Let’s explore how a better KYC process can make things easier for your users, while reducing fraud and helping compliance.
Whether you’re a crypto exchange, a fintech or a gambling merchant, chances are you probably don’t love customer Know Your Customer processes. It’s not only mandatory, but also lengthy, expensive, and worst of all, easy to bypass for some criminals and fraudsters.
But could it be because your KYC process isn’t as streamlined or efficient as it could be?
In this post, we’ll break down the challenges of knowing your customers, why it’s important, and how you could use tech to improve your procedure.
KYC Procedure: A Short Definition
KYC stands both for Know Your Customers or Know Your Client, and it’s part of a larger category called Customer Due Diligence. The process originally has its roots in the financial sector, when governments attempted to block the transactions of criminals such as fraudsters and money launderers.
Today, however, pretty much every online business needs KYC compliance, from crypto exchanges, to iGaming companies or fintechs.
Why KYC is Important and What Info You Need
These regulations have two key goals: to verify the identity of the customer and ensure they are not performing illegal activities.
For businesses, remaining compliant is mandatory, or they could face heavy regulatory fines. This is why it’s often referenced alongside other regulations on info acquisition, such as AML (anti money laundering) checks.
What Are The 3 Components of KYC?
Now while the process varies by country, and even by industry, the bare minimum usually includes:
- First and Last Name
- Date of Birth
- Residential Address
These details must then be validated with an official document such as a passport, driving license, or national ID. Customers might also need to prove that they are not politically exposed persons (PEP) and that they are the Ultimate Beneficial Owner (UBO).
For iGaming and online casinos, the checks must also include self-exclusion lists and age verification to prevent underage gambling.
No Universal Procedure Yet
“How do you verify every document when there is so much disparity between, say, an Italian ID printed on paper, or an Indian passport which does not contain a hologram?“
Where things become more complicated, however, is that the laws aren’t standardized, and neither are the documents used for them.
In the US, for instance, the USA Patriot Act of 2001 governs the rules, whereas in the UK, businesses use guidance from the European Joint Money Laundering Steering Group.
This can create a logistical nightmare for companies working with an international user base. There are currently 150 different types of passports and national IDs worldwide. How do you verify every document when there is so much disparity between, say, an Italian ID printed on paper, or an Indian passport which does not contain a hologram?
Sourcing Valid Customer Info in Data-Scarce Markets
Continuing on the topic of international markets, organizations have to be extra vigilant when working in places where good customer information isn’t abundant.
In fact, 25% of US households are either unbanked or underbanked, which proves it isn’t just a challenge for online lenders catering to emerging economies.
KYC Process Vs GDPR
Another conflict arises when you combine the obligation of acquiring customer data, and ensuring it is safely stored. Government regulations pertaining to data safety, such as the GDPR, add an extra level of complexity for companies, who must ensure they put the best data protection policies into practice while simultaneously collecting as much info as possible.
A Costly Process That’s Also Easy to Fool
It costs online businesses an average of 1€ per manual document review. It may not seem like much, but when scaled by hundreds of thousands, it’s easy to see how an inefficient procedure can become a money pit.
Worst of all, document scans are certainly no obstacle for fraudsters. There is an abundance of photoshopping services that will easily create a document scan, even offering to combine them with a real selfie picture, both available on the clear and darknet.
In fact, document scans are welcome by fraudsters who want to pass customer identification checks, as it’s one of the easiest ways to get around user authentication. There is no shortage of options, as they can:
- Acquire original financial and personal documentation on the darkweb
- Create synthetic IDs based on real and made up user data
- Phish for personal info themselves using fake job posts, online scams, etc…
To see how easy it is to apply for a loan with a stolen ID, we even conducted our own experiment, which you can read about here.
Customers Don’t Care About KYC
Last but not least, the verification steps are simply seen as obstacles by users. They add friction between them and the service they want to use (or goods they try to buy), which creates churn and sends them towards the competition.
As businesses race to be as frictionless as possible, however, something has to give. For instance, do you offer a loan to anyone who applies, or do you have a more stringent verification process which risks losing you business?
It’s a difficult balancing act that all businesses must perform, and not just loan providers.
Better KYC: The Key Points to Meet
Based on the challenges highlighted above, here is what you’d want your KYC to accomplish:
- Acquire valuable user data
- Work even with few data points
- Meet all legal KYC requirements
- Help flag fraudsters automatically
- Speed up the onboarding process
Surprisingly, a good fraud prevention solution can meet all these criteria. Let’s dive deeper into which features you’ll need to deploy to make it work.
Getting Data From Fewer Points
How do you reduce friction and risk and still get an accurate view of your users? By completing the picture yourself.
Put simply, it’s all about letting users input the strict minimum to comply with KYC procedures. Your fraud detection tool can do the rest of the work in the background, by looking at the user’s digital footprint through:
- Device Fingerprinting: which lets you find a lot of valuable information about high-risk users based on how the combination of software and hardware they use to connect to your site.
- Data enrichment: you can take a single email address or phone number and glean a lot of insights into the quality of our user. For instance, an address found on a data breach is actually a high indicator that it is valid and genuine.
- Social media lookup: a great tool to confirm your users have a true online presence. SEON’s risk assessment found that 76% of defaulting clients who had borrowed a loan didn’t have any social media accounts linked to their email address.
Note that these are also the ideal methods to use if you’re working with customers in markets where credit and financial information is scarce. For instance, loan providers trying to perform modern credit scoring through digital ID profiling don’t have to worry so much about finding financial info: they can use digital footprints as data to build their scoring models instead of using details from banks and financial institutions.
Optimized KYC as Competitive Advantage
Instead of seeing KYC checks as a hurdle for your business and customers, it might help to think of them as a way to gain an advantage over the competition.
Since anyone working in your vertical should have the same KYC requirements, it’s all about implementing them in a smart way, for instance by using dynamic friction.
The process lets you onboard users as soon as possible using what we’ll call light KYC process only, that is by filling out the most basic user profiles.
But even single data points such as an email address or phone number can already help flag potential risk and boost your anti money laundering efforts. You don’t have to go into a full identity check here, because SEON’s Email module, for instance, could reveal if:
- The address isn’t mature enough to appear legitimate
- Appeared to have been created by a bot (by examining the strings)
- Has never been linked to a social media profile.
If in doubt about your user, you can then trigger the heavier KYC processes during the onboarding process. This is an automated process, which doesn’t slow down your good users at the initial touchpoint (they can still go through the heavier KYC checks later, for instance at the time of withdrawing or funding an account).
Moving Towards a Frictionless Experience
The trend in KYC checks is already to move towards an experience that is as frictionless as possible (with selfie and IDs, utility document uploads, etc…). And it’s interesting to imagine how they will evolve in the future.
Will an e-KYC process break away from the traditional scan-and-upload model? Will there be reliable risk techniques for checking ID cards and passports via NPC to predict financial crimes? It’s hard to tell. But at SEON, we believe we are the ultimate extension, allowing you to gather granular information on top of your pre-existing requirements.
And above all, you can combine the power of our solution to fulfill your AML promise, reduce transaction fraud, eradicate defaulting customers, and grow your business safely, with complete peace of mind.
Learn more about our products
Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.