Blog

In this digital era, many factors are greasing the wheel of money laundering. Due to online transactions, it has become a piece of cake for fraudsters to carry out their financial frauds. But the AML Compliance Program for business is to govern the monitoring of accounts, detection, and reporting of financial crimes to relevant authorities. CFT and AML compliance promote stability in financial markets by mitigating the adverse effects of criminal economic activities and promote stability in financial markets.

In this digital era, many factors are greasing the wheel of money laundering. Due to online transactions, it has become a piece of cake for fraudsters to carry out their financial frauds. But the AML Compliance Program for business is to govern the monitoring of accounts, detection, and reporting of financial crimes to relevant authorities. CFT and AML compliance promote stability in financial markets by mitigating the adverse effects of criminal economic activities and promote stability in financial markets. 

AML compliance trace and tackle the frauds like money laundering that any financial institute can face. Customer screening against certain PEP lists and sanction lists is done to complete due diligence and deter money laundering, terrorist funding, drug trafficking and other financial frauds. Anti money laundering checks provide a backbone for CFT (combating the financing of terrorism) and KYC regulations. AML regulations are key components of the US Patriot Act, 2001. In 2005 the Reserve Bank of India made it compulsory for banks across the globe to adhere to AML compliance to detect and prevent the financing of illegal activities.

Financial Regulations for Money Laundering- A Deep Dive:

The Financial Action Task Force, which is a group of 35 countries, work together to curb the risk of financing of terrorism by standardizing regulations to prevent such frauds. These authorities are working to keep a close check on money laundering activities. Many countries are following the guidelines of FATF to impede financial crimes and to restrict terrorist financing and money laundering. There are 40 recommendations of the FATF to put a halt on money laundering which countries follow. The FATF Recommendations are recognized by the global AML and CFT standards. The list of data sets of citizens that is being continuously updated is provided to law enforcement agencies in case any illegal activity is performed by any individual.

Key Features of CFT:

CFT is achieved by having a proper channel for AML checks. Following are some key features of how CFT works:

• CFT is basically restricting the movement of funding of terrorist organizations. By focusing on a variety of entities, including banks, charities, and businesses by regulation, supervision, and reporting.
• The efforts which are made to authenticate and put a halt on the movement of money and to monitor transactions to screen out those which are used to fund terrorist activities come under the umbrella of CFT. 
• The CFT process plays a significant role in identifying money laundering activities from detection to prosecution. Money laundering appears to be legitimate but processes like CFT are used to identify such criminal activities and eradicate them. 
• Financial Intelligence Units investigate suspicious transactions and information is provided to law enforcement for further investigation or prosecution.

How Combating the Financing of Terrorism Works?

CFT involves guiding and teaching financial investigative techniques and training financial institutes to identify suspicious activities.  CFT efforts may examine entities including charities, registered money service businesses, underground banking entities with many others. Money launderers need to conceal the origin and how the money will be used in order to carry out their activities. Such frauds come from legal sources such as legitimate organizations as well as from illegal sources such as drug trafficking and government corruption.  Terrorism financing and money laundering, both are interconnected. When an entity is able to detect money laundering activities, it is preventing terrorist funding simultaneously so combating money laundering is a key to CFT.

AML Compliance for Businesses

AML (Anti Money Laundering) practices are used to perform due diligence of customers. Businesses, especially financial institutes need to abide by AML checks to deny the loss of millions in penalties that will be imposed by regulatory authorities for not complying with the regulations.  To analyze customer data and to detect suspicious activities financial institutes deploy stringent AML checks. Such checks filter out customer data and classify it accordingto the suspicion level so that high risk customers can be highlighted. Any sudden and abrupt increase in money transfer or large withdrawal should be considered suspicious and businesses should act accordingly.  AML checks help financial institutes to impede financial frauds. AML screening detects not only money laundering but also other financial frauds like tax evasion, terrorist financing can also be traced and eradicated.

PEP List Screening- An Integral Part of AML & CFT:

A politically exposed person or PEP is the one who has a high profile role in society. Due to this prominent position that  they hold in society they can commit money laundering and other offences.  Many case studies and analysis reports have confirmed this fact already. There is a list available that holds all the names of PEPs known as the PEP list. Screening individuals against this list is an integral part of AML and CFT to identify the person. As these people are more likely to be involved in financial crimes so they come under the umbrella of high-risk for financial sectors. With PEP status additional risks which are involved can be highlighted. Businesses need to be more vigilant and must apply additional AML and CFT measures when dealing with such persons. In order to avoid reputational and regulatory damages, PEP list screening is an integral part of AML and CFT regulations. 

Read More: Politically Exposed Person – An unsaid threat to Businesses

So in a nutshell, AML and CFT compliance are to eradicate financial crimes. Businesses need to abide by these regulations in order to be safe. If a business fails to comply with these regulations it will end up falling in the pit of money launderers and end up paying a hefty amount of fine which will be imposed by regulatory authorities. So in order to curb financial crimes and meet identity verification requirements businesses should have proper AML checks into their systems. 

Need for Customer Authentication Mechanisms

Since the existence of humanity, new innovations and technologies have been introduced to improve living standards. Millions of dollars are invested every day in different sectors to enhance operations and work processes. As a result, our quality of work and lifestyles are improving with every passing day. An emerging industry, IT, has revolutionized our lives in innumerable ways. The work involving immense time and human efforts is now done within a few minutes or seconds with the help of computers. 

Like other inventions, computers can be utilized in a wide variety of methods, as per the requirement of the user. Some users utilize computers to their best ability for the betterment of the world and its inhabitants, while others use them to cause harm and damage. Since the advent of the internet, criminals have been deceiving and exploiting users through fraudulent activities and practices. It has become important to impede these criminals’ attacks before the damage gets more severe.

According to the Federal Trade Commission’s “Consumer Sentinel Network Data Book,” the most common types of fraud complaints registered last year included imposter scams, debt collection, and identity theft. Credit card fraud was the most widely occurring in identity theft cases — about 167,000 people reported a fake credit card account that was opened using their personal information. In 2017, it is estimated that in the USA about 16.7 million people became victims of identity frauds. The cost of such an organized attack on online user identities is estimated to be USD 16.8 billion.

The 2FA process is carried out to protect both the user’s data as well as the resources that the user can gain access to. It provides a greater security level than other authentication methods that rely on single-factor authentication (SFA), where the user provides only one factor — generally, passcode or password. The two-factor authentication method relies on an individual giving a password, and another factor, which in most cases, is either a security token or a biometric factor, such as a fingerprint, iris scan, or facial scan.

The process adds an extra layer of security to the verification process by making it difficult for attackers to obtain access to an individual’s devices or online accounts because having the victim’s password alone is not enough to pass the security check. Two-factor authentication has been used for a long time for controlling access to sensitive information and processes, and online service providers are increasingly using this method to secure their users’ personal details from being misused by hackers who have hacked a password database or used phishing to obtain user passwords.

Read More: Why 2 Factor Authentication is vital for Online Identity Risk Management?

How does two-factor authentication work?

Here is how two-factor authentication works:

1. The users are requested to log into the website or platform.

2. The users provide the personal credentials they possess – generally, a username and password. Then, the site’s server identifies and recognizes the user.

3. For processes that don’t need passwords, the website generates a different security key for the user. The authentication tool processes the key, and the site’s server verifies it.

4. The site then asks the user to perform the second login step. Here the users have to prove that they possess something only they would have, such as a security token, ID card, smartphone, or other mobile devices. This is called the possession factor.

5. The user then enters a one-time code that was generated in step four.

6. After successfully providing both factors, the user is authenticated and provided access to the platform.

Conclusion

Two-factor authentication is a reliable way of securing customers and their belongings. The effectiveness of two-factor authentication can be understood from the fact that many leading social media platforms such as Facebook, Instagram, WhatsApp, etc, have incorporated it into their platforms to secure their users. Digital identity verification techniques are the future of customer identification and businesses of all sorts need to integrate them into their platforms. This will not only help them in securing their customers but also comply with the changing regulatory compliances

The KYC requirements all over the world are getting stringent. ID document verification is a norm for major business entities when it comes to onboard a secure clientele base. Remote verification of customers has various forms. It can either be done through digital document verification or biometric authentication in combination with other attributes such as remote anti-money laundering (AML) screening and address verification. However, another method of customer verification is becoming “the new normal” in the identity verification market. Video KYC is now grooving in the digital space for remote verification of customers.

Multiple industries, dominating the banking sector intersecting with the Fintech use-cases are in need of digital customer identity verification. Video KYC thus is among the most suitable methods in which with the assistance of KYC expert and technology, identity is verified remotely. 

Role of KYC expert

The online user first fills the registration form and the KYC expert connects the user for remote verification. The expert guides the user to verify the identity throughout the identification process and takes consent at first when it comes to collect the data from the customers. The user will be asked to show the documents asked by the expert in the camera for verification purposes. The document could be an ID card, driving license, and passport. The expert asks the user to tilt the document to check holograms in them. They are trained not only to identify the spoofing elements in the documents but also for behavioral and body language analysis. 

Role of technology

During the verification process, AI-powered facial recognition of customers is also performed. The liveness detection feature in this biometric technology ensures the physical presence of a customer at the time of verification. The checks employed in the technology lookout for spoofing elements in the document as well. When both face and document is verified, the results are sent to the back-office.

Video KYC and Indian regulatory framework

The Indian regulatory infrastructure has revamped the customer identification process for the banks, NBFCs, Fintechs, and other financial institutes. The latest regulations allow the replacement of paper-based processes with the video call verification mechanisms as per the recent amendments in KYC guidelines in the country. The Reserve Bank of India (RBI) is the country’s banking regulatory authority which declared some amendments in the existing guidelines. 

Under the Prevention of money laundering (Maintenance of Records) Rules, 2005, KYC is a vital part when it comes to onboard the customers. The regulations make video verification vital for the digitization and automation of the current KYC norms. For the same, in February 2016, master guidelines were released.

The following are some of the amendments in RBI:

• To build an account-based relation with the customers, a live Video-based Customer Identification Process (V-CIP) should be carried out by the official of the Reporting Entity (RE). 
• A clear picture of the Permanent Account Number (PAN) card shall be captured that would be displayed by the customer during the verification process.
• A live location of the customer should be captured to ensure the physical presence of the customer in India during the verification process. 
• It is the responsibility of REs to ensure secure video storage that stores the time stamp and date as well. 
• All the activity logs which also contain the official credentials while performing the V-CIP, should be protected.
• REs are encouraged to employ the latest available technology which includes Artificial Intelligence (AI) and facial recognition (face matching) technologies to ensure honest verification and keep intact the process integrity.
• The BCs can facilitate the customer identification process at the customer end only whereas the official one would be at the other end of V-CIP interaction which should be necessarily a bank official.
• All the details of BCs who are assisting the customer should be maintained by banks. The responsibility of CDD will ultimately be with the bank.  

Relief for financial firms – In COVID 19

Among all the hype of COVID-19, major business transformations can be seen. The banking industry has to revamp the digital banking services to establish a secure and running program for the customers. The increasing digital frauds and financial crimes call out for the stringent identity verification methods. The financial firms have got relief with the latest convenient method of customer verification in the form of video KYC that could help them cope up with the situation smoothly from all aspects. 

Video KYC – Swift and convenient solution

Video KYC is a quick and convenient process in which all the traditional verification methods are replaced with a video verification by a KYC expert. It is a secure method that helps the banking industry, particularly the Fintech businesses in attaining a clean customer base. Another benefit of Video KYC is that it helps businesses comply with the KYC and AML regulations with easy and secure customer acquisition. 

It is projected that by the end of 2021, 2.4 billion will buy products and services online, up 46% from 2015 when 1.46 billion people made purchases online. Moreover, during current situations when the whole world is under self-imposed lockdown, people are staying home and prefer to make purchases online, more people are expected to shop online then predicted previously. This high demand landscape has made many entrepreneurs and businesses rich but also create unforeseen challenges. 

As age-restricted products and services have seen a surge in demand, it has become more than important to protect minors online. The age-restricted items such as alcohol, knives, tobacco, and others are safeguarded from minors offline but what about preventing minors’ access to the same products online?

The need for age verification has increased especially due to the open-access of the internet. Regulatory authorities are working to create an online environment safe by placing regulations for the online sellers of age-restricted goods. Businesses are also opting for age verification checks to comply with regulatory authorities. 

Shufti Pro’s experts have written a whitepaper on the need for age verification to secure minors and your business online. Download this whitepaper now.

Here’s a brief summary of the whitepaper. 

A brief on age verification

Age verification is a measure used to prevent access to digital products that are restricted to a certain age. Age verification systems are usually used to protect minors from accessing age-restricted content online. The examples of age-restricted content are:

1.Alcohol

2.Online dating websites

3.Online gambling and lottery platforms

4.Online gaming content that is not suitable for underage people

5.Tobacco and cannabis

6.Pharmaceutical drugs

Why is it important for businesses to know the age of the user?

Age verification is deemed necessary for the sellers of age-restricted goods and services and not having proper age verification checks may result in fines up to millions of dollars and other legal obligations. In short, it is necessary to stay up to date with recent regulatory requirements both local and global. 

Businesses often implement identity verification including age verification to set age brackets a particular user falls in and by doing this they separate unnecessary users. Read the white paper to explore details of traditional checks and where they lack. 

Ways to verify a user’s age

Online age verification is performed using different methods. Some of which are:

Self-verification checkboxes

 Most online business place checkboxes for asking the user if they fulfill minimum age requirements or ask them to enter their date of birth. This is the most common type of age verification check but it isn’t much effective because minors can easily surpass this check.

Verification using a credit card

Sometimes online stores ask for credit/debit card details by assuming that credit card companies will not issue the cards to minors. However, minors may access their parents’ credit cards to make purchases without consent.  While the credit card verification checks approve the transaction as the chances are that it will be performed from the same IP and the same address. This leads to a legitimate chargeback claim which in turn leads to a loss to the business.

Online age verification using ID documents

The process for online identity verification is as simple as uploading the picture of government-issued identity cards and a selfie to verify that the identity document belongs to the same person performing the verification. Due to sophisticated technology, this process becomes instant so that authentic buyers of legal age did not walk away due to the tiresome verification process.

Shufti Pro’s online age verification solution 

Shufti Pro uses AI-based ID document scanning combined with 3D facial recognition to verify the identity and age of the user, taking only 15-60 seconds. Users’ can be verified by using just and ID document and a selfie. 

Just a simple API integration and you’ll be all set to refrain minors from entering your platform while providing a secure and fast user onboarding experience to your legitimate customers. For more details, read the white paper to know how an investment in age verification solution will turn to be your competitive edge and a reliable resource to fight cybercrimes.

The world we live in no longer seems to be honest and fair. A large number of individuals are participating in fraudulent and unethical activities every day. Causing a loss of billions of dollars per annum, the fraud instances are still on the verge of increasing. According to the FTC, about 3 million complaints regarding identity theft and fraud were received in 2018, out of which 1.4 million were fraud-related. In 25 percent of those cases, money loss was reported. In the same year, it was reported that consumers lost about $1.48 billion in fraud complaints, an increase of $406 million from 2017. 

In 2018, about 130,928 of the cybercrime cases were related to credit card frauds. These types of frauds are committed to obtain goods or services or to make payments to other accounts that are controlled by a criminal or fraudster. The Payment Card Industry Data Security Standard (PCI DSS) is the data security standard established to assist businesses to securely process card transactions and reduce card fraud. To cater to the problem of fraudulent credit card transactions, the concept of chargebacks was originated.

Chargebacks and their importance

Chargebacks are transaction reversals that are forcefully initiated by the cardholder’s bank in case of a fraudulent transaction. It is mostly considered a consumer protection mechanism. If you’re a business or merchant, chargebacks can be a frustrating threat to your livelihood. If you’re a consumer, chargebacks represent a shield between you and corrupt vendors. If someone’s payment card is stolen, it can be used to make transactions at any physical or online platform. When the cardholder is notified about the transaction, he/she claims that they were not responsible for it and they claim the transaction amount from their bank. This is known as a chargeback. The bank refunds the amount to the customer and in turn, imposes heavy regulatory penalties or fines to the business or merchant for not conducting proper due diligence of the customer. 

Chargebacks were introduced in the early 1970s when the US has started introducing credit cards. There was consumer fear regarding the use of these new cards. There were also complaints regarding unethical merchants taking advantage of the consumers. This led to the creation of chargebacks in the Fair Credit Billing Act of 1974. According to a study, Chargebacks account for 70% of fraud and cost merchants nearly $11.2 billion in lost revenue in 2015. The E-commerce industry lost an estimated revenue of $6.7 billion as a result of chargebacks in 2016 out of which 71% ($4.8b) was due to friendly/chargeback fraud. While chargebacks provide a protective shield to customers against fake transactions, on the other hand, they cause losses to many businesses as well. 

Types of Chargebacks:

1: Merchant Error

Innocent mistakes and errors at the merchant’s behalf can have a major impact on the business’s bottom line. Errors are mostly linked with merchant setup, transaction data, and order processing. About 20-40% of all chargebacks are caused by merchant error.

2: Criminal Fraud

Criminal fraud is one of the primary reasons chargebacks were created. In this type the cardholder claims that the transaction was not authorized. This chargeback is triggered due to various forms of criminal activities:

• A criminal finds a lost card
• Counterfeit cards are generated with stolen account information
• Hacked account information is used to conduct the card-not-present transaction

About 1-10% of all chargebacks are caused by criminal fraud.
3: Friendly Fraud

This chargeback involves unsatisfied customers who contact the business directly with any complaints they may have. However, some consumers use the bank as a middleman and file a chargeback instead of asking for a refund. And because the business is not aware of any issues with the transaction, friendly fraud is performed by apparently satisfied customers. Friendly fraud chargebacks account for 60-70% of all chargebacks.

How can businesses save themselves from false chargeback claims?

As we can conclude from the statistics above, false chargebacks can have devastating effects on the prosperity of a business. It is crucial for businesses to take strict measures for the prevention of chargeback instances. This is possible by conducting proper identity verification or due diligence of customers before transactions are conducted. Financial regulatory authorities such as FATF have introduced strict KYC and AML regulations that are mandatory to follow for financial institutions and banks. However, businesses are increasingly adhering to these compliances for their own security. 

Identity verification has been practiced for many decades but the manual method is very time-consuming and there are chances of human error. Recently due to the innovations in the IT sector, artificial intelligence-based digital identity verification systems have been introduced. These systems remotely verify the identities of customers from any corner of the world within a few seconds. There are different types of digital ID verification techniques that are used by businesses:

• Face Verification
• Document Verification
• Address Verification
• 2-Factor Authentication
• Consent Verification

Once the identity of the customers is verified before every transaction, businesses will have recorded proof for it which can be presented to the bank in case of a false chargeback claim. If businesses ensure the provision of prompt and attentive customer service, quality products and services, and paying attention to transaction details, customers will not have a sound reason to file a chargeback. Instances of friendly fraud will decrease significantly.

Wrapping Up…

Fighting chargebacks is the last major responsibility businesses should face at this time. Banks have allowed fewer chargebacks to be filed against businesses that regularly argue regarding these claims. Not only does chargeback resentment make sure that the business gains more profits, but it is also helpful in educating consumers about what isn’t and what is a chargeback and how it should be used accurately. Customers should also understand that chargebacks should be filed in extreme scenarios only; they are the last resort rather than the first action to take to seek a refund. Chargebacks should not be used senselessly, as the consequences for the businesses are quite harsh. Hopefully, with proper education about chargebacks, both customers and businesses can notice a decline in the number of fraudulent chargeback claims.

The meteoric rise in the adoption of digital technology has influenced every phase of modern humans. From societies to economies to culture, each aspect undergoes both positive and negative transient changes. Predictably, it also means that the internet has penetrated into the lives of children and impacted their way of living. It is estimated that about 71% of youth is online as compared to 48% of the overall global population. The youth that ages 15 to 24 is estimated to be the most connected group over the internet. Globally, one out of three internet users is a child under the age of 18.

Undoubtedly, the digital space provides ample opportunities to children where they could learn, ensure self-development, and get entertained at the same time. However, in one way or another, minors are exposed to a variety of threats that could harm them. Children are at a big chance of falling prey to the vulnerabilities in a digital space. For instance, child identity theft incidences in an online space are not a concern of today. The year 2017 compromised the data od more than one million children which resulted in a total loss of about 2.6 million dollars against which families paid more than 540 million dollars out of their pocket.

The statistics, therefore, call out for a stringent regulatory framework that can acknowledge the need for strong child data protection measures. The COVID-19 outbreak has increased the ratio of digital activities that could be more harmful to the children and their data. Fraudsters roaming in the digital space target the children’s data to fulfill their list of malevolent purposes. Online age verification checks, thus, are contributing to providing a safe space for children that keeps intact security and child’s data protection aspects simultaneously. The regulatory bodies all over the world have declared regulations regarding data protection of children in the digital world. 

Online Age Verification – Global Regulatory Framework

Among all, major legal approaches highlight the need for parental consent and its principles. However, these approaches may vary in certain countries. Usually, their mandate is that all the digital services providers must obtain verified consent from parents before obtaining information from them. In this section, some of those regulatory frameworks are discussed.

United States

In 1998, the US passed the Children’s Online Privacy Protection Act (COPPA). This legislation is dealing with the protection of minors’ privacy online. The legislation highlights the need for age verification of children online and parental consent before collecting information about children. It ensures the parents have control over the information of children under 13 that is been collected by the online websites. 

South Africa

In South Africa, The Protection of Personal Information Act, 2013 (The POPI Act) is in force that prohibits the processing of children’s personal information. Consent is necessary to process, exercise, or even for legal defense purposes. 

European Union (EU)

The EU’s General Data Protection Regulation (GDPR), explicitly recognizes that children are less aware of the consequences, risks, and safeguards that concern their data and its sensitivity in the digital world. The Act, therefore, enforces parental consent before processing the online information of children having age under 16. 

Germany

In Germany, the interstate treaty aims at minors’ data protection and mandates the use of online age verification solutions. Instead of enforcing parental consent, the legal regulatory framework of Germany highlights the implementation of age verification solutions to verify the age of children before providing them access to the digitals services. 

United Kingdom (UK) 

The Digital Economy Act (DEA) of the UK passed in 2017, which is explicitly designed to regulate the digital services and communications infrastructure. The law strictly ensures the implementation of age verification measures while providing children access to age0restricted content online. However, the specific method for age verification is not mandated but the implementation is declared mandatory. 

Online Age Verification Methods

The online age verification practices vary with respect to the methods. The manual age verification methods included only simple Age Affirmation Pages (or self-certification) in which just by ticking a checkbox, the age was confirmed by the user side. The method does not serve the purpose as it could be tricked easily. 

The globally digitized world is moving towards the adoption of technological advancements as so the innovative solutions for age verification of customers online. The following are some methods that can be used for the age verification of customers online:

Credit/debit card verification

In this method, users are required to enter the details of their credit card/debit card. This method ensures that only adults or people above the legal age use debit/credit cards and will be verified.

Government-issued ID cards

The age of online customers can be verified through the government-issued ID card that could also be a passport or a driving license. Through OCR (Optical Character Recognition) technology, the data from the user-uploaded document will be extracted and verified by the system for the purpose of age verification. 

Semantic Analysis

This method of age verification works on the principle which identifies the level of sophistication based on which people having a certain age are highly likely to use different ways while constructing and online profile. Many online companies use semantic-based search algorithms that parse the user-entered information and find out words and terms which are commonly used by minors. 

Biometric Authentication  

Based on the facial biometrics, biometric authentication of online users can be done in combination with the verification of some official identity documents. The facial recognition system will identify the face and verify it against the picture present on the identity document. If both match, an identity will be verified.

Money Laundering and Terrorism Financing are global issues and there is no dispute regarding it. Every year, billions of dollars are lost due to money laundering. According to a study by UN Office on Drugs and Crime, the estimated amount of money laundered worldwide per annum is 2 – 5% of global GDP, or $800 billion – $2 trillion in current US dollars. Money laundering and financing of terrorism have been going on for a very long time. Keeping in mind the immense loss that has to be encountered, global regulatory authorities set up compliances that were required to be followed by all financial institutions and banks. But before going into that detail, let’s get a glimpse of when were the AML and CFT regulations initially introduced?

Background of Money Laundering and the Financing of Terrorism

On 9/11, 2001, a tragic terrorist attack took place in which 19 militants related to the extremist group al Qaeda hijacked four airplanes and administered suicide attacks against targets within the United States. Two of the planes were flown into the dual towers of the World Trade Centre in New York City, a 3rd plane crashed into the Pentagon just outside Washington, D.C., and the fourth plane crashed in an open field in Shanksville, Pennsylvania.

Approximately 3,000 people lost their lives during the September terrorist attacks, which led to major U.S. initiatives to fight terrorism under the presidency of George W. Bush.

To carry out the attack, the 9/11 planners spent between $400,000 and $500,000, which was majorly provided by al Qaeda. Albeit the origin of the funding is undisclosed, detailed inquiry has unveiled about the financial transactions that supported the attack.

The hijackers and their financial facilitators used the anonymity provided by the international and domestic financial system to channel their funds via a number of hidden transactions. 

Although the existing financial mechanisms of the country were strong enough to prevent the misuse of the system they were not designed to identify and obstruct transactions that financed state terrorism.

This ultimately led to the development of the KYC process and AML regulations as key components of the US Patriot Act, 2001. Later on, in 2005 the Reserve Bank of India made it mandatory for banks across the globe to adopt these guidelines to prevent the financing of illegal activities.

Read more: 24 scammers arrested on money laundering charges

Introduction of Financial Regulations

International authorities such as FATF and world bank are working with national authorities such as GDPR, FinCEN, FCA, FINMA, etc. and state banks to keep a close check on money laundering activities. Most of the countries are following the guidelines of the financial regulatory authorities such as FATF in impeding crimes such as money laundering.

The Financial Action Task Force or FATF is a global body that provides suggestions to countries with respect to their efforts to restrict terrorist financing and money laundering. The countries mostly follow the 40 recommendations of the FATF to prevent money laundering.

Governments and financial institutions have huge datasets of information regarding their citizens and these lists are regularly updated.

The lists are provided to law enforcement agencies in case any illegal activity is done by an individual, to bring them under the law. 

Read more: Financial regulators assure further assistance to the industry during COVID-19

Techniques to Counter the Financing of Terrorism

Traditionally, financial Institutions would examine government-issued identification documents like a driver’s license and/or passport. These documents, generally, should essentially display an image as well as other identification data of the individual. Best practices, however, involve the displaying of multiple documents to diminish the risks presented by counterfeit and fraudulently obtained documents.

Read more: The Definitive Guide to Anti-Money Laundering & Countering of Terrorist Financing

In today’s online era, when consumers deeply value convenience and instantaneity, a visit to the bank to line up an account may be too inconvenient. So why create difficulties for customers, and asking them to physically present themselves, when there are easier and convenient ways to verify themselves online?

Identity verification service providers have built digital identity verification software that seamlessly authenticates the identity of individuals in a couple of seconds. These systems usually involve the use of cutting-edge AI technology that digitally verifies if the individual actually is who they claim to be or not. To make it certain, the software requires the user’s identification details which could be done through facial verification, document validation, address authentication, 2-factor authentication, and consent verification. These digital identity verification techniques conduct an in-depth analysis of the profile of the users to see if they are involved in any sort of money laundering or terrorism financing activities. 

The software usually attains information from various data sets and sanction lists that are regularly updated by the international authorities. On-going AML checks can also be adopted to keep a close check on the Politically Exposed Persons or people with a history of suspicious activities.

Wrapping Up…

Money Laundering and the Financing of Terrorism are menaces in our society that need to be eradicated entirely. But this cannot be achieved immediately. It takes years of hard work, technology, policy formulation, compliances, and most importantly, the sheer will to fight these hazards. We should all stand united with our authorities and agencies to catch money launderers, terrorism financiers, and criminals. One of the most effective methods of doing this is by incorporating digital KYC verification into our systems and business processes.

Cybersecurity is no more limited to firewalls and antiviruses. It is protecting your system, employees, and customers by implementing security checks at certain touchpoints for all stakeholders, so due diligence is vital to practice robust cybersecurity. Due diligence is also not restricted to just customers but applies to all entities that access your system. However,as customers are the primary source of risk and return, KYC (Know Your Customer) is significant for complete cybersecurity.
Consumers are a vital asset of your company and their security is significant. That’s why companies spend millions on cybersecurity and KYC. But cybersecurity investment is not enough as sometimes long verification processes demotivate customers to leave the platform during onboarding. Faster and seamless KYC integrated with cybersecurity checks proves to be a feasible strategy to fight evolving cybercrimes. 

Due diligence in cybersecurity is a tool to gain the trust of all stakeholders

Cybersecurity if grouped with customer due diligence helps fight fraud and enhance the customer experience. A research found that 88% of consumers say their perception of a business is improved when a business invests in the customer experience, namely security. 

Adil Advani of Pure VPN considers cybersecurity a means to gain customer trust by making them feel secure in sharing their data with the company. He states, “Due diligence is a routine part of any acquisition. Identity verification is very important these days due to an increase in cybercrime. Customers, partners, shareholders, and prospective employees want evidence that the organization can protect its sensitive data. Without a cybersecurity policy, an organization may not be able to provide such evidence.”

Pair cybersecurity checkpoints with KYC to fight payment frauds 

David Bell from Country VPNs recommends using several KYC checkpoints along with other cybersecurity practices to fight payment frauds. “We implement a combination of KYC tactics like asking security questions, assessment of customer’s IDs through artificial intelligence, verify customer’s biometrics, and even use social media for verification purposes along with the more formal database. Businesses should pair databases with KYC checkpoints and fraud prevention technology to prevent being exploited by cybercriminals.” 

Cybersecurity aligned with regulatory requirements is the key 

Cybersecurity practices reap benefits when KYC practices are aligned with KYC and data protection regulations. Cybersecurity and customer due diligence need to be practiced while taking necessary measures to secure customer data as well. 

Dan Blum, Principal Consultant at Security Architects Partner stated the significance of data protection in KYC and cybersecurity and said; “Service providers must protect the value of customer’s information systems or data, as well as customer privacy rights using sound, risk-based cybersecurity practices as a matter of due diligence. KYC requirements must be aligned and balanced with a good understanding of the laws and business requirements.”

Peace of mind for you and your customer

Cybersecurity is essential and becoming inevitable with the evolution of technology. Primary business operations are going through a technological shift, proactive risk prevention and backup are crucial to sustaining technical growth without affecting customer experience. 

“It is an important part of preventing cybercriminals from committing crimes such as money laundering by implementing methods such as document checks or facial recognition. KYC creates a layer of protection that gives both you and your customer peace of mind about the safety of their data. KYC, therefore, creates an all-round better security practice by protecting the company, the company’s reputation, and your consumers.” said Will Ellis, Founder of Privacy Australia and IT security consultant.

Customer due diligence helps in securing systems

Data collected during customer due diligence provides reliable information for the customers which can be used to trace them when needed. It helps in securing the system from data breaches by only allowing access to reliable and verified users, it further streamlines the security operations of a company and makes them transparent enough to identify any threat.

“When it comes to cybersecurity, verifying users and gaining a reliable source connection is something that is crucial to maintain safety and privacy when online. By applying customer due diligence to cybersecurity it gives a right for the wanted user to be located which then helps by acknowledging potential security breaches that can then be reassessed later. This helps to control internal data and manage customer information more efficiently which can create a better flow within a company. It’s important to include customer due diligence in cybersecurity to have full say in what is going on in the systems.” said Ludovic Rembert, founder of Privacy Canada.

KYB is also vital for fraud prevention

Due diligence is not limited to individuals but extends to business entities related in B2B relations. When acquiring or partnering with a company it’s necessary to review their data protection and cybersecurity practices as a risk prevention measure. 

Sophie Summers from Rapid API highlighted the significance of KYB (Know Your Business) screening in B2B relations, either a company is acquired or partnerships are planned. “It is best to find out whether the target organization has the basic blocking and tackling in place to prevent, detect, and respond to cybersecurity incidents. Additionally, look for their secure backups to recover from unfortunate events.”

Cybersecurity practices if executed wisely reap several benefits.  Customers regard these security practices of their companies if done swiftly through advanced technological solutions. Otherwise, KYC and cybersecurity which demand more time and effort affect customer experience and lead to cart abandonment and reduce customer value.

The expert insights show that KYC is an unavoidable part of cybersecurity and it’s more than just customer due diligence. It helps prevent financial fraud, identity frauds, cyberattacks, data breaches, and unauthorized access to your system or your users’ accounts. 

  Due to the spread of the coronavirus, the world adapts to new ways of working. Cyber criminals are proving themselves as adaptive as ever at finding innovative ways to exploit new cybersecurity vulnerabilities of businesses. These criminals are coming up with different tricks to exploit a system in this pandemic. It is paramount that businesses look for ways to better understand the risks to their organizations and learn how to mitigate or eliminate those risks.  

Cybercriminals are continuously exploiting the ongoing pandemic and fulfilling their malicious intent. In this pandemic, cybercriminals are taking advantage of the situation escalating their malicious activities. According to the “100 Days of Coronavirus” report by Mimecast, malicious cybercrime activities have increased significantly by 33% from January to March 2020. 

This situation is alarming, businesses need to take proper steps for cybersecurity to mitigate the risk of cybercriminal activities. In the name of updates about coronavirus, many fraudsters are becoming successful in identity theft, data breaches, and other online scams. Following are the three ways how businesses can stay a step ahead of such activities in this pandemic:

Guarding against coronavirus phishing attacks:

According to a report, 71% of cybersecurity professionals have reported an increase in security threats since the virus outbreak has shaken the world. The top of these threats includes phishing attacks-fake emails sent for coronavirus updates supposedly sent from well-known companies in order to induce individuals to reveal personal information. Among the other, most common threats are malicious websites (32%), malware (28%), and ransomware (19%) as per experts. 

Cybersecurity threats are not a domestic issue but span across all countries and impact all sectors. Businesses need to learn how to better prevent attacks and protect themselves. In fact, in a recent Federal Bureau of Investigation (FBI) report, the agency reported that cyber actors have engaged in phishing campaigns by deploying ransomware at medical facilities and by creating fake COVID-19 websites that quietly download malware to victim devices. This underscores the importance for businesses to use cybersecurity best practices, such as:

• Rule and Policy for Telework:

Make rules or policies for telework for your business, and make sure the employees comply with them. Businesses offer differing guidance on bringing your own device (BYOD), so be sure you comply with your organization’s policy.

• Strong Security of Internet Connection:

Businesses need to protect their digital communications from eavesdropping. Configure your home Wi-Fi router for strong security and ensure it is protected with a hard to guess password.

• Secure Virtual Private Network:

Businesses having a virtual private network client, have to use it on their telework device. Enable basic security features (e.g., antivirus, multi-factor authentication) if using personal devices.

• Keep Updated Softwares:

Keep all devices patched and updated in your organization to combat certain cybercriminal activities.

• Do Not Open Suspicious Links:

In these moments it is best to be cautious and verify identities. So do not click on any links or open any attachments that you find suspicious and were not expecting. To assist in this regard the Australian government has a website that gives information on how to prevent phishing attacks and know which elements in emails set off alarm bells. These are enlisted here:

• Requests for money, especially if urgent or related to overdue bank account changes.
• Suspicious or Unwanted Attachments.
• Requests to check or confirm login details or credentials.

Ways to conduct safer meetings

As many companies shifted to remote work cybercriminals also understand that the physical IT infrastructure for many companies has shifted tremendously. Securing online meetings are a top concern for remote workers. As even by now many software have fallen foul of privacy concerns like Zoom. So always use your organization’s approved web conference platform to avoid data breaches and other online scams. 

• Use digital identity verification to authenticate new participants as they join in.
• Keep on changing the passwords.
• Do not record the meeting unless necessary. 

As the way businesses work has quickly evolved, so cybercriminals’ tactics have become advanced too for exploiting these new ways of collaborating. This means it’s especially important to rely more closely on existing cybersecurity standards.

Integrate Identity Verification Solutions:

The pandemic is affecting businesses globally. Digital transformation is substantial for every sized business during this pandemic to continue their activities. To ensure customer sustainability in this challenging time, digitally active businesses are playing best to fight risks of digital security. Businesses can verify their customers online by deploying eKYC practices.

eKYC ensures customer identity verification online by document verification using OCR technology and video KYC verification process. Such identity documents include ID card, passport, driving license, etc.  By verifying customer information through these documents, businesses can operate seamlessly. The process is simple and the information from the documents is extracted using OCR technology and the identity is verified based on that data by screening it against sanction lists and PEPs.

A video KYC is another method in which KYC business experts connect the customer on a video call and conduct the process of customer verification which includes both documents and behavioral verification of the customer. In this way, all the customers can be authenticated to shield the scammers away from the system and add an additional layer of cybersecurity.

Moreover, biometric technology can be used to enhance the authentication process. By using 3D liveness detection features of facial reaction technology individual’s real presence can be authenticated to mitigate the risk of deep fake or spoof attacks. So in order to comply with regulatory authorities and to authenticate an individual for cybersecurity measures businesses need to have proper identity verification solutions integrated into the system. This will screen out all cybercriminals and businesses will be a step ahead. 

In Europe, new customer authentication requirements for online payments were introduced on September 14, 2019. These requirements were part of the Second Payment Service Directive (PSD2) which are expected to be enforced by 2021. As per news by SiliconCanals, the internet commerce of the EU is expected to grow about 1 trillion dollars by 2022 and along with this, online fraud too. According to the European Central bank, every year online fraud on the EU cards is estimated to be about €1.3 billion. The increasing incidences of online payment scams call out stringent regulations in place that could help curb the fraud density. 

Digital payment scams and fraudulent transactions increase friction in the digital environment that ultimately becomes the reason for the reduced number of online conversions. According to a survey, 77% of online merchants are under the threat of digital payment fraud. These list of frauds include stolen or counterfeit credit card fraud, card skimming fraud, false chargebacks, and gift card fraud.

Stronger Customer Authentication or SCA applies to customer-initiated online payments which means that SCA covers all bank transfers and digital card payments. The purpose of SCA is to provide stronger authentication in the checkout process regarding online payments and customer authentication. 

Elements of Strong Customer Authentication (SCA)

The authentication process should include two of the following attributes (which is also known as two-factor authentication): 

Knowledge: It corresponds to something that the user knows. For example, it could be the PIN, passwords, or any secret key required to access the account.

Possession: It is something that the customer has. For example, it could be a smartphone, token, or a smart card. 

Inherence: It is something the customer is. For example, biometric elements such as face biometrics, voice patterns, fingerprints, etc.

Lack of authentication measures in place can increase the number of credit card fraud that comes up with multiple facets. 

To protect the online payments and transaction processes, it is crucially important for organizations to employ stronger authentication mechanisms as per the recommendations by EBA. It states that the person who is claiming to be some identity is actually the person to whom that particular identity was assigned. Thus identity verification requires any of the two aforementioned elements for successful verification of an online identity. 

Among these SCA elements, two are considered that questions the user what he knows and what he has. These two attributes correspond to the PIN, password, or 2-factor authentication that is based on an SMS which is been sent on the mobile number of user for verification purpose. However, these methods are prone to cyberattacks, large scale data breaches, and phishing scams which can be mitigated by including another SCA attribute that is “who the customer is”. With this, customer identification can be done through biometric verification that aligns with the need of verifying “the customer is who he claims to be”.  

Accomplishing SCA through Biometric Verification

Biometric attributes such as fingerprints, face, iris/retina, voice, and similar unique biological traits are the strongest modalities of customer authentication. The increase of biometric technology on smartphones, thus, has made it possible to verify the online customers performing digital transactions. Biometric authentication verifies the customers against their facial biometrics. The facial features are detected and verified against the information stored in the database previously at the time of account registration. 

The Biometric verification process ensures SCA while keeping intact the seamless customer experience and high online customer conversion rate. Biometrics eliminates the overhead of remembering PINs and passwords, provide high-end security over user accounts, and a robust authentication process.

Benefits of SCA 

In this globally digitized world, there is a wide array of challenges among which digital accounts security and customer experience are the primary ones. SCA, therefore, provides the following benefits to cope with them in an effective manner:

• Reduces the damage of fraudulent transactions
• Secures digital payment services
• Reduces the potential of online payment scams and frauds
• Ensure PSD2 compliance 
• Increases the confidence of cardholder in using online payment services

SCA requires advanced identity verification measures that could verify the identity of customers online in an efficient way, secures the digital payments services platforms against an array of digital frauds, and enable digital financial businesses to secure customer acquisition along with a high online customer conversion rate. 

While the terms AML and KYC are used interchangeably, there is a huge difference between the two. AML refers to an overarching framework of governance. KYC is part of that framework.

AML, which stands for Anti Money Laundering, involves the enforcement of different rules, regulations, and procedures designed to prevent criminals from covering funds they obtained illegally and presenting them as legitimate income.

KYC, or Know Your Customer, is a set of processes, apps, and tools created to help banks, similar financial establishments, and vendors to gather and validate information for their customers’ information. The usual process is to require customers to supply proof of identity and proof of address along with a recent photograph.

The problem with AML and KYC workflow management is that most AML compliance programs are manual. A typical AML process is thorough, intensive, and complicated. As anything manual, there are potentials for errors and lapses. The good news is that solutions are now being developed to improve AML/KYC enforcement and compliance, including the creation and utilization of AML/KYC workflow management software.

Technology is expected to simplify AML/KYC workflow management. Here are some of the ways:

 Automation combined with AI

Banks and other financial institutions are tasked to ensure that all transactions they facilitate undergo constant and scrutinous checks and review based on the prevailing AML guidelines.

It entails accessing and evaluating relevant data from various sources, examining historical alerts, and searching for negative information on customers and their counter-parties through public domain searches.

Doing all these things and more really requires a significant investment in time, resources, and manpower.

KYC/AML screening solutions powered with Artificial Intelligence (AI) are the fastest and most feasible substitute for manual KYC. Software project management teams in cooperation and collaboration with AML/KYC compliance experts are working hand in hand to develop automation software with AI functionality. 

A certain case where KYC automation with AI was implemented resulted in faster processing of KYC documents and a significant reduction of manual resources. The organization saw its average KYC document processing time reduced from 18 minutes to less than a minute. Automation with AI also improved their processing scale to 0.8 million KYC documents per day.

Shufti Pro can help fight identity fraud with its various verification tools such as face verification, document verification, and AML screening, etc. It uses AI and machine learning to remotely verify IDs through online document verification. Moreover, AI can check even the authenticity of the machine-readable zone (MRZ) code and determine if it was tampered or edited. Forgery and photoshopped documents are also detected by even the slight changes in pixels, which would not be spotted using the naked human eye.

Advanced Liveness Check

Identity verification is a huge part of the KYC process. Leaps and bounds in communications and mobile technology have allowed banks, financial institutions, and other businesses to verify the identity of their customers via liveness checks using computers or mobile phones.

Shufti Pro’s face verification solution does liveness detection, 3D depth perception, fake image detection, human face attributes analysis, and microexpression analysis, among others. This helps you make sure your customers are real in a timely manner while eliminating false negatives. Equipping your business with identity theft protection is crucial to prevent common security issues.

There are proven ways to circumnavigate this particular part of the identity verification process. One example is holding a high-quality image of a person to the camera to pass the verification stage. Other reports involved showing a pre-recorded video to fool the system. 

It’s given that the liveness check is just a part of the identity verification stage. But imagine the good it can do to your AML/KYC processes if you have face verification in your AML/KYC workflow. 

 Mobile KYC

Every day, customers engage in various business and banking transactions like online shopping using their mobile devices. And their numbers grow exponentially as time goes by. 

Onboarding online customers and accepting payments is made easy with real-time KYC screening. It enables you to practice KYC/AML  screening without affecting customer experience. Especially during the current crisis of COVID-19, the need for remote due diligence has increased. Businesses are struggling to maintain the productivity of their employees due to remote work while performing remote KYC for the first time. This scenario has increased the problems for businesses, and an online KYC screening solution can help in combating fraud and automating customer due diligence. 

Mobility is even more important now with what the world is experiencing right now because of Covid. That’s why it’s also essential to protect your security even when your team is working remotely. 

Blockchain for AML/KYC Compliance

There is a huge debate on whether blockchain technology is the future of AML/KYC compliance. It is a polarizing technology that has placed a great divide between those who oppose it and those who believe it can radically revolutionize AML/KYC.

But one thing is clear, banks and other financial institutions are spending millions on AML/KYC compliance and they are looking to reduce their costs while running more effective compliance programs. The Thomson Reuters 2017 Global KYC Surveys reported an increase in spending on AML/KYC-related procedures. From $142 million in 2016, the figure rose to $150 million the following year.

Proponents of utilizing blockchain technology, or specifically the distributed ledger technology (DLT), will enable the smooth and seamless sharing of information between financial institutions and regulators. This will result in the faster delivery and verification of KYC data and reduce the time spent on the manual reconciliation of documents.

DLT is also believed to speed up compliance efforts by encouraging and empowering financial institutions to coordinate and cooperate by making their AML/KYC compliance data available for sharing, especially in transactions that involve multiple banks. Such set up allows financial institutions to access data to verify available information rather than independently gather and validate data from scratch.

Secured risk management

Today’s security threats are more advanced. That is why organizations should utilize a strong risk management framework. With seamless identity verifications, monitoring and investigation tools, you can improve your workflow management. You can tighten your IT security with security software tools, that help in proactive risk management. 

Digital fraudulent activities are rising with every passing day, businesses are adopting reactive measures to put a halt on the malicious activities that have taken the internet to storm. To expose fraudsters and scammers digital identity verification solutions are of great help. It’s the goal of every business to identify legitimate customers in an effortless and effective manner. Such innovative solutions are meant to identify and verify each customer while providing a better customer experience. Digital identity verification solutions can completely authenticate an individual in mere seconds saving time and efforts of businesses. According to regulation authorities, it is necessary to authenticate any customer before onboarding them for which KYC verification is mandatory. 

KYB which stands for Know Your Business is another element of identity verification procedure in which businesses need to fully verify the business they are about to deal with. To make sure the other company is real and not a shell company KYB has to be performed. Whereas, KYT which stands for Know Your Transactions, means to have a stringent check over the transactions happening  so you have an eagle’s eye over money laundering activities. We’ll see in detail how these solutions help any business to fight back frauds and save them from plenty of malicious activities like money laundering, identity theft, account takeover, and data breaching. 

A Detailed Insight to KYC & Its Benefits:

To comply with regulatory authorities and to put a defense against fraudsters from entering into the system, customers need to be verified by the business at the time of onboarding. This verification process of customers refers to KYC checks. To trace and tackle suspicious activities and illicit transactions and to fulfill stringent regulations KYC has to be performed by businesses. 

In the KYC process, the customers are required to submit their identity documents which include government-issued ID card, driving licence, passport, and are validated digitally. In Digital document verification, by using OCR technology the information from these documents is extracted and checked in order to identify the individuals. Another form is to complete customer due diligence by Video KYC in which a customer is on a video call with a business representative who asks the customer to upload or show various documents to the camera for validation. This method is quick and not frustrating like manual identity verification. The team of analysts verify each document and assign a risk factor to the customers based on the predictions from the data. Depending upon the predictions and risk factor, the businesses decide whether to onboard customers or not. 

Read Also: Digital KYC to Trace and Tackle High-Risk Customers

Fraud is like a weed that grows wild and cannot be erupted so it is impossible to eradicate it once and for all. Even in this pandemic, cybercriminals are not stopping and coming up with new tricks to carry out their fraudulent activities. SO digital KYC solutions provide a contactless way to authenticate an identity before falling in the pit of fraudsters. AI-powered KYC solutions use hybrid technology to help  the businesses in recognizing and fighting against fraudsters which are needed more than ever during this coronavirus outbreak. 

A Deep Dive in Know Your Business:

The KYB process is to check if you are dealing with authentic business entities or just the shell companies present on papers only, saving businesses from trusting the wrong entities for partnerships or deals. Many data breach cases in the past have occured due to the reason that companies trusted wrong businesses for their private data without authentication if they are real or not. For KYB, AML checks are performed to make sure that the business you are about to deal with has never been involved in any money laundering activity. Proper document verification is mandatory by the regulators when dealing with foreign entities to authenticate that the company is real and not a shell company. Such verification can be performed in the matter of seconds with the help of digital document verification of the top management through official identity documents and Anti Money Laundering Checks.

To determine the true identity of a verifying business and to check for the financial risk attached to that business digital KYB checks are performed. With Anti Money Laundering services businesses can check the involvement or presence of any official of the company in any watchlist or financial risk database. So it will help the business not to go blind and lose private data and billions in hands of wrong business dealings. 

All About Know Your Transactions:

For banks and other financial institutes, Know your transaction KYT is the process to monitor all the transactions done by the customers to have complete data-centric information. There are major financial transactions happening on the customer account including:

• Cash Transactions(Domestic)
• Trade Finance Transaction
• Card Transactions
• Cross Border Transactions
• Remittances( Inwards and Outwards)
• Bills & LC Transactions.

To identify when any suspicious transaction takes place and to trace money laundering, terrorist financing or any other fraudulent activities such transaction checks play a vital role. If any business is found to be a part of any kind of money laundering activity, it will not only stain their reputation but they will have to pay a hefty fine to the regulatory authority. Digital KYT  is a process to have a proper check to avoid falling in any such fraudulent charge. 

A study revealed, only 5% of the global payments were done through the paper  which  highlights the major change in the payment mix, and growth in the cashless transactions. Business analysts explain this growth in relevance With the advent of online and mobile banking that offers frictionless customer experience, cashless transactions have become very common. So KYT is the need of the hour for constant monitoring of the transactions for fraud detection and to make you businesses free from fraudulent activities. Businesses can always stay a step ahead of cybercriminals if they have proper checks and solutions to perform identity verification of individuals. 

Online identity theft has the fastest growing crime rate in the world. According to a report, only in America, more than 12 million Americans become the victim of identity fraud every year.

In this cyber focused 21st century, cool digital products and the internet opens a world of easy access to information, entertainment, knowledge and other services. But this cyber gateway also opens a possibility for personal information to fall in the wrong hands and anyone could become a victim of online identity theft. Even a simple looking interactive social bot could become a cause for leaking information to the third parties. 

Cybercriminals particularly steal information and use it for malicious purposes such as getting access to bank accounts, credit cards and making online transactions on someone’s behalf. In short, identity theft may cause tremendous damage costing thousands of dollars and may take several months to resolve.

The worst consequences of identity theft includes causing severe reputation loss and damaging credit scores. In this article, we’ll shed light on what identity theft is and how businesses can help prevent losses due to online identity theft.

Where the old method of identity theft includes fraudsters going through trash cans looking for information or old bank statements, modern identity theft happens online. 

Cybercriminals use various methods to access businesses or websites databases or infect an individual’s device to obtain sensitive information. There are five common types of identity theft, namely;

Criminal identity theft

This happens when a criminal pretends to be someone else in order to hide their personal information. By doing this, criminals try to avoid prosecution and hide prior warrants and conviction records.

Financial identity theft

Financial identity theft happens when criminals obtain someone’s financial information in order to obtain money, products or other financial benefits. Another threat from financial identity theft includes money laundering. Criminals illegally obtain personal information and use it to create accounts which are then used to launder money. 

Typically, the purpose of stealing someone’s financial information is to conduct financial crimes online. Financial identity theft is the most common type of identity fraud.

Medical identity theft

Medical identity theft happens when a perpetrator pretends to be someone else in order to get health benefits, free medical care or getting restricted medicines. This is one of the most critical forms of identity fraud and probably the hardest one to find out. WHO finds medical identity theft to be a dangerous crime stating it as “The information crime that can kill you.”

Minor identity theft

Child identity theft represents a situation where fraudsters steal children’s identity information for numerous personal gains. According to a study conducted in 2017, out of all the reported breaches, 39% of the fraud victims were minors in comparison with 19% adult victims. 

Most commonly, a minor’s personal information is used to get loans and apply for residence. In most of the cases, a minor’s identity is used by someone close to the minors.

High-tech identity theft

With the advent of technology, we enjoy a lot of facilities, however, on the other hand, criminals use technology to get access to personal information and use it for malicious purposes. High-tech identity theft has become one of the growing problems.

This type of identity fraud is most commonly used by hackers who install malicious software into computer devices to get access to public records and personal information.

Most common methods of online identity scams

Although it’s difficult to identify a scam method that fraudsters may use but here are some of the commonly used identity theft methods:

Phishing

Phishing is a tactic used by fraudsters for sending emails to thousands of individuals with the purpose of tricking the recipients into performing an action. Hackers send these emails to random individuals but also target specific persons in some cases. 

A phishing email tricks the recipients into opening a link that contains malicious software or redirecting to a real website look-alike and when the person enters their credentials into such sites the information is redirected back to the hackers. 

The stolen information is then used to register credit card accounts or get access to the financial information of the victim. Even though it’s really hard to stop such emails landing into your inbox, by taking safety measures one could prevent becoming the victim of such attacks.

Imposter

In such attacks, fraudsters get access to someone’s social accounts and by pretending to be that very person tries to trick the person’s in the victims’ friend list to share their personal information. 

Fake online profile

Scammers use different tactics to scam people online, one of these tricks is creating fake online profiles and pretending to be working for a bank or a financial institution. The scammers then send messages to people about their accounts, payment issues, and attach a link that takes the victim to a malicious website. These kinds of scams are increasing as more and more people are interacting online. 

Pharming

Pharming websites are a bogus version of legit websites. Fraudsters have access to the website’s server and install a redirect address to the bogus version of the website. Upon surfing the bogus version, the user is asked to enter personal information. This information is then used to commit identity fraud.

How businesses could protect against online identity fraud?

Identity theft is a growing concern as cybercriminals are gaining ground and coming up with new ways to get identity information online. However, businesses can always stay a step ahead by adopting some precautionary measures. 

Some of the precautionary measures that businesses could adopt are:

Adopt and adhere to stringent cybersecurity practices

In most of the cases, data breaches become the source for cybercriminals to attain PII. If online businesses adopt and adhere to strong cybersecurity practices, these data breaches could be prevented to an extent and by using high end-encryption the data could be protected.  Adherence with data protection regulations such as GDPR and CCPA could help businesses securely maintain customer data. 

Use online identity verification solution

Online identity verification is by far the most secure method to identify a legitimate user and deny fraudsters the access to use your platform for malicious purposes. Online businesses should adopt identity verification solutions to verify the identity of each onboarding entity. Businesses such as e-commerce platforms, online banking, and fintech could adopt online identity verification so that fraudsters won’t be able to use the stolen identity for making purchases or opening bank accounts for malicious purposes.

The pandemic continues affecting businesses and consumer operations along with having economical and political turmoil globally. Amid all the hype, digital transformation has become substantial for every sized enterprise to continue their activities and ensure customer sustainability in this challenging time. The already digitally active businesses are playing best to their strengths. They are adopting advanced solutions to fight against the risks of digital environment security. On the other hand, the digitally excluded businesses are increasingly pondering digitization to continue the sales and mold strategies according to the global lockdown situation.

Impact of COVID on Enterprises

The lockdown all over the world has halted business operations. Among all, the travel industry is the one badly hit by the lockdown situation. The global travel business sector is expected to compromise a revenue of about 820 billion dollars in which China is actually accounting for nearly half of this loss. Since the COVID-19 outbreak, It noticed a 95% decrease in business travel and it is expected to lose about 404.1 billion dollars of revenue from corporate travel.

As per the analysis report of GlobalData Disruptor Intelligence Center, the enterprises are deploying digital tools to maintain their businesses across a variety of functions such as sales & marketing, supply chain, customer management, and operations & maintenance. The report by the influencer marketing hub shows that an increase in digital consumer buying activities is seen amid coronavirus. A 161.4% increase in the overall supermarket websites’ traffic is noticed during the lockdown which on one hand is a good spike from the sales point of view but on the other hand, increases the chances of an array of digital frauds. 

3 top online businesses’ operational transformations

1. From manual KYC to eKYC

The pandemic has affected the banking sector and similar businesses whose regular operations require KYC (Know Your Customer) practices for the purpose of customer identity verification. However, the situation does not change the regulatory requirement of KYC compliance for the financial sectors. Instead of manual KYC, businesses can verify their customers online by employing eKYC practice. 

eKYC ensures customer identity verification online through online document verification and video KYC verification process. Through identity documents such as ID card, passport, driving license, etc. financial institutions operating in a digital environment can continue the business operations seamlessly by verifying the customer information through the uploaded document. The process is simple.

The user will upload an identity document online. The system will extract the information from the document (in which Optical Character Recognition (OCR) technology is used) and verify the information. Another eKYC method corresponds to video KYC in which KYC experts connect the customer on a video call and through a formal conversation conducts the process of customer verification which includes both documents and behavioral verification of the customer. 

2. Payments going contactless

To maintain social distancing, the digital payment services providers have become active as, amidst the COVID-19 outbreak, a spike in online transactions can be seen. A 23% increase in e-commerce transactions is noticed in the period of March 11 to 18. However, during this, the online payment scams have also increased. 22% of respondents are targeted by digital fraud amid coronavirus.

Digital businesses providing payment services to customers require a stronger user authentication method to mitigate the risks of facets of identity fraud, money laundering, and other financial crimes. The concept of contactless payments emerged from the aim of reducing the spread of coronavirus and decreasing physical contact as much as it could be possible. This increases the demand for digital payment services where people can easily pay bills and transfer funds. The fraudsters roaming in the digital world are vigilant in exploiting loopholes to get illegal benefits in the form of money or free services.

Due to the contingency caused by the rapid expansion of the Covid-19, online transactions have increased.  Digital payments are gaining hype due to precautionary measures of not using cash and to stay at home. 

However, the number of cyber fraudsters also increased, operating from sending an email requesting money for an emergency to scammers asking for donations posing as a legitimate medical organization or financial institution.

As cybercriminals become more creative in committing digital payment fraud, the best way to protect yourself from them is to stay informed. According to the Data Breach Index, more than 5 million records are being stolen on a daily basis, a concerning statistic that shows that fraud is still very common both for Card-Present and Card-not-Present payments. In this article, we will discuss 4 types of digital payment fraud and how to prevent these frauds.

 How to prevent fraud in digital payments

Despite what we can imagine, fraud in digital payments is relatively abundant, however, it is possible to take proactive actions to prevent it:

To avoid this, recommendations are as follows:

• Use a chip card when making your purchases at the point of sale, inserting the card in the terminal or using contactless payments in terminals that support this technology. Contact your bank or issuer if they have not provided you with a chip card and/or the technology to make contactless payments.
• Only buy from recognized and reliable websites, entering directly from your browser and not through a link found on the website of a third party or in an email.
• Always make purchases from the websites that support stringent identity verification. 
• Sign up for your bank’s alerts service to receive notifications of your payments or transactions in real-time by text message or email. These alerts allow you to verify the legitimacy of the transactions and contact your bank quickly if you receive an alert of an unrecognized movement.
• Make any clarification about a charge not directly recognized with the merchant only if you identify this establishment or service and make recurring payments on it, such as in transport applications, digital games and subscriptions to television, movies and/or music.
• Contact your bank immediately when you identify a transaction from an unrecognized merchant.

 Learn how to watch out for cyber fraud

Cyber fraud refers to fraud that is carried out on the Internet using some malicious software in order to obtain your personal data, account numbers or passwords.

What can you do to avoid it?

• Never enter your bank’s website from links or quick accesses that come from emails, even if those emails come from your bank.
• Always type the bank’s website address directly into the search engine.
• Banks never request your passwords or financial information through emails. Therefore, do not reply to such emails.
• Do not download attachments from unknown addresses, they may be viruses.
• Try not to use computers or public networks to access your bank’s website or make transactions.

 Manage your email well and avoid phishing

This is a type of scam in which the identity of some entity or organization is stolen in order to reveal your bank details, such as credit card numbers, identity numbers, your bank account, among others.

Most of the time these messages include a fraudulent link but similar to the original. On this fake website that may have a design identical to that of the entity, they are looking to replicate, save the access data you enter by stealing it.

Combat phishing with these tips:

• Any request for personal information by email is considered suspicious.
• Do not respond to those messages, do not press any of their links, or enter information on suspicious websites.
• Verify the legitimacy of the information request by contacting the telephone number of your bank.
• Report suspicious emails or websites to your financial institution.
• Be careful with the phone: sometimes fraudsters call your phone and pose as financial, commercial or even charity entities. Be careful, it may be a fraud.

 Beware of Vishing Attacks

This type of fraud is carried out by means of telephone calls in which the interlocutors pose as representatives of card companies, financial institutions, establishments and other organizations, informing that a payment has been withheld, that a contest has been won, or promotion and that personal and financial data must be given to claim them, which is known as Vishing.

Tips for Overcoming Phone Fraud/Vishing

• The financial institutions never call cardholders to request personal information from their accounts.
• Watch out for notifications that you have won a prize in a contest in which you have not entered.
• Never provide information unless you are the one who initiated the communication.
• Don’t feel compelled to provide card numbers over the phone.
• Ask for details: If the caller can’t answer your questions, it’s a trap.
• Instead of asking for a “call back number, ” look for information about the calling institution, along with your legitimate phone number, on your own.
• Inform your card issuer of these requests for personal information by calling the number on the back of the card.

Businesses, banks, airports, social media platforms, e-commerce stores all need to be sure of the identity of their users to manage risk and to fulfill their regulatory obligations. But fulfilling these obligations is not easy for all the entities, lack of resources, the effect on customer experience, and data security are common problems. Online document verification seems to be a suitable solution for all these problems. It fulfills the regulatory requirements and provides a secure and seamless user experience while practicing robust data security. 

Is there a Need for Identity Verification?

False personation is the offense of assuming the fake identity of someone to obtain a benefit or cause harm to the other person. There are a number of ways a person can be impersonated. It can be as simple as developing a screen name that resembles the victim’s name then posting rude or hurtful remarks while pretending to be the victim, changing another person’s online profile to incorporate sexual or racist remarks or other inappropriate or unpleasant things, posing as the victim during a chatroom or on social media channels. 

It’s illegal to impersonate someone or use their identity for any person and is punishable according to the local or federal law. In 1998, Congress passed the Identity Theft and Assumption Deterrence Act. This legislation created a new offense of impersonation or identity theft, which forbids “knowingly transfer[ring] or us[ing], without lawful authority, a means of identification of another person with the intent to commit or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.” According to the United States Department of Justice, this offense, in the majority of the cases, carries a maximum imprisonment of 15 years’, a penalty, and confiscation of any personal property used or intended to be used for committing the crime.

Instances of identity theft are rising day-by-day. As per the reports of the Federal Trade Commission (FTC), in 2018, about 1.4 million cases of fraud took place, and in a quarter of them, people had lost money. The loss was reported to be about $1.48 billion. 

Role of Document Verification in Impeding Fraud

To prevent the instances of crimes, financial regulatory authorities such as FATF, FinMA, FINTRAC, etc, have set up KYC and AML compliances that businesses are encouraged to adhere to. These regulations guide businesses to conduct proper due diligence of their customers. This is mostly achieved by properly analyzing customers’ documents to authenticate their identity and diminish the chances of fraud and scam. This KYC (Know Your Customer) procedure was mostly done with in-person by banks, financial institutions, government offices, or embassies. However, now thanks to technological advancement, the process is seamlessly done with the help of artificial intelligence-driven identity verification systems.

Now you can do business on your computer and mobile phone and the bank or business representative can ensure that you are who you say you are and your identity is not stolen. 

How do the Digital Document Authentication Scan Documents?

The AI-based software is incorporated into the websites or applications of online businesses. When customers try to onboard themselves on the platform, the software requests them to take/upload a picture of their identity documents in real-time. The software detects the document and extracts relevant information from it using OCR technology. The data is analyzed by the software, which takes a few seconds, and the verification results are presented to the customer. If the information provided was accurate, the customer is allowed access into the platform and vice versa. 

The verification is only done on govt-issued documents such as photo-based identity cards, passports, driver’s licenses, and bank-issued debit/credit cards. The software automatically rejects counterfeit or fake documents. Some of the fake types of documents that fraudsters and criminals mostly use are:

• Illegitimate documents: These documents are completely fake. They include characteristics like missing holograms or other set standards that are essential parts of a legitimate version of that document.
• False documents: This document genuinely belongs to another person and the fraudster tries to use it in an attempt to authenticate himself.
• Modified documents: This is when an ingenious document is altered. This is where the fraudsters change the font and writing style to manipulate the system. 

Is Digital Document Verification really Effective?

The software can effectively differentiate between all sorts of fake, illegitimate, and counterfeit documents. The digital document verification is 98.67% accurate, much more than the traditional manual document verification. It also saves time and resources, allowing customers to verify themselves in the comfort of their homes and offices within a few seconds. The software is empowered to verify 3000 document types from all over the world. This enables it to validate customers having foreign documents from anywhere around the globe. 

Many modern banks, financial institutions, e-commerce stores, airports, etc, are utilizing AI-powered identity verification systems to prevent instances of fraud and scam. This technology not only helps businesses authenticate customers but also enables them to comply with the financial regulatory authorities.