On paper, a fully online business model has mainly advantages. You can target a global market. You can operate 24/7. You have more control over the data.
But there’s an area where traditional brick-and-mortar setups win: verifying people’s identities. This is exactly the challenge of the modern digital customer onboarding process. Let’s see why it works, when it’s risky, and how to make it as smooth as possible without attracting fraudsters.
Digital customer onboarding is the process through which businesses incorporate or acquire new users online. It can take place on websites or in-app – but, crucially, not in-branch or on-premise.
Because staff members don’t get to interact with these users in person, it is vital to establish security procedures to ensure the users are truly who they say they are.
Pretty much every online business that allows customer accounts. It used to be a staple of online banking, but any SaaS (Software as a Service) or online marketplace must also create a digital onboarding experience with minimum identity verification steps.
Because banks and financial institutions have historically been the businesses with the most to lose from fraud, their digital onboarding has always been more sophisticated than other verticals. This is doubly true of challenger banks and neobanks, whose entire business model relies on accepting new customers quickly and without hurdles.
In banking, customer onboarding is also known as DAO or digital account opening. It is a highly regulated process. Companies that fail to meet government regulations have to pay exorbitant fines.
The aforementioned issues with compliance aren’t just the burden of banks any longer. These days, more and more companies are under pressure to meet KYC or Know Your Customer requirements.
AML or Anti Money Laundering is also increasingly a worry of companies who accept payments on their platforms.
But by far the biggest risk is that of accidentally allowing bad agents onto your platform. Let’s dive deeper into what kind of fraud can result from a poorly set up digital onboarding process.
Fraudsters do their best not to tie their real-life identities to online accounts. This is why they steal other people’s identities or create identities based on real and fake data (synthetic IDs).
Traditionally, the only companies that needed to verify people’s identities were financial institutions because failing to identify someone incurred risk meant they could lend money to someone who doesn’t exist and who would disappear without repaying it.
Fraudsters have established methods for beating ID checks and will use throwaway or freshly minted emails and phone numbers when signing up to different services – allowing them to use those as springboards for other schemes.
To meet digital onboarding checks, fraudsters will:
- Use stolen user information (acquired via phishing or on darknet marketplaces). For instance, they can purchase what’s known as a Full — a package that includes someone’s name, address, and credit card number.
- Forge ID documents (photoshopped).
- Combine real and fake data to create synthetic IDs.
A rise in rent-an-ID service is also occurring. This is when fraudsters simply purchase someone’s identity documents to commit their crime. The person becomes complicit and receives a small commission by allowing fraudsters to use their identity online.
Everyone’s ID details are valuable. Fraudsters enter identity details from deceased people and even children because they have positive credit scores by default.
Verification = Friction
Businesses that want to stay on the right side of the law aren’t even rewarded for their efforts. More often than not, customers who find too many obstacles during the signup process will abandon it. It’s known as customer churn and it’s increasingly a battleground for the new wave of modern online businesses.
As the always-on economy shows no signs of slowing down, customers expect to be able to sign up for new services as easily as possible. Adding too many verification steps becomes an obstacle that sends them towards more lenient competitors.
Official KYC is Expensive
To make matters worse, companies that rely on traditional KYC services find that their money is quickly going down the drain. Each customer identity verification can cost between $10 – $100.
Even alternative digital onboarding solutions that focus on identification, such as Stripe Identity, only reduce the cost to $1.5 per check, which is still pricey if you have a high volume of applications – and especially if most of them are fraudulent. You are essentially wasting checks on invalid users that bring nothing to your business.
So how can businesses get a better idea of who they’re onboarding without sacrificing user experience, cost and security?
We believe you need a three-pronged approach to digital onboarding.
Electronic KYC tools have improved in sophistication and ease of use in recent years. You can now integrate them directly within your platform and submit and receive data via API calls. In most cases, you’ll need to send:
- A full name.
- Scan of an ID document.
The online KYC tool will then perform a real-time check to see if the name and IDs match exciting records, or at least they will give you an idea of how risky the onboarding looks based on their own parameters.
Digital Footprint Analysis
In some cases, you’ll want to learn more about users without asking them for verification. This is absolutely doable thanks to a process called digital footprint analysis, also referred to KYC based on alternative data.
In that scenario, you start by collecting data points about the users as soon as they land on your website. This can be based on an IP address or the kind of device they used to connect to it (thanks to device fingerprinting). To perform this analysis, you will only need things such as:
- An IP address.
- An email address.
- A phone number.
The phone number is particularly interesting as 2FA is increasingly becoming the norm. This pushes fraudsters to use fake phone numbers or virtual numbers, which can be detected by your fraud prevention platform.
With the right data enrichment tools, you can extract enough information to immediately find red flags about bad users:
- Block users without social media presence.
- Those using VPNs, suspicious proxies or TOR.
- Those with unrecognised devices.
- Those whose IPs have appeared on spam blacklists.
All that data can help create a risk score, which will give you an idea of how likely the person is to be real or not.
You can use that score to automatically approve or decline the onboarding process, with much more confidence.
But what happens when the risk score isn’t conclusive and you do need to ask for extra information? This is exactly the process we call dynamic friction, and to understand it, it helps to break down the idea of KYC into light and heavy processes.
The advantage of using that method is that you can use the light KYC stage to filter out a lot of unwanted users. Those who are clearly fraudsters using stolen IDs will not make it to the next stage.
If, however, they make it through but still pose a risk, you can then ask for the heavy verification as outlined in the eKYC tools section.
Digital Onboarding With Your Own Risk Strategy
The way you onboard new users these days is more than a matter of reducing risk: it’s also about remaining competitive by reducing friction.
This is where the key balancing act lies: add too many verification steps and you can be certain never to pay an AML or KYC fine. But make it too stringent and users will look elsewhere.
The key is to deploy a better KYC procedure that gives you full control over the amount of friction, without sacrificing security.
Learn more about our products
Florian helps tech startups and global leaders organise their thoughts, find their voices, and connect with customers worldwide.