Let’s explore how a better KYC tool can make things easier for your users while reducing fraud and helping with compliance.
Chances are you probably don’t love your Know Your Customer processes. They’re not only mandatory, but also lengthy, expensive, and worst of all, easy to bypass for criminals and fraudsters.
But could it be because your KYC compliance isn’t as streamlined or efficient as it could be?
In this post, we’ll break down the challenges of knowing your customers, why it’s important, and how you could use tech to improve your workflow.
KYC: Definition and Pain Points
Today, however, pretty much every online business needs KYC compliance, from forex exchanges to gambling operators or neobanks.
This creates three key challenges for businesses:
- Performing online KYC checks for every user is expensive.
- Checks add friction to the customer journey.
- The checks aren’t always enough to fight fraud.
We’ll address all three of these pain points below, but let’s first look at KYC from the perspective of the agencies who enforce them.
Why KYC is Important and What Info You Need
These regulations have two key goals: to verify the identity of the customer and ensure they are not performing illegal activities.
For businesses, remaining compliant is mandatory, or they could face heavy regulatory fines. This is why it’s often referenced alongside other regulations on info acquisition, such as AML (anti money laundering) checks.
What are the Three Components of KYC?
The three components of KYC include:
- First and Last Name
- Date of Birth
- Residential Address
These details must then be validated with an official document such as a passport, driving license, or national ID. In the context of AML (anti-money laundering) customers might also need to prove that they are not politically exposed persons (PEP) and that they are the Ultimate Beneficial Owner (UBO).
For iGaming and online casinos, the checks must also include self-exclusion lists and age verification to prevent underage gambling.
To KYC or Not?
The first question for companies stems from the following issue: KYC checks are expensive – do you really have to perform them for every user?
The answer should be an evident no. If you can filter out junk users, bad leads, and obvious fraudsters, you’re already saving on costs and resources before the checks even begin. We’ll dive deeper into how to create these filters below.
No Universal Method Yet
“How do you verify every document when there is so much disparity between, say, an Italian ID printed on paper, or an Indian passport which does not contain a hologram?“
Where things become more complicated, however, is that the laws aren’t standardised, and neither are the documents used for them.
In the US, for instance, the USA Patriot Act of 2001 governs the rules, whereas, in the UK, businesses use guidance from the European Joint Money Laundering Steering Group.
This can create a logistical nightmare for companies working with an international user base. There are currently 150 different types of passports and national IDs worldwide. How do you verify every document when there is so much disparity between, say, an Italian ID printed on paper, or an Indian passport which does not contain a hologram?
Sourcing Valid Customer Info in Data-Scarce Markets
Continuing on the topic of international markets, organisations have to be extra vigilant when working in places where good customer information isn’t abundant.
In fact, 25% of US households are either unbanked or underbanked, which proves it isn’t just a challenge for online lenders catering to emerging economies.
KYC Procedure Vs GDPR
Another conflict arises when you combine the obligation of acquiring customer data and ensuring it is safely stored. Government regulations pertaining to data safety, such as the GDPR, add an extra level of complexity for companies, who must ensure they put the best data protection policies into practice while simultaneously collecting as much info as possible.
A Costly Verification That’s Also Easy to Fool
It costs online businesses an average of 1€ per manual document review. It may not seem like much, but when scaled by hundreds of thousands, it’s easy to see how an inefficient workflow can become a money pit.
Worst of all, document scans are certainly no obstacle for fraudsters. There is an abundance of photoshopping services that will easily create a document scan, even offering to combine them with a real selfie picture, both available on the clear and darknet.
In fact, document scans are welcome by fraudsters who want to pass customer identification checks, as it’s one of the easiest ways to get around user authentication. There is no shortage of options, as they can:
- Acquire original financial and personal documentation on the dark web.
- Create synthetic IDs based on real and made-up user data.
- Phish for personal info themselves using fake job posts, online scams, etc…
To see how easy it is to apply for a loan with a stolen ID, we even conducted our own experiment, which you can read about here.
Customers Don’t Care About KYC
Last but not least, the verification steps are simply seen as obstacles by users. Yes, they may help avoid terrorist financing, but for the average user, they just add friction between them and the service they want to use (or goods they try to buy), which creates churn and sends them towards the competition.
As businesses race to be as frictionless as possible, however, something has to give. For instance, do you offer a loan to anyone who applies, or do you have a more stringent verification method which risks losing you business?
It’s a difficult balancing act that all businesses must perform, and not just loan providers.
KYC + 3DS + SCA = Payment Friction
Merchants, acquirers and card issuers based in the EU also have to provide additional user information in the context of the PSD2 directive and its SCA (Strong Customer Authentication) requirements.
One of these requirements is to enable 3DS, or 3DSecure, which is supposed to boost fraud prevention.
The problem? Companies despise it. 3DS adds extra friction at the checkout stage, the worst possible time when users just want to purchase a good or service. Abandoned cart rates are spiking because of it.
But there might be a silver lining, as proving you have performed good KYC checks may help you avoid 3DS by triggering an exemption.
Better KYC: The Key Points to Meet
Based on the challenges highlighted above, here is what you’d want your KYC rules to accomplish:
- Filter out junk users
- Acquire valuable user data
- Work even with few data points
- Meet all legal KYC requirements
- Spot stolen IDs
- Verify customer ID without relying on 3DS verification
- Help flag fraudsters automatically
- Speed up the digital onboarding process
Surprisingly, a good fraud prevention solution can meet all these criteria. Let’s dive deeper into which features you’ll need to deploy to make it work.
Getting Data From Fewer Points
How do you reduce friction and risk and still get an accurate view of your users? By completing the picture yourself.
Put simply, it’s all about letting users input the strict minimum to comply with KYC procedures. Your fraud detection tool can do the rest of the work in the background, by looking at the user’s digital footprint through:
- Device Fingerprinting: which lets you find a lot of valuable information about high-risk users based on how the combination of software and hardware they use to connect to your site.
- Data enrichment: you can take a single email address or phone number and glean a lot of insights into the quality of our user. For instance, an address found on a data breach is actually a high indicator that it is valid and genuine.
- Social media lookup: a great tool to confirm your users have a true online presence. SEON’s risk assessment found that 76% of defaulting clients who had borrowed a loan didn’t have any social media accounts linked to their email address.
Note that these are also the ideal methods to use if you’re working with customers in markets where credit and financial information is scarce. For instance, loan providers trying to perform modern credit scoring through digital ID profiling don’t have to worry so much about finding financial info: they can use digital footprints as data to build their scoring models instead of using details from banks and financial institutions.
Filtering Out Bad Users
Another advantage of gathering alternative data before the KYC check. You can vet which users will be worth considering, and which might be a waste of time.
You can use the same aforementioned tools used to flag fraudsters (data enrichment, social media lookup, device fingerprinting), and dedicate them to filtering out low-value users from good users instead.
In short, your fraud prevention tools will also double as a pre-KYC screening solution, which can save you enormous amounts in wasted KYC costs and lost resources to verifying customer data.
Optimised KYC as Competitive AdvantageInstead of seeing KYC checks as a hurdle for your business and customers, it might help to think of them as a way to gain an advantage over the competition. Click To Tweet
Since anyone working in your vertical should have the same KYC risk assessment requirements, it’s all about implementing them in a smart way, for instance by using dynamic friction.
The process lets you onboard users as soon as possible using what we’ll call light KYC process only, that is by filling out the most basic user profiles.
But even single data points such as an email address or phone number can already help flag potential risk and boost your anti money laundering efforts. You don’t have to go into a full identity check here, because SEON’s Email module, for instance, could reveal if:
- The address isn’t mature enough to appear legitimate.
- Appeared to have been created by a bot (by examining the strings).
- Has never been linked to a social media profile.
If in doubt about your user, you can then trigger the heavier customer KYC processes during the onboarding process. This is an automated process, which doesn’t slow down your good users at the initial touchpoint (they can still go through the heavier KYC checks later, for instance at the time of withdrawing or funding an account).
Avoiding Needless 3DS Payment Check
While it’s ultimately the call of the issuer to insist on a 3DS check or not, you can request an exemption from it – provided you can prove you’ve acquired enough customer data.
This isn’t just theory: we know a lot of our own customers use SEON for risk assessment, which is enough to trust their customer without triggering 3DS.
This has a tremendous positive impact on the customer journey. It helps increase conversions (or at least not decrease them), reduces cart abandonment rates, and helps businesses accept more transactions – without increasing the risk of transaction fraud.
Moving Towards a Frictionless Experience
The trend with KYC compliance and AML compliance is already to move towards an experience that is as frictionless as possible (with selfie and IDs, utility document uploads, etc…). And it’s interesting to imagine how they will evolve in the future.
Will an e-KYC process break away from the traditional scan-and-upload model? Will there be reliable risk techniques for checking ID cards and passports via NPC to predict financial crimes? What about anti money laundering (aml) checks?
It’s hard to tell. But at SEON, we believe we are the ultimate extension, allowing you to gather granular information on top of your pre-existing requirements. And above all, you can combine the power of our fraud prevention solution to augment AML solutions, filter out bad users pre-KYC, trigger exceptions for 3DS checks, reduce transaction fraud, eradicate defaulting customers, and grow your business safely, with complete peace of mind.
Learn more about our products
Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.