Customer identification is a worldwide practice in online banking that simply asks the question: are you who you say you are? It is commonly known as Know Your Customer (KYC). In The United Kingdom, it is governed by The Money Laundering Regulations Act 2007. Traditionally best practices and compliance guidance are provided by the European Joint Money Laundering Steering Group.
Generally speaking, the degree to which customer identification online is conducted is based on the size of the client and the size of the potential transactions. Thus, personal banking is often treated very differently than commercial and even corporate banking. So too, high net worth clients will likely have a different customer identification procedure than middle-class citizens. In the United Kingdom, this includes trust companies, legal professionals, accounts, tax advisors, and even gambling institutions. It is far more than just banks and credit unions that need to be compliant with online customer identification.
Here we are going to look at the various ways of how to identify a client online that can be conducted with specific examples of their successes and limits. Some processes are erroneous while others barely scratch the surface. This is also a reflection of the cost, speed, and ease with which the customer identification on the web.
Money laundering, the illegal transfer of funds from or to illegal enterprises is nothing new. Sophisticated technologies have enabled it to move more quickly and efficiently online. Internet-based technologies available on a smartphone or tablet allow a user to access a cryptocurrency account and add an additional layer of protection. Hundreds of more cryptocurrencies exist, but more often than not there has to be a legitimate bank account for the final amount of money being laundered to deposit into.
The spread of worldwide terrorism (which fueled the US Patriot Act in 2003 to support KYC) and subsequent fear of lone wolf attacks in Europe and North America has made the importance of online customer identification paramount in 2016 and beyond. Besides that, credit/debit card fraud is easier than ever. In 2016, narcotics and the funding of gang activity remains a constant problem in The United Kingdom. All of these perpetrators are why online customer identification remains such an important issue. Cutting their financial access to one of the world’s most respected financial capitals is vital.
The first step in identifying a customer online is in checking to make sure the person whose name and personal information that are applying for credit or banking privileges actually exists. In cases of fraud, one of the most common strategies is to utilise the identity of fictional persons or persons who have passed away. This is the easiest and often less time-consuming part of the verification of an online identity. Typically it is conducted by the various credit bureaus in a given country on behalf of the institution who the person is applying for an account or credit with. Very often this is known as a customer onboarding process. The company is getting to know their potential client.
The second step to in the KYC strategy is to ensure that the person attempting to open an account or receive credit is actually the person they say they are from the first step. People all over the world experience this type of authentication daily as we use our online banking or log into our various accounts from a device not normally used or a different IP address. However, in this case, the questions are known as out-of-wallet and can be overly complex or actually not even relevant. The industry uses this term because if a lost or stolen wallet is used for money laundering the criminal will not know the answers to these questions just simply by having the information contained in the person’s wallet.
Those who fail to pass the first step will likely be reported to the respective government authorities as it is rare for errors to occur at that step without malicious intent. For those who fail to answer the sometimes obscure questions in the second step, users will likely be denied an account with the option of manual review. Questions in the second step might relate to a street address next to the street address someone grew up on 20 years ago or even a grandmother’s maiden name for a person who never even knew who they were! In large part, this makes the process of identifying a client online more time-consuming and expensive for everyone.
From the above steps, most online client identification is done through the use of personal questions or the uploading of personal identification documents. Let us take a look at those and a few other methods for customer identification online and how they stand up against one another.
One of the most commonly utilised methods for identifying a customer online today is tiny deposits, usually a dollar or less. Online identity verification is realised when the real account applicant has identified the exact amount of change that has been deposited. This acts similar to a four digit PIN number. Attempting to guess the actual amount deposited fraudulently has a less than 1% chance of occurring. Today it is more or less common for the bank or credit company to make two deposits of different amounts. This adds an extra layer of protection.
Paypal is perhaps the most well-known company taking advantage of the dollar or less deposits for customer identification online. It is just one method in a whole suite of customer identification protocols that verify whether an account holder is indeed the account holder in question. As you will see, until the process is more streamlined, several methods are necessary for security. This often leads to delays and increases in expenses.
The classic example of customer identification is the use of personally issued government documents. Typically when a financial institution asks for personal identification documents they are requesting a driver’s license and a passport. In cases in which neither or one of those is unavailable they will request health cards, birth certificates, and the like. Generally speaking at least one photographic government issued document is required for online ID verification. This is followed up by a verification of current address, which is often done via a current utility or phone bill. Traditionally, when a person opens an account or applies for crediting they are furnishing the documents in person. Uploading them online is much different.
The uploading of documents sounds pretty full proof but very often the documents are only checked to ensure that they meet the standards of an authentic document not that they really are the person they purport to be. Thankfully many countries, including The United Kingdom, require more than one independent source to verify the authenticity of a document. Again, verification is only often through several techniques.
Monese is succeeding in document uploading that allows customer identification online in just a few minutes. It is all done with a smartphone, a passport and a couple of photos. Designed for immigrants, new residents can step off a plane, snap a photo of themselves and their passport photo to be verified in just minutes. Proprietary biometrics are used to analyse and verify the photo in the passport and the selfie just snapped are one in the same. They even follow-up with social media checks and Skype interviews.
Third party apps are making resounding success for retailers and social media giants in collecting data and performing on the web customer identification. Financial and insurance companies have been more averse to including them in their KYC methodology. In the use of third-party apps companies have been able to track the user’s online habits with cookies, social media accounts, and any number of mobile device apps to analyse their behaviours, trends, and likes. The data gleaned, although intrusive for some, is more often beneficial for both customer and business as it can lead to freebies, savings, and better customer satisfaction. It can also tie in nicely with a banking API.
From a criminal prevention perspective, 3rd party apps can be used to collect information about a user that might give evidence of illicit behaviour. This allows the institution in question to cut ties and report the person(s) without even opening an account. These third party apps can get very expensive and rely on a whole other host of security problems.
Outside of finance, several retailers are seeing amazing results in the user of their apps to conduct customer identification online. One outstanding app is the one provided by Starbucks. In a difficult industry for learning how to identify a client online, Starbucks has left the entire restaurant and food service industry in their tracks. In a customer base that often has their devices out and connected it was a no-brainer for this company to offer a number of freebies and discounts for its app users. In return, Starbucks learns valuable information about their customers online and mobile use habits.
Banking API is a growing trend in fintech that allows the aggregate data of bank customers to be utilised to deliver to them a better customer experience, not only at their financial institution but with transactions as well. An application protocol interface is a set of tools, guidelines, and parameters that allow software to be built and augmented within a given framework. It allows seamless use for everyone as the underlying software does not change, but the upgrades are an available option with no problem. It promotes fintech creativity and subsequent improved economic activity.
Card-linked marketing works by securely tracking transactions through an account holder's debit and credit cards and making more informed propositions to them. This includes savings and deals at the point-of-sale, highly relevant advertising that is seen as helpful, and financial counselling in the form of real-time advice on saving and spending habits. Independent and open banking APIs make this process that much easier.
In the United Kingdom, the push for open APIs in banking is on its way to becoming a reality. Traditional banks and government bodies worldwide have long held hesitant to the idea due in large part to security protocols. However, in the UK, their push forward in introducing the framework puts them in a better place to compete in an ever dynamic financial world. At the heart of the success of the introduction of banking API is customer trust and the ability for an account holder to give their consent prior to the use of their data and an understanding that that data cannot be compromised.
Customer identification online is only going to get more important as the need for access to finance and capital is increased through our ever increasing technology improvements. As physical money continues into obsolesce, the use of various methods of identifying a client online will become all that more important. As we see from the examples above, no one method has proven itself the stalwart. Each is with its pros and cons.
The evidence suggests that Banking API is on the rise, especially in Europe where integration is being pushed by several governments to realise greater fintech innovation. It is obvious though that an integration of the various methods is what will continue to be the norm for a while, especially powerful apps for identifying a customer online. The more support banking API receives, the more level playing field everyone has. Costs can be mitigated, processes can be achieved more quickly, and customer identification online can get that much closer to being perfect at its job: verification of who you say you are.