Why an orchestrated KYC strategy is the key to fighting online fraud

The days of bank robberies are dwindling

According to the British Bankers Association, robberies on British bank branches dropped 90% between 1992 and 2011. In contrast, according to UK Finance, we’ve seen a 94% surge in “impersonation scams” over the past year, typically conducted online, which have defrauded the public out of over £97 million.

What do these two statistics tell us? The nature of fraud is changing. Our world has been moving online for many years now, but with the pandemic accelerating this shift, fraudsters have capitalised. Whether that’s through increased use of online banking, healthcare apps, gaming websites or even streaming platforms, the opportunity to defraud businesses and consumers from behind a screen has never been higher. And this all comes down to the fact that in an online world, it’s harder to know who that person actually is. You can’t simply pull the mask off.

The need to evolve fraud strategies The Royal United Services Institute (RUSI) has now declared identity fraud as a national security threat. The need to prove that an online user is genuine and physically present has never been greater, but especially for organisations dealing with high-risk transactions and sensitive issues. For example, healthcare organisations need to know their patients so they can reliably deliver telemedicine services and prevent prescription fraud. And financial institutions need to know every transaction to ensure they are taking the necessary precautions to detect trends that may indicate money laundering.

But in today’s virtual setting, when technology is so advanced, traditional Know Your Customer (KYC) strategies simply do not cut it. Instead, organisations need to employ a fully connected and orchestrated way of mapping customer identities.

Everything starts with trust

It is imperative that businesses can confidently onboard new users remotely and know exactly who and where they are at the time of opening an account. Key to knowing this is leveraging identity verification technologies that use document-based identity verification (using a government-issued ID and a selfie) to verify online users.

This is a much more robust approach compared to traditional authentication methods and data-based identity proofing. Outdated methods like that are little more than a speed bump to the modern fraudster who could obtain this information from a quick social media search or even from the dark web. In fact, Gartner’s 2020 Market Guide for Identity Proofing and Affirmation predicts that by 2022, 80% of organisations will be using document-centric identity proofing as part of their onboarding workflows, which is an increase from approximately 30% today.

This tactic doesn’t need to be on sign-up only, though. The method can be used to continually verify users and provide even more identity assurance, which is particularly important in higher-risk scenarios. By requesting the user to take a fresh selfie, this will generate a new biometric template which will be compared to the original biometric

information captured during onboarding to unlock the user’s digital identity in seconds for continuous authentication. This allows organisations to continually know that the user is who they claim to be online, thus promoting an ecosystem of trust.

Embedding trust throughout

To maintain compliance and onboard good customers faster, businesses should seek to have a holistic identity verification platform that can cover multiple jurisdictions and monitor identity-related fraud signals when required. Not only does this allow organisations to meet evolving complexities surrounding the online economy and digital onboarding, but it also allows them to create a more accurate and complete picture of their customers and their behaviour throughout the entire customer lifecycle.

For example, businesses in the financial services space should be looking to leverage platforms that provide automated database pings, including government watchlists and PEPs and sanctions to help identify fraud and anti-money laundering (AML) risks faster. In addition, ongoing authentication solutions can help to prevent account takeover (ATO) fraud, which is when a fraudster seizes control of an online account, changes information such as the username, password or other personal information, and then makes unauthorised transactions with that account. This is especially important considering that ATO fraud is on the rise, with over a 31% increase YoY according to Forter’s Fifth Fraud Attack Index.

Identity orchestration as the final piece of the puzzle

Because many organisations currently rely on more than one identity-proofing method, this makes orchestrating these different capabilities across multiple vendors a significant challenge. To ensure that these different workflows are streamlined, identity orchestration stitches these together to help ensure the user experience isn’t too disjointed, time-consuming or onerous.

Identity orchestration also allows organisations to test and evaluate different workflows and to compare different vendors and data sources that are needed to achieve their identity-proofing objectives. Gartner anticipates significant growth in this category: by 2023, 75% of organisations will be using a single vendor with strong identity orchestration capabilities and connections to many other third parties for identity proofing and affirmation, which is an increase from fewer than 15% today.

While we may not see bank robberies occurring so regularly anymore, financial crime is simply evolving – as it is too for other sectors. But that doesn’t mean it’s not possible to fight. Key to a successful defence strategy is one that utilises the benefits of digital identity verification and authentication. By taking the time to carefully consider their onboarding and KYC processes in an orchestrated way, organisations can realise their full potential in the online world without the threat of fraud and cybercrime.

About the Author

Robert Prigge is CEO at Jumio. When identity matters, trust Jumio. Jumio’s mission is to make the internet a safer place by protecting the ecosystems of businesses through a unified, end-to-end identity verification and eKYC platform. The Jumio KYX Platform offers a range of identity proofing and AML services to accurately establish, maintain and reassert trust from account opening to ongoing transaction monitoring.



Featured image: ©TONL