KYC Verification: How to Make It Secure and Frictionless

KYC (know your customer) verifications are processes that many organizations carry out to determine the identities of their customers and attempt to determine how risky those clients may be. In other words, KYC verifications are the actions taken by businesses to try to get a reading on the extent to which there is a risk (if any) that their customers may commit fraud or any other criminal activity.

But despite their importance, KYC processes are lengthy, expensive, unpleasant for the customer and – let’s be realistic – easy to bypass for criminals and fraudsters.

In fact, the cost of KYC is $60 million a year for the average bank. Being mandatory in the financial sector and adjacent industries, including lending and iGaming, compliance is an ongoing concern.

But even where it isn’t required by law, some element of KYC at onboarding or a later stage is recommended and can be beneficial to companies.

Let’s look at why KYC can be thought of as an asset rather than a pain point, and how it can be improved and streamlined across industries.

What Is KYC Verification?

KYC verification is often a legal obligation to businesses and consists of the process of ensuring that you know and verify who your clients are, their identity, and the extent to which they may be trustworthy.

KYC is an important part of a larger category of legal obligations and recommended practices called Customer Due Diligence (CDD), which informs verification checks conducted on individual customers both during and after the onboarding process – called KYC checks.

The legally required version of a KYC check, where applicable, consists of:

1. requesting from new customers proof of their identity, proof of their age, and proof of their address
2. receiving these documents from the customer various formats e.g. hard copy, scan, etc.
3. assessing the validity of this documentation – which, naturally, is more complicated online than in person

The KYC process has its roots in the financial sector, with the authorities putting in place measures to stop fraudsters and other criminals from both conducting their schemes and laundering the resulting funds.

Today, however, a big part of online businesses need to be KYC compliant, from forex exchanges to gambling operators or neobanks – and even more can benefit from some type of it.

This creates three key challenges for businesses:

• Performing online KYC verifications for every user is expensive.
• KYC checks add friction to the customer journey, as we’ll see below.
• These checks aren’t always sufficient to fight fraud.

What Are the Three Components of a KYC Check?

The three components of KYC are:

1. first and last name
2. date of birth
3. residential address

The customer needs to provide proof of these details using official documentation, such as a passport, driving license, or national ID.

For iGaming and online casinos, KYC checks must also include self-exclusion lists.

Why Are KYC Verification and Authentication Processes Important?

KYC verification and authentication processes help organizations know the extent to which their clients are trustworthy, and they also allow business owners to avoid fees and other penalties that would arise from compliance issues. They help us know which customers are legitimate and which may be linked to criminal activity, such as money laundering and the financing of terrorism.

In other words, both KYC verification and authentication processes are important because they help organizations to be compliant and able to determine which of their accounts should be retained and which should be blacklisted.

In fact, both processes are not just vital to decision-making in the management of accounts and customer relationships, but they also help police work itself. It is often a legal requirement for organizations to use KYC verification and authentication, and this reflects their application to crime reporting.

The use of KYC and authentication processes mean that criminals have to undergo a process that may build evidence against their malicious activity. And this is all assuming that those criminals aren’t put off by the identity checks in the first place.

They are also important thanks to their collective ability to prevent crime by acting as a deterrent to criminals from the very beginning of a sign-up process.

KYC Verification vs Anti-Money Laundering (AML)

These two are often coupled together in a business’s risk management segment and, to an extent, they have similar goals. Indeed, they can both be mandated by local authorities. But they are not synonymous.

The easiest way to understand the difference between KYC and AML is by thinking about the goals of each:

• KYC is introduced at onboarding, when a new customer is about to sign up, and it has to do with verifying who this person is.
  
  On a practical level, this could involve document verification checks or biometrics.

• AML are measures taken continuously by a financial or related organization to prevent money laundering. They have to do with securing that the funds brought in by the customer have a known, legitimate source.
  
  On a practical level, AML involves actions such as flagging unusual transactions and/or those over a certain amount, and filing suspicious activity reports with the authorities.

We should also note that in principle, both of these fall under the umbrella of CDD.

Why Most KYC Processes Aren’t Efficient – And What to Do About It

Unfortunately, despite their benefits, many KYC verification processes banks have in place are not as effective as they could be.

Let’s look at a number of reasons why – and preview how this can be ameliorated.

Consumer Apathy

Unfortunately, there is a lack of awareness of the benefits of KYC among the public – so much so that many consumers view such measures as something to avoid.

In fact, research by Accenture shows that a convenient digital experience is among the top three reasons customers switch from traditional banks to challenger banks and neobanks.

Being overzealous when onboarding new users can cause churn – and especially so for digital-first institutions, where it goes against consumers’ primary reasons to choose you.

• Solution: This is an issue of convenience. No customer wants to have to jump through hurdles to open a bank account or access a financial product. Robust, comprehensive pre-KYC checks can keep friction to a minimum, giving your organization a leg up over competitors.

Absence of a Universal Method

KYC regulations are different across the globe, and the type of documentation deemed acceptable varies too.

In the US, for instance, the Financial Crimes Enforcement Network (FinCEN) creates the regulatory framework digital banks follow. On the other hand, UK banks comply with the Sanctions and Money Laundering Act of 2018 and the Sixth Anti-Money Laundering Directive (6AMLD) governing the EU. 

Each jurisdiction has restrictions unique to them, and its own passports, credit/debit cards, driver’s licenses, utility bills, etc.

This can create a logistical nightmare for companies working with an international user base. There are currently 150 different types of passports and national IDs worldwide. How do you verify every document when there is so much disparity between, say, an Italian ID printed on paper, and an Indian passport which does not contain a hologram?

• Solution: One way to improve upon this is by leveraging pre-KYC checks. As individual KYC verification checks are costly, every business would benefit from not having to pay to have them conducted for fraudulent customers. By implementing pre-KYC checks, you can weed out obvious fraudsters so that you don’t waste money checking their (fake) credentials.

Insufficient Customer Data

Too many people around the globe are either underbanked or entirely unbanked.

The World Bank’s 2021 report says that nearly 1.7 billion people remain unbanked. The latest research by Merchant Machine corroborates that finding, and highlights Egypt, Mexico, Morocco, Philippines, and Vietnam as the most unbanked countries, with more than 60% of their population unbanked each.

In fact, even in the US, 25% of households are unbanked or underbanked, according to figures published on CNBC.

Fintechs considering serving these countries face great difficulty in sourcing reliable customer information. This is even worse if they provide lending services, as they need some sort of credit check to do so safely.

• Solution: Such data scarcity can be overcome via alternative data, which creates a complete, real-time customer profile starting with just their email address and phone number and using sources such as the 50+ online and social networks checked by SEON’s modular APIs – as we will see in more detail below.

Identity Checks (IDV) Are Easy to Fool

Increasingly, we’ve seen evidence that legacy identity verification methods can be much easier to fool than expected.

In fact, document scans are welcomed by fraudsters who want to pass customer identification checks, as it’s one of the easiest ways to get around user KYC authentication. There is no shortage of options, as they can:

• acquire original financial and personal documentation on the dark web
• create synthetic IDs based on real and made-up user data
• phish for personal info themselves using fake job posts, online scams, etc.
• fool biometrics and liveness checks using freely available tools

In fact, we even conducted an experiment to see how easy it is to apply for a loan with a stolen ID – and the results are not encouraging for lenders.

• Solution: Don’t rely on documentation alone to gauge how safe a customer is. Make the most of sophisticated data enrichment and fraud prevention tools on the market.

KYC + 3DS/SCA = Payment Friction

Other measures put in place to protect consumers that can cause friction and churn in payments are 3DS and SCA.

In fact, cart abandonment due to 3DS can be as high as 40% (in Spain and France, according to Forter). These are not sales any merchant wants to miss out on – which gives them ample reason to avoid implementing 3DS if they can help it, or even avoid specific banks.

• Solution: Fraud software running under the hood can perform quality pre-KYC checks, letting you know if the user is coming from a known device and/or they have a good social presence. This intel can inform the 3DS process, applying it only when the set-up is not known and trusted for that customer – always subject to local legislation.

Information Siloing

Often, when a bank expands its services across savings, loans, and investments, its departments tend to work in silos, leading to a lack of mutualization. 

For example, the lending team might not share customer information with the investments team, meaning a customer can be asked to submit the same information on multiple occasions. This leads to poor customer experience and confusing risk decisions for the bank’s team. 

• Solution: Leverage a platform that standardizes your digital bank’s entire fraud management protocols, and give permissions as needed to the right teams, so all changes on their end sync. Sophisticated fraud prevention solutions allow teams to work seamlessly, as you can see in SEON’s screenshot below.

Trusting Customers Too Much

With identity theft on the rise, relying only on KYC information provided by users leaves your bank vulnerable to fraud. 

Documents can be forged, identities hacked, bought and generated, and even biometric verification has been shown to be susceptible to spoofing.

Yes, KYC mandates usually require you to look at such proof of identity, but you can add more layers of protection – especially so if it’s frictionless.

• Solution: Leverage frictionless alternative data without asking your customers for anything extra, by looking at their hardware and software configuration (via device fingerprinting), their digital footprint (via reverse email and phone number lookup), IP address analysis, and similar information.

How to Improve Your KYC Verification Process

Improving your entire KYC journey comes down to choosing a fraud prevention solution that helps you fight against fraud while keeping your KYC processes as unintrusive and as light as possible. 

SEON’s solution does just that:

• gathers a wealth of customer data points
• creates a full profile and calculates a risk score for each individual
• weeds out bad users at pre-KYC stage
• introduces dynamic friction, with hard KYC for suspicious users and soft (minimal) KYC for good users
• complies with data protection laws and best practices, e.g. the GDPR
• is fully customizable and adjustable
• employs clearbox machine learning to suggest optimized rules specific to your company
• employs blackbox machine learning to flag new fraud in real-time
• conducts passive identity verification
• comes with free support from fraud analysts

Digital Footprint Analysis

It all starts with gathering as much information as you can about each customer. A great fraud prevention tool helps you get a 360-degree view of your users.

The way SEON’s engine does this with zero friction is by examining the customer’s digital footprint, starting with just their email address, IP address, and phone number.

The result of this search will be a comprehensive profile of their public data, sourced from 50+ social media and online services. What this tells us is whether they behave like a real person online, and thus how likely they are to be a legitimate customer.

For instance, digital footprint analysis at SEON has demonstrated that the average good user has 5-6 online profiles on some service or another, while they are also likely to have fallen victim to a data breach.

On the contrary, an email generated by a fraudster will have very little online presence – which means they should be funneled towards more rigorous KYC checks, if not banned outright.

Device Fingerprinting

Device fingerprinting paints a vivid picture of how a user connects to your platform. By examining their software and hardware configuration and generating browser, cookie and device hashes, SEON is further able to conduct velocity checks, behavior checks and real-time monitoring.

• Has this person connected before with a different user name?
• Does their actual location match their stated location?
• Are they using suspicious device configurations that hint at spoofing?
• Are they employing common fraudster tools such as Tor or mobile proxies?
• etc

These data points add even more information to the assessment of the new user’s intentions. As a case in point, SEON’s solution gathers the following data, among others:

How to Save on KYC Costs with Pre-KYC Checks

As we have seen, KYC checks are costly. Identity verification vendors charge anywhere between $13 and $130 per customer verified. This can very quickly add up.

The fewer fraudsters reach KYC verification, the more money the organization can save.

By implementing SEON’s solution at signup and letting it work behind the scenes, you’re introducing a traffic lights system that greatly reduces the number of junk users who reach true KYC. So you don’t have to pay up to $130 to reject each fraudster.

In other words, SEON’s solution funnels fewer bad users through, and increases the ratio of good to bad users who get verified.

Beyond compliance and costs, this also helps minimize overall fraud at your company, as fraudsters and money launderers are significantly less likely to gain access to your products.

How SEON Can Augment Your KYC Verification

Since anyone working in your vertical should have the same KYC risk assessment requirements, it’s all about implementing them in a smart way, for instance by using dynamic friction.

Here is how SEON can optimize your KYC to give you a competitive advantage:

• saves you KYC check money
• runs under the hood, frictionlessly
• filters out junk users
• gathers valuable user data
• works even with few data points
• spots stolen, fake and synthetic IDs
• verifies customers without relying on 3DS/SCA
• keeps the customer journey smooth for good users
• flags fraudsters automatically
• speeds up the digital onboarding process
• spots suspicious connections between users (as seen in the image below)

This also creates the basis for further financial services functionality. For instance, loan providers trying to perform alternative credit scoring through digital ID profiling don’t have to worry so much about finding financial info: They can use digital footprinting to build their scoring models instead of using details from banks and financial institutions.

SEON lets you onboard good users as soon as possible, applying the least amount of KYC possible – while you block obvious criminals, as well as request more documentation from suspicious users.

Our solutions have allowed leading neobanks and fintechs to grow faster and serve more customers without any compromise to their safety or compliance – by filtering out bad users pre-KYC, triggering exceptions for 3DS checks, reducing transaction fraud, eradicating defaulting customers, and enjoying peace of mind in the process.

As just one case in point, fintech Felix Pago reported 90% more confidence in accepting or rejecting payments and 100% improvement in detecting multi-accounting.

Book a demo today to see how SEON can help your company do KYC better.

Frequently Asked Questions

Sources

• Accenture: Banking Consumer Study: Making digital more human
• World Bank: The Global Findex Database
• Merchant Machine: The Countries Most Reliant on Cash In 2021
• CNBC: 25% of US households are either unbanked or underbanked

You might also be interested in reading about:

• SEON: Email Profiling: What Can an Email Address Reveal About Your Users?
• SEON: What is KYC (Know Your Customer)
• SEON: KYC in Banking: What is it, How it Works & How to Save Costs

Learn more about:

Browser Fingerprinting | Device Fingerprinting | Fraud Detection API | Fraud Detection with Machine Learning & AI