Chances are you probably don’t love your know your customer (KYC) processes. They’re not only mandatory but also lengthy, expensive, and worst of all, easy to bypass for criminals and fraudsters.
But is this because your KYC compliance isn’t as streamlined or efficient as it could be?
In this post, we’ll break down the challenges of knowing your customers, why it’s important, and how you could use tech to improve your workflow.
What Is KYC Verification?
KYC stands both for Know Your Customers or Know Your Client, and it’s part of a larger category called Customer Due Diligence. The process originally has its roots in the financial sector, when governments attempted to block the transactions of criminals such as fraudsters and money launderers.
Today, however, pretty much every online business needs KYC compliance, from forex exchanges to gambling operators or neobanks.
This creates three key challenges for businesses:
- Performing online KYC checks for every user is expensive.
- Checks add friction to the customer journey.
- The checks aren’t always enough to fight fraud.
We’ll address all three of these pain points below, but let’s first look at it from the perspective of the agencies who enforce them.
SEON’s social media lookup tool checks 50+ social media networks and messenger apps to support your KYC verification checks
Book a Demo
The Importance of KYC Verification & Anti-Money Laundering (AML)
Often coupled together in a business’ risk management segment, the easiest way of understanding the difference between the two terms is the fact that KYC is the pure form of verifying your customer through some form of solution ie document verification or biometrics.
Instead, AML is the measures taken continuously by a business / financial institution to prevent money laundering and other financial crimes; both are necessary to operate a secure business that offers either products or payouts.
What Are the Three Components of KYC?
The three components of KYC are:
- First and Last Name
- Date of Birth
- Residential Address
These details must then be validated with an official document such as a passport, driving license, or national ID. In the context of AML (anti money laundering) customers might also need to prove that they are not politically exposed persons (PEP) and that they are the Ultimate Beneficial Owner (UBO).
For iGaming and online casinos, the checks must also include self-exclusion lists and age verification to prevent underage gambling.
KYC Verification with Frictionless User Validation
No Universal Method Yet
“How do you verify every document when there is so much disparity between, say, an Italian ID printed on paper, or an Indian passport which does not contain a hologram?“
Where things become more complicated, however, is that the laws aren’t standardized, and neither are the documents used for them.
In the US, for instance, the USA Patriot Act of 2001 governs the rules whereas, in the UK, businesses use guidance from the European Joint Money Laundering Steering Group.
This can create a logistical nightmare for companies working with an international user base. There are currently 150 different types of passports and national IDs worldwide. How do you verify every document when there is so much disparity between, say, an Italian ID printed on paper, or an Indian passport which does not contain a hologram?
Sourcing Valid Customer Info in Data-Scarce Markets
Continuing on the topic of international markets, organizations have to be extra vigilant when working in places where good customer information isn’t abundant.
In fact, 25% of US households are either unbanked or underbanked, which proves it isn’t just a challenge for online lenders catering to emerging economies.
KYC Procedure vs GDPR
Another conflict arises when you combine the obligation of acquiring customer data and ensuring it is safely stored. Government regulations pertaining to data safety, such as the GDPR, add an extra level of complexity for companies, who must ensure they put the best data protection policies into practice while simultaneously collecting as much info as possible.
A Costly Verification That’s Also Easy to Fool
It costs online businesses an average of $1 per manual document review. It may not seem like much, but when scaled by hundreds of thousands, it’s easy to see how an inefficient workflow can become a money pit.
Worst of all, document scans are certainly no obstacle for fraudsters. There is an abundance of photoshopping services that will easily create a document scan, even offering to combine them with a real selfie picture, both available on the clear and darknet.
In fact, document scans are welcome by fraudsters who want to pass customer identification checks, as it’s one of the easiest ways to get around user authentication. There is no shortage of options, as they can:
- Acquire original financial and personal documentation on the dark web.
- Create synthetic IDs based on real and made-up user data.
- Phish for personal info themselves using fake job posts, online scams, etc…
To see how easy it is to apply for a loan with a stolen ID, we even conducted our own experiment, which you can read about here.
Customers Don’t Care About KYC
Last but not least, the verification steps are simply seen as obstacles by users. Yes, they may help avoid terrorist financing, but for the average user, they just add friction between them and the service they want to use (or goods they try to buy), which creates churn and sends them towards the competition.
As businesses race to be as frictionless as possible, however, something has to give. For instance, do you offer a loan to anyone who applies, or do you have a more stringent verification method that risks losing you business?
It’s a difficult balancing act that all businesses must perform, and not just loan providers.
KYC + 3DS + SCA = Payment Friction
Merchants, acquirers and card issuers based in the EU also have to provide additional user information in the context of the PSD2 directive and its SCA (Strong Customer Authentication) requirements.
One of these requirements is to enable 3DS, or 3DSecure, which is supposed to boost fraud prevention.
The problem? Companies despise it. 3DS adds extra friction at the checkout stage, the worst possible time when users just want to purchase a good or service. Abandoned cart rates are spiking because of it.
But there might be a silver lining, as proving you have performed good KYC checks may help you avoid 3DS by triggering an exemption.
Key Points for a KYC Verification Process
Based on the challenges highlighted above, here is what you’d want your rules to accomplish:
- Filter out junk users
- Acquire valuable user data
- Work even with few data points
- Meet all legal KYC requirements
- Spot stolen IDs
- Verify customer ID without relying on 3DS verification
- Help flag fraudsters automatically
- Speed up the digital onboarding process
Surprisingly, a good fraud prevention solution can meet all these criteria. Let’s dive deeper into which features you’ll need to deploy to make it work.
Getting Data from Fewer Points
How do you reduce friction and risk and still get an accurate view of your users? By completing the picture yourself.
Put simply, it’s all about letting users input the strict minimum to comply with KYC procedures. Your fraud detection tool can do the rest of the work in the background, by looking at the user’s digital footprint through:
- Device fingerprinting: Which lets you find a lot of valuable information about high-risk users based on how the combination of software and hardware they use connects to your site.
- Data enrichment: You can take a single email address or phone number and glean a lot of insights into the quality of our user. For instance, an address found on a data breach is actually a high indicator that it is valid and genuine.
- Social media lookup: A great tool to confirm your users have a true online presence. SEON’s risk assessment found that 76% of defaulting clients who had borrowed a loan didn’t have any social media accounts linked to their email address.
Note that these are also the ideal methods to use if you’re working with customers in markets where credit and financial information is scarce.
For instance, loan providers trying to perform alternative credit scoring through digital ID profiling don’t have to worry so much about finding financial info: they can use digital footprints as data to build their scoring models instead of using details from banks and financial institutions.
Filtering Out Bad Users
Another advantage of gathering alternative data before the KYC check. You can vet which users will be worth considering, and which might be a waste of time.
You can use the same aforementioned tools used to flag fraudsters (data enrichment, social media lookup, device fingerprinting), and dedicate them to filtering out low-value users from good users instead.
In short, your fraud prevention tools will also double as a pre-KYC screening solution, which can save you enormous amounts in wasted costs and lost resources to verifying customer data.
Avoiding Needless 3DS Payment Checks
While it’s ultimately the call of the issuer to insist on a 3DS check or not, you can request an exemption from it – provided you can prove you’ve acquired enough customer data.
This isn’t just theory: we know a lot of our own customers use SEON for risk assessment, which is enough to trust their customers without triggering 3DS.
This has a tremendous positive impact on the customer journey. It helps increase conversions (or at least not decrease them), reduces cart abandonment rates, and helps businesses accept more transactions – without increasing the risk of transaction fraud.
Optimized KYC Compliance as Competitive Advantage
Since anyone working in your vertical should have the same KYC risk assessment requirements, it’s all about implementing them in a smart way, for instance by using dynamic friction.
The process lets you onboard users as soon as possible using what we’ll call light KYC process only, that is by filling out the most basic user profiles.
But even single data points such as an email lookup or phone number can already help flag potential risk and boost your anti-money laundering efforts. You don’t have to go into a full identity check here, because SEON’s Email module, for instance, could reveal if:
- The address isn’t mature enough to appear legitimate.
- Appeared to have been created by a bot (by examining the strings).
- Has never been linked to a social media profile.
If in doubt about your user, you can then trigger the heavier customer KYC processes during the onboarding process. This is an automated process, which doesn’t slow down your good users at the initial touchpoint (they can still go through the heavier KYC checks later, for instance at the time of withdrawing or funding an account).
Moving Towards a Frictionless Experience
The trend with KYC compliance and AML compliance is already to move towards an experience that is as frictionless as possible (with selfie and IDs, utility document uploads, etc…). And it’s interesting to imagine how they will evolve in the future.
Will an e-KYC process break away from the traditional scan-and-upload model? Will there be reliable risk techniques for checking ID cards and passports via NPC to predict financial crimes? What about anti-money laundering (AML) checks?
It’s hard to tell. But at SEON, we believe we are the ultimate extension, allowing you to gather granular information on top of your pre-existing requirements.
Above all, you can combine the power of our fraud prevention solution to augment AML solutions, filter out bad users pre-KYC, trigger exceptions for 3DS checks, reduce transaction fraud, eradicate defaulting customers, and grow your business safely, with complete peace of mind.
SEON is more than just a software solution, it is your business partner in fraud fighting
Book a Demo
KYC Verification FAQ
A KYC journey can vary depending on the context but typically is will consist of either: ID card verification, video verification, document verification, and biometric verification.
Depending on the chosen method, a person might need to take a selfie or send a photo of a given document which will then be verified by either AI or a company representative.
The answer should be an evident no. If you can filter out junk users, bad leads, and obvious fraudsters, you’re already saving on costs and resources before the checks even begin. You can find how to create these filters within this article.
You might also be interested in reading about:
Learn more about:
Showing all post with `` tag
See a live demo of our product
Tamas is the founder and CEO of SEON and an expert in all the technological aspects of fraud prevention.
Get our latest newsletter
Join over 6000 companies in getting the latest fraud-fighting tips