enrich IP Data 

We’ve looked at hidden customer data (social signals) and technical data (browser information). But the connection itself may also reveal important clues following an IP lookup.

Put simply, it’s about getting as much information as possible based on an IP address, a data point every user will have at the onboarding stage. 

Firstly, you can use it for your KYC and AML checks, to ensure the customer is in the right location.

Suspicions may arise if:

• the location is unusually far from their submitted address
• the IP is in a commercial or industrial area
• the IP address appears to have been manipulated

The reason the latter point is particularly worrisome is that this is exactly what fraudsters do to open bank accounts with stolen IDs.

They create as many profiles as possible and rely on tools such as VPNs or proxies to change their connection details with each onboarding attempt, in order to make it look more legitimate, as well as to appear to be different people each time.

Here again, common sense applies. While a VPN may appear suspicious, it could also point to a customer who is legitimately concerned about data privacy. The key is to have the information at your disposal, so that you may choose your next onboarding step armed with more intelligence. For example, you can elect to ask them for additional information, thus applying dynamic friction to their user onboarding journey.

How SEON Secures the Banking Digital Onboarding Process

SEON is a full end-to-end fraud prevention system favored by neobanking leaders such as Revolut and Wise. Our frictionless integration is a perfect match for banking companies who need:

• More user metadata with minimum friction: All our reverse email lookup, phone lookup, and IP lookup tools return results in real-time, with absolutely no impact on the onboarding flow.
  
• Pre-KYC and AML scoring capabilities: Filter out fraudsters and cybercriminals before you even have to run KYC checks. Save costs on bureau data by weeding out obvious junk leads in seconds.
  
• Improved risk scoring accuracy over time: Our machine learning system analyzes historical fraud data to automatically suggest better risk rules to secure the digital onboarding stage.

All of the above are available via easy-to-integrate modules, and complete pricing flexibility. 

Related Case Studies

• FairMoney Onboards Better Neobank Customers Thanks to Digital & Social Footprint Checks
• Leading Challenger Bank Eradicates Bonus Abuse Thanks to SEON’s Email Module

Related Articles

• Digital Onboarding: How It Works, Tools & Solutions
• Top 8 User Onboarding Software
• Application Fraud: 5 Tips to Detect and Prevent It

Sources

• Statista: Worldwide neobanking statistics