New Rules by the UK Gambling Commission and Their Impact

New Rules by the UK Gambling Commission and Their Impact

The UK Gambling Commission announced new gambling rules earlier this year to make gambling safer and fairer. Since online operators are required to follow these new rules, it has sparked an interesting debate since gambling platforms are to verify the age and identity of customers before they can gamble.

The gambling business is growing at a staggering pace. According to the Gambling Commission, 

“Statistics show that industry profits (1) from the sector have grown 10% to 4.7bn in the last year, and public participation has increased from 15.5% in 2014 to 18.3% in 2017. It is estimated that nine million people across Britain gamble online.”  

Safety for Children

Previously, the customers did not have to verify their age at the time of gambling. They could verify within 72 hours, making it possible for underage participants to enter a game. The operator, however, was not allowed to release the winning unless the person verified their age. And if found underage, they would be denied the winnings.

Under the new rules, the player cannot enter the tournament unless they verify their age. They can’t even deposit funds in their account or use free bets or even play with someone else’s money unless they prove their age.

The rules are much stricter now as it applies to free-to-play games as well. Technically these games do not constitute gambling since there is no real prize money involved, however, legally the underage participants still cannot participate.

Fairer Gambling Environment

There have been incidents where gambling platforms have asked for additional ID information when a winner tries to withdraw. Almost 15% of the complaints were about incidents where people were unfairly prevented from claiming their winnings. 

Under the new rules, all the required information such as name, address, and date of birth, is collected before the customer funds his account. Remote licensees are required to verify these things at the very beginning. If there is a need, they should promptly ask for additional information. 

They are also required to inform the participants about the identity documents and other information they might be required and take any necessary steps to maintain that information. These changes will help prevent fraud or criminal activities. Now the operators won’t be able to come up with excuses of asking for additional information while withdrawing funds.

In general, when the operators have such information, they can prevent harm and detect any illegal activity. 

Another impact of the new rules is that the person will be identified if they have been self-excluded. Verification by operators will mean that unless the customer verifies their details or provides the required info, they won’t be allowed to gamble. The operator can check these details against their own database as well as the one that Gamstop is holding.

How are these changes helping the population?

First, children and minors will be protected from the harmful impact of gambling. Second, people will also be shielded from fraud and other gambling-related crimes. And third, upon withdrawing their winnings the customers will receive those without unnecessary delays.   

Britain is the largest regulated gambling market in the world. It is imperative that it should be held up to the highest standards of regulations. The new rules were proposed after an official review of online gambling. 

In a nutshell, the changes intend to achieve the following;

  • Protect children and ban operators from providing free-to-play games unless the customers’ age is verified
  • The new process should increase the speed and accuracy of age verification
  • Improving the effectiveness of age verification processes
  • Operators can limit the spending of players based on their affordability
  • Ensure that unacceptable marketing and promotions are minimized as much as possible
  • Handling disputes and complaints swiftly and efficaciously
  • Helping customers with better interaction who might be experiencing (or on the verge of facing) gambling-related problems.

Of course, the reviews and improvements will not stop. We can expect more changes and going forward. For example, the gambling commission will likely suggest improvements in gambling-related products.   

Other suggested improvements for the future, mentioned in the UK’s gambling commission website are;

  • Reviewing requirements on the protection of customer funds. This also entails evaluating the current protection measures and checking dormant accounts
  • Examining the limits of gambling credit
  • Analyzing changes to make sure that consumers can easily withdraw funds

Why the Need for Changes in Rules?

Simply put, the old rules had loopholes that were not in the customers’ best interests. For instance, three companies (Daub Alderney, Casumo and Videoslots) were fined a total of £14m for failing to implement effective measures that prevented money laundering and protected customers from gambling-related harm.  

As an extreme example, the gambling license of CZ Holdings was revoked after their license review. The company is now banned from providing gambling services in Britain. 

The crackdown is not unjust since the old form of rules was simply being followed in letter but not in spirit. Neil McArthur, the Commission CEO, is taking a strict stance on the rules. He mentioned that it is not enough to simply put policies in place, the participants need to understand the rules and should take responsibility for following and implementing them.

The following is a snippet of the changes in the rules, and compares them with the old ones;

Change Previous New
Age Verification Online operators have been allowed 72 hrs to carry out age verification checks, which gives a slot to underage participants to gamble   Operators are obligated to verify the age of participants before they can deposit money in their account
Identity Verification Gambling operators were not required to check for KYC (know your customer) before depositing money in the account, only after the participants have gambled Operators are obligated to verify the name, address and date of birth of the player before they allow them to gamble
Eligible Games Not mandatory Underage participants are not allowed to play free gambling games (even though no money is involved)

When KYC is in check, it gives the operators more leverage to protect participants from harm. These checks also protect the participants from manipulative operators who try to put hurdles when withdrawing. Since the ID and related info is already submitted, it means that the operators cannot demand it when someone wins the bet.

Under the new rules, the shady online operators who demand unnecessary identity checks only when the customer tries to withdraw winnings cannot exploit the system. Just because of the new rules 15% of complaints regarding this particular issue can now be resolved. 

What this means is that the operators need to check someone’s age before they gamble and not after. This deterrence prevents children and underage individuals from gambling online, and hence, inhibits gambling-related harm.

The UK Gambling Commission has not prescribed exactly how the procedure should be carried out. But then this discretion should not give them freehand, as they have to comply and implement the rules to the best of their abilities.    

A Short Intro to the UK Gambling Laws

The new legislation aims to protect children and illegal gambling. It also assists gamblers to make safer bets and protects them from gambling-related fraud. Moreover, it protects children and people under self-exclusion options to help them overcome gambling addiction.

According to the definition of Gambling Act of 2005, it is “betting, gaming or participating in a lottery.”

Then there are six main types of gambling;

  1. Arcade: Adult and family games 
  2. Casinos: Both online and live casinos
  3. Lotteries: This includes tombolas, sweepstakes, and raffles.
  4. Betting: Online or bookmakers
  5. Bingo: Online and bingo halls
  6. Gaming machines: Examples include betting and fruit machines.

With the exception of arcades all gambling portals are regulated. Arcades are partially regulated. AGCs (gaming for adults) and FECs (gaming open to families) require gambling licenses from the Gambling Commission. UFECs (arcades that are open to families but do not serve alcohol) only require a local permit.

The latest risk rating by the UK Gambling Commission is as follows;

Gambling Sector Current Overall Risk Rating
Remote (casinos, bingo, and betting) High
Lotteries (remote and non-remote) Low
Gaming machines, technical gambling software (remote and nonremote)  Medium
Casinos (nonremote) High
Bingo (nonremote) Medium
Betting (nonremote) On-course Low
Betting (nonremote) Off-course High
Family entertainment centers Low
Arcades (nonremote) Medium

This classification helps in understanding the new rules and their needs. It also helps to see the areas where the Commission is focused on. 

In this risk-based supervision and risk management, digital identity services will be promoted. The entity responsible for risk management is the Gambling Commission among others. The due date is set for October 2019. Also, enhancing overseas capabilities on an ongoing basis is on their agenda. 

Her Majesty’s Treasury (HMT) will be working with the New Digital Identity Unit along with private and public partners to promote digital identity services.    

What is the minimum age to legally gamble in the UK?

One needs to be at least 18 years old to legally gamble, be it online or live. Gambling operators, sportsbooks and online casinos are legally required to confirm that the participant is at least 18 years old. They usually confirm the age through ID and other supporting documents, if the need be.

An exception here is that 16-year-olds can participate in lotteries, football pools, and scratch cards. 

What will happen if an operator does not verify the age? 

The UK takes gambling violations very seriously. The players will not be given their winnings if they get caught. It means that the players must take it seriously that when they read “you must be 18 years old to access this website.”

Here is a short table that compares the legal age for gambling in different countries. 

Country Legal Age for Gambling
Germany 18 or 21 depending on the state
Greece 21
France 18
United States 21

The Rules regarding Lottery are a little Different

The UK’s National Lottery follows stricter rules. The lottery has been running since 1993 and includes different games like Lotto and Thunderball. Gamblers in the UK can participate in pan-European and EuroMillions lottery, which include nine different countries.      

Please note that 28% of the lottery prize goes to “Good Causes,” and this has raised over £40 billion to date. 12% of the prize pool goes to the state and 15% covers the cost of running the lottery and selling tickets. 

According to the Uk Gambling Commission Act 2005, the list of offenses is quite long. Here we share a small part of the major gambling-related offenses.

Offense Fine
Gambling by an underage individual £1000
Employing an underage person to provide gambling facilities 51 weeks in prison and/or £5,000 fine
Cheating, attempting to cheat, or assisting 

someone to cheat at gambling

51 weeks in prison and/or £5,000 fine
Operating gambling facility without 

A licence or permit

51 weeks in prison and/or £5,000 fine
Violating advertising regulations 51 weeks in prison and/or £5,000 fine
Offering a machine without a licence or permit 51 weeks in prison and/or £5,000 fine

Let’s review the new rules by UK Gambling Commission to license conditions and codes of practice (LCCP) and their implications. These have risen the standards for alternative dispute resolution (ADR). More importantly, these have boosted the obligations regarding how licensees interact with those customers that might be at the risk of gambling-related harm. 

The latest changes will be applied later this year and the next year.

Changes to Alternative Resolution Providers (ADR)

The new rules make it an obligation for gambling businesses to only use those ADR providers that meet the additional standards along with the ADR regulations. Customer service, governance, and decision making fall under these additional standards. This makes the role of an ADR provider clearer. It also reassures the customers that the provider is objective (independent of gambling operations).   

The gambling operators are also required to interact with customers that might be vulnerable to being harmed. This has strengthened the requirements to interact with the customers.   

Note that these rules will come into effect on 31 October 2019.

The commission aims to make operators more responsible and encourages them to cooperate under voluntary arrangements for research funding. The funds will go to the  National Strategy to Reduce Gambling Harms in Britain. This aims to support greater transparency of the funds that the gambling businesses contribute over time.

These rules regarding operators and their contribution to research, prevention, and treatment of gambling fraud/harm will come into effect on 1 January 2020.

The Easiest Way for Gambling Operators to Comply with the UK Gambling Commission New Rules

At Shufti Pro, we excel at real-time age and identity verification. Our mission is to follow and assist in implementing KYC and AML (anti-money laundering) regulatory compliance. Read our blog post for details on how we provide age verification for online gambling platforms.

We normally perform age verification immediately after completing the online identity verification. 

Identity verification is a multistep process where the end-user (gambling player in this case) is assessed for authenticity. This also helps establish the fact that they are who they claim to be. Once this is done, we can move on to age verification. For this, we normally require a government-issued ID document. Usually, driving license, ID card or a passport is used to verify age.   

With optical character recognition (OCR) we readily extract information from documents. This works so well for operators since they can perform age verification as part of the identity verification. 

Merchant identity proofing: building trustworthy B2B relations

Merchant Identity Proofing: Building Strong B2B Relations

Identity Proofing: The success of e-commerce has been very remarkable. It is expected that global e-commerce sales will reach $632 billion by 2020. There was a time when only a few huge names were present on online platforms securing a huge customer base. The evolution of global markets and the integration of the customers and markets from around the globe have raised the competition in the market. When a consumer or a business search online for its need there are plenty of solutions provided by plenty of businesses from every corner of the world. The times are long gone when only a few market makers were present online and were considered trustworthy. Nowadays the businesses are building global B2B relations. The world has evolved into a global village and it has generated numerous opportunities for legitimate businesses and fake merchants. The businesses are keen on acquiring global merchants while controlling their costs and increasing their revenues.
Often the merchants oversee the threat of acquiring fake merchants due to the low prices and fake promises made by those fake merchants. It is a common belief that the businesses only need to perform KYC and AML screening on their customers and only the customers are posing threat towards the businesses operating online. The scenario is quite different the businesses are also exposed to a global merchant base. The merchants from every part of the world are pitching in a very attractive way for their businesses and many of them are fake. Many are using stolen merchant identities to build credibility and many are using marketing techniques to trap businesses into their fake merchant portfolio. It is necessary for businesses to know their partners and their merchants.
The merchant of a business is not only providing services or goods it becomes a part of the organization. And the organizational credibility is most likely to be affected if the business builds B2B relation with fake merchants, whose aim behind the business relation is monetary gain, money laundering or even worse, i.e. terrorist financing.

How fake merchant fraud can affect your business?

Fake merchant fraud works in two ways. Either the criminal steals the business identity proofing of a merchant or builds a fake identity using the stolen credentials of a person. The fake merchants pose huge threats to the businesses. The fake merchant fraud could cause revenue loss, loss of credibility, unhappy customers and regulatory penalties.

Fake merchant and hidden beneficiaries:

The money launderers and criminals build fake businesses and use the platforms to wash their laundered money. These businesses perform normal business operations and build B2B relations with other businesses. Do not fall prey to their trap of attractive and promising marketing techniques.
The businesses around the world are bound by corporate social responsibilities. Raising charity for orphans and giving shelter to the needy are still very worthy acts that add a lot to the value of the company and enhance the company profile. But imagine how much of bad fame a business would get if it is found to have B2B relations with a business owned by terrorist financer or a money launderer. Running an in-depth identity verification and AML screening on a merchant can eliminate such a huge setback. Performing AML screening on a merchant takes a few seconds while building a market value and credibility takes years, hence it is vital for businesses to exercise due diligence on their merchants as well as customers to build a strong and trustworthy relationship with all the stakeholders.

Data breaches by your vendors:

Often the fake merchants build a relationship with some business and extract the confidential data of the customers. Once the data have been extracted it is used to commit an array of frauds and crimes.
The most common frauds that are performed using the stolen confidential data are excessive chargebacks, illegal funds transfer and use of customer’s stolen identity for making purchases and much more. These frauds are committed using the data attained from the platform of a legitimate business and the ultimate loss is born by the business whose platform has been used for conducting the frauds. Once the data has been stolen it is sold on the black web and is further used for crimes like money laundering, human trafficking, drug trafficking, and terrorist financing.
The criminals are carving more enhanced and advanced ways of crimes using the loopholes in the e-commerce sector, hence it is necessary to perform complete identity proofing and AML verification of the merchants of an organization. In online relations, where orders are placed and proceeds are confirmed online, the risk of acquiring a fake merchant is high, hence this risk can be completely eliminated by performing in-depth identity verification of the merchant.

Perks of performing identity verification of merchants:

Identity verification of the merchants is necessary because it not only help the businesses to identify their merchants and prevent fraud but it brings many more advantages for the business.

  • Identity proofing of the merchant helps the business in the prevention of loss that the fraud may bring in. In case the merchant of business has used the confidential customer data for illegal purposes the ultimate loss comes to the business. The loss is not only monetary but also the business loses its reputation among the customers and in the industry. The loss of customer value means the loss of revenue. Such loss can be prevented with the help of AML screening and identity verification of the prospective merchants.
  • Often the businesses have unique requirements for choosing a vendor. The businesses often do not want to connect with merchants from some specific regions of the world, hence the geolocation and identity verification service of Shufti Pro helps the businesses to identify their merchant’s location and his true nationality by screening the ID proof that the merchant may provide. The OCR feature of Shufti Pro’s document verification solution screens all the information on the ID document provided and also provides the proof if the document is original or fake. Hence the businesses can easily scrutinize the prospective clients making it easier for them to select a trustworthy and credible merchant based on their specific needs and requirements.
  • The identity proofing of the vendors and merchants of the business will add another star to the portfolio of the company as it will be a form of regulatory compliance. Although the regulations are rigid only for performing due diligence on customers, the organizations found in connection with the terrorist organizations and PEPs (Politically Exposed People) comes under the strict scrutiny radar of the regulatory authorities.

Hence the businesses should consider the identity proofing of the vendor as an investment that will reap longterm gains for the organizations. Businesses of all types and all sizes are exposed to the risk of cybercrime and fake vendors, hence it is necessary to think in new dimensions. Shufti Pro’s AML and KYC verification solution is the advanced solution which helps the businesses to stay one step ahead of criminals and fake merchants.

Identity Proofing: Secure Your Business From Third-Party Data Breaches

Identity Proofing – Prevention from Data Breaches

World economic forum states that Cyberattack is mapped as one of the top threats to global stability. A cyberattack occurs every 39 seconds. Research states that the global economy can lose $445 billion a year due to cybercrimes. The stolen data is used to defraud the businesses for financial gain which ultimately turns into the financial and value loss of the business. According to a survey of Insurance Information Institue, out of 3 million stolen identities in America, more than 50% of those stolen identities were used for online financial credit card fraud with banks and online businesses.
Such an alarming increase in cybercrime magnitude and methods have made the businesses to invest in global identity proofing and document verification solutions. A survey reports that 63 percent of companies have implemented a biometric system or plan to onboard a customer.

Huge data breaches raising KYC concerns of businesses:

Huge data breaches have occurred raising a question on the cybersecurity of the so-called top-notch organizations dealing with confidential data of millions of people and businesses. For instance, the recent data breach of Equifax has caused losses of worth millions of dollars to the credit rating agency and also the other businesses. The huge data breach compromised 143 million records which contained the records of not only individuals but businesses also. According to a recent settlement with the regulatory authorities, Equifax is liable to pay a settlement of 245 million and also free credit rating to the victims of this data breach. Some other huge data breaches that affected the businesses in the past are the data breaches of Target, TJX and facebook. Those data breaches not only influenced the individuals but the businesses as well.

How a third-party data breach may become your liability?

Once an incident of data breach occurs it leaves an impact on several entities. The most common targets of the third-party data breaches are the businesses that do not have strong identity verification solutions integrated into their systems. The need for a strong identity verification solution cannot be overlooked by the businesses willing to prevail in the market for a longer period of time.

Risk of identity thieves:

After stealing the legitimate data of individuals from some third party server the fraudsters move towards the next step and buys goods and services from online businesses using the stolen identities. The business delivers the goods and services charging from the illegally accessed account. Once the victim realizes about the misuse of his identity proofing he gets a refund due to consumer protection laws and the business is the ultimate loss bearer. Other than illegal purchases there is an array of crimes initiated with a mere stolen identity, most common are, terrorist financing, money laundering, human trafficking, drug dealing, etc.
The phenomenon of stolen identities could affect businesses of all kinds in many ways and can influence many industries simultaneously, let it be a financial institution, online business, hospital or non-profit organization identity theft has caused huge losses.

Increase in fraudulent transactions

Once the individuals have access to the personal credentials of the individual he uses it often for financial fraud. Mostly the banks and financial institutions are defrauded through illegal transactions to an from the account of their legitimate client. According to a survey, online fraudsters managed to steal £1.2 billion from UK-based banks even in the presence of strict regulations regarding KYC (Know Your Customer) and AML (Anti Money Laundering). Also, the banks lost 123 million to internet banking fraud.
The fraudulent transaction fraud does not target the banks only. It targets all types of financial and fintech businesses. For example, a business facilitating online money transfer is defrauded by sending or receiving money using the stolen credentials. Other than that cryptocurrencies have been a very common victim of identity thieves and terrorists, the security loopholes make it easy for the criminals to hide their identity and money transfer trail.

Your business identity might be misused

The major data breach that hit Equifax in 2017 compromised the data of many individuals and businesses. The identity of a business, either big or small is a very valuable asset. Once that asset has been compromised it can start a range of losses for the business, including financial loss, loss of customer value, loss of competitive edge and the loss of competitive edge. Hence the misuse of a business’s identity could bring that business to its knees. The criminals could crack huge deals using the stolen credibility of a business. The identity thief might sell low-quality goods to the other business or client using the stolen business identity, ultimately this crime cycle will end with the loss of company value of the victim company.
The stolen business identity could be used for even more grave acts like money laundering or terrorist financing.

Getting a job with stolen identity:

The stolen credentials in a data breach are sold for as low as 10 to 15 dollars in the black web. Using these stolen identities the criminals get jobs at companies with the motive of hiding their true identity or to perform even bigger crimes like data breach while being an employee of the company. In case a business performs an efficient identity proofing on his employees before onboarding the new people, the risk of loss due to identity thieves is less than 1%.

How identity proofing helps in risk mitigation

Identity proofing helps the businesses to screen the true identities of the customers and employees before on-boarding them. The integration of AI-based global identity proofing systems adds layer after layer of security to the company profile. Hence the fake identities are highlighted before any damage could be done. Below is how timely investment in identity proofing solutions reduces the risk of loss due to third party data breaches:

  • ID verification screens all types of IDs and other identity documents for originality, expiry dates, forged data, MRZ code, hologram, reflected colors and photoshop.
  • Facial verification adds another security layer by checking the facial image in real-time for liveliness, 3D depth perception, and micro expression. Hence making it impossible for any fake person to as a person whose identity he has stolen.
  • Two-factor identity proofing makes the identification process even easier flexible for clients and businesses.

All the above-mentioned solutions help the businesses in keeping the identity thieves at bay while making it difficult for the fraudsters to stolen identities to cause any loss to the business. The data breaches no matter how old, have the tendency to cause loss to all types of businesses. Businesses need to integrate an Identity Proofing solution into their systems so that the data breach of some third party like Equifax, google or facebook might not become your liability in the form of identity theft-related frauds.

AML Screening in the light of Compliance Regimes Around the Globe

AML Screening in the light of Compliance Regimes Around the Globe

AML compliance is inevitable for all types of businesses around the globe. The regulatory compliance face has been changing rapidly. According to a PWC (2018) survey, 2% to 5% (approximately $1-2 trillion) of global GDP is lost to money laundering. The authorities are becoming ever more vigilant in controlling and mitigating financial risk posing to the businesses and the economies of the countries as well. The regulations are not only targeting the money launderers but are also regulating their facilitators that assist hem knowingly or unknowingly in their acts. AML (Anti Money Laundering) practices have been carved for businesses around the world and all the regions require the businesses to perform due diligence on their customers in one way or the other. AML compliance is not as difficult for the organizations to follow as it may seem to be. An investment of a few thousand (dollars or pounds or yuan, etc) waives off the loss of millions in penalties. Here is where shufti pro enters the picture. The globally integrated system is designed to perform top-notch identity verification screening on the prospective customers of the business.

Which businesses are liable for AML compliance?

Most of the businesses are liable for AML compliance but in a broad spectrum, the businesses involved in any kind of financial services directly or indirectly are liable for AML compliance. Below is the list of the businesses that are liable to integrate a compact AML compliance solution into their organizations according to the global AML regimes:

  1. Banks and all their subsidiaries
  2. Brokerage houses
  3. Insurance companies
  4. Forex exchanges
  5. Auditors
  6. Casinos and online gaming sites
  7. Non-banks mortgage lenders
  8. Dealers in gold, diamond, and other precious metals
  9. Real-estate agents
  10. Money transmitters
  11. Cryptocurrency facilitators
  12. Fintech businesses and many others.

AML Regimes Around The Globe


The Chinese economy has become one of the most strong economies, all due to their strong laws and effective enforcement of those laws. AML compliance laws in China majorly comprise the enforcement of KYC (Know Your Customer) through identity verification protocols.

  • The liable businesses mentioned above are required to verify their identity proof and other documents.
  • Regular identity checks must be performed in case there is any change in the beneficiaries or other identity-related protocols.
  • The businesses must report any cash transaction over the minimum transaction threshold or if the customers do not provide identity proof.
  • Maintaining a complete AML compliance department is necessary.

The United Kingdom:

The UK has recently taken a progressive approach towards the financial regulations post-Brexit. Currently, the MLR-2017 (Money Laundering and Terrorist Financing and Transfer of Funds (Information on the Payer) regulations 2017) is prevailing in the UK. The liable businesses are provided a complete list of AML compliance checklist which addresses mainly the following things:

  • Identity verification of the customers before extending the services to them
  • Maintaining and regularly updating the identity verification and AML compliance records
  • Training the employees
  • Take enhanced due diligence in case of PEPs (politically Exposed People)
  • Performing due diligence on the online customers and overseas customers by checking them with the international sanctions lists, terrorist lists and the lists of high-risk countries
  • Proper reporting and monitoring of internal AML compliance practices of the company

The United States of America:

The Bank Secrecy Act (BSA) is currently thriving in the USA and is amended several times. The regulations are quite detailed and cover almost every side of the money laundering risk of the financial institutions and other institutions involved in financial services. Below are the key AML compliance regulations in the USA under the BSA.

  • Performing customer due diligence is a must for all businesses
  • Banks, mutual funds and other financial institutions must go one step ahead in performing customer due diligence and perform proper customer identity verification screening on their prospective clients.
  • Record keeping and maintaining a proper AML compliance program within the organization is necessary for all concerned businesses.
  • Businesses are required to register for financial information sharing to be used only for identification purposes.


In Canada, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) is implementing the AML compliances and FINTRAC is responsible for enforcement and compliance of this act. The key features of the prevailing AML Screening act in Canada are as follows:

  • Identity verification is necessary for all the businesses addressed in PCMLTFA
  • Banks are required to perform identity verification on their customers, or the companies before opening their accounts
  • The individuals must be identified through in-person or non-face-to-face programs (such as facial verification and online identity verification)
  • Banks must perform complete identity verification on the beneficiaries and legal signatories of the company before opening their account.
  • International electronic funds must be reported if more than CAD$10,000 (banks and Casinos are equally liable for this clause)
  • In case of non-compliance, the businesses are entitled to a fine of CAD$100,000 to CAD$ 500,000.

A summary of the key features of AML regulations around the globe:
Below is a summary of the key features of the AML regulations prevailing in different regions of the world:

  • The businesses are required to perform identity verification on their customers before entering into business with them
  • Customers should be screened for international sanction lists, terrorist lists, high-risk countries and PEPs (Politically exposed people)
  • The AML compliance practices must be performed regularly on all the customers
  • A proper record must be maintained for the AML practices
  • Any transaction above the “minimum cash transaction threshold” must be reported to the concerned authorities
  • Proper training of employees and an integrated AML compliance program
  • Fines in case of non-compliance

Shufti Pro is the ultimate AML compliance solution:

AML compliance is made easy with the Shufti Pro AML Screening solution. It has all the features required for a compact AML Screening solution that many businesses need today. Below are the key features of the Shufti Pro AML compliance solution that makes it a worthy and value-generating investment for businesses:

  • Identifies the people’s identities within a minute, hence reduces the friction in customer onboarding.
  • It provides global coverage, identifies the IDs of the people from any region of the world
  • Perform complete AML screening on your customers based on sanctions lists, PEPs, terrorist lists, and lists of high-risk companies.
  • Provides the proof of identity verification and AML screening of every individual
  • The Shufti Pro database is updated regularly hence reduces the risk of wrong verification.

To conclude, the financial and fintech businesses are on the verge of losing millions due to non-compliance with AML regulations. No matter which region of the world the business is prevailing the businesses dealing in financial services is bound to follow AML Screening protocols of different frequencies. Last but not least, regulatory compliances have never betrayed a business, the investments in such compliances generate company value and provide cover against fraud and identity thieves.

California Consumer Privacy Act - How it will impact Your Online Business?

Impact of California Consumer Privacy Act on Online Businesses

California consumer privacy act has been revolutionizing consumer data regulations. The act was passed in June 2018, introducing reforms that would cause a major change to the privacy policies and data usage policies of the tech companies. The Act has made it mandatory for the tech companies to disclose their data collection motive, the nature of the data collected and also the third parties to whom it has been sold for ad generation. It will have a global impact on the tech industry using the consumers’ data. The act was much anticipated as it will improve the online experience of users and will reduce the frauds that happen due to data breaches. Such losses of data cause major harm to the business in possession of that data. The compliance to the California Consumer Privacy Act will add value to the company profile, increase its credibility and also increase the customer value of the company. Because the consumers are very keen to exercise control over their data. According to a survey, 90% of Americans want to exercise control over the information collected from them.
The data that the consumers leave willingly or unwillingly at the internet is not some useless data trail that would remain in the cloud, but the search trail and other information that the users provide willingly is used by the businesses to generate high revenues. Appearing in mobile search and results can increase brand awareness by 46%. Facebook, LinkedIn, youtube, Reddit, etc are considered the most fruitful platforms for selling the products. According to a survey, 93% of businesses in a B2B arrangement consider Linkedin as a most valuable platform for their business while 95% of B2C businesses consider Facebook as the most valuable platform, in terms of generating revenues and creating brand awareness among the consumers.
These businesses do not generate revenue by just posting their products for sale, they use the user data available with tech businesses like facebook, google, etc. to analyze and predict the consumer buying behavior hence making sales offers based on the buying behavior of a user.

Highlights of California consumer Privacy Act:

The act was passed as a bill in June 2018 by the California state legislature. It will be in effect from January 2020.
This act has given many rights to the Californian over their data collection and usage.

Concerned businesses:

The businesses that have the following attributes will be liable to follow the regulations of the California Privacy Act:

  • Generate $25million annual revenue,
  • Annually buy or sell the data of 50,000 Californian consumers
  • Generate 50% or more of their revenue in buying and selling of California consumer data.
  • Businesses operating anywhere in the world but providing goods and services to Californian users.

Disclosures regarding usage of data:

The tech companies are bound to take consumer consent before selling their personal information to a third party. It forces companies to reveal what data they collect and how they use it. Also, the consumers will have the right to request the business to delete and remove their data from the database of the business.

Requests by the consumers:

Consumers of California will have the right to request the company to show them the usage history of their data. This request includes the usage and the purpose of data, third party to whom data has been provided, methods used for the collection of data and the categories of personal information collected.

Clear privacy policy on the website:

The tech companies operating in California have to add a “do not sell my personal information” button at a clear place on the website.

Legal action by the consumers and fines:

The consumers will have the right to sue the company for illegal use of their personal information. The businesses if found noncompliant with the California Consumer Privacy Act (CCPA) will be liable for a fine of $2500 to $7500 on every violation.


Even if the user exercises his right to control his data the business will not show any discrimination towards that consumer regarding the services and the price of the product.

Businesses that need to change their privacy practices:

The California Consumer Privacy Act will be in effect from January 2020, hence the businesses need to buckle up for the changes that they would have to introduce in the privacy practices of their company. According to a survey of 250 executives of businesses in California, 72% of them plan to invest in their IT infrastructure to meet compliance with CCPA, one-fifth of the survey respondent stated that their company plans to invest more than $1million on the compliance-related functions. The survey found that only 21% of the businesses in California are currently compliant with the new privacy regulations.

Social media:

According to a survey, 87% of shoppers say that social media plays a vital role in their shopping decisions. The businesses are aware of this trend, hence use this to market their product by using the easily available information on social media platforms.
Social media websites like Facebook will have to change their practices of selling the personal information of users to third parties. For selling this data to a third party the business would need to take the consent of its users.

Verification service providers:

Due to an increase in regulations regarding KYC (Know Your Customer) and AML(Anti Money Laundering), many businesses are using the verification services of third parties for verification of the end-users. The businesses availing the verification services would have to get the consent of the end-users before forwarding their data to verification platforms. The businesses providing the verification services have the most confidential data on hand, hence they must follow the provisions of the California Consumer Privacy Act.

Search engines:

The search engines like google would also be affected by the California Consumer Privacy Act (2018). The company has been selling the user data to third parties and making big bucks out of it, but now the company’s revenue from ads generation might fall because the users from California would have the right to not provide their personal data for ad generation or for selling it to third party users.

E-commerce businesses:

These businesses are taking the major advantage of the consumer data sold online. The user’s buying and internet surfing data is analyzed through AI-based products and the sale offers are made based on the preferences of the consumers. Hence, the consumers are indirectly forced to buy a product that they would not have bought if there were no ads on their browser.
Hence it is clear that Calfornia Consumer Privacy Act (CCPA) will reshape the privacy policies of the businesses around the world and especially the multi-million dollar firms. Buying and selling of consumer data have formed a huge industry, the businesses having access and so-called “rights” over the of consumer data has been exploiting the consumer data to make huge profits. The CCPA will give the rights into the hands of the right owners.

Online Fraud Prevention : 6 Steps That Businesses Can Adopt

6 Steps of Online Fraud Prevention for Businesses

With the rapid development in the online retail industry and banking industry, there is an increase in the fraudulent activities accordingly. New and emerging technologies are on one side serving the businesses in multiple ways, but on the other side, they are giving them a tough time. Fraudsters find loopholes and vulnerabilities in the system and exploitation allows them to perform malicious activities. These activities result in heavy fines and risks.
A huge amount is spent on online stores. According to a study, global e-retail sales amounted $1.9 trillion in 2016 which is estimated to rise to $4.06 trillion in 2020. Fraudsters have endless opportunities in the face of online stores and businesses. The businesses failed to comply with the security measures are prone to the cost of loss. Every $1 of the fraudster orders cost an additional of $2.62 to online stores and $3.34 in case of transaction done through mobile phones. The countries which issue cards are 2-3 times more affected by online fraud than the ones who do not. Credit card fraud is the most common. Fraudsters use fake credit card information and perform online transactions which at the end costs the online business.
How can online businesses prevent themselves? What steps should be taken into consideration? The techniques of fraudsters are getting advance. Therefore, the pace of online businesses to introduce betterment in the system should also increase. For any business, it is important to take serious steps in order to prevent themselves from online payment scams and credit card fraud.
Following are 6 steps that can ensure safety in their customer onboarding process:

Online Fraud Prevention : 6 Steps That Businesses Can Adopt
Need of Online Fraud Prevention System

54% of businesses are somewhat confident about the security of their system. Only 40% are confident, who say that their system is unaffected by any attack or bad activity. The reason is that most of the businesses give more importance to conveniency than security. These businesses then face heavy loss which costs much more than the cost of security adoption.

Customers need Protection

66% of the customers want a secure online Fraud Prevention System. They want their identity and personal information to be protected and not to be used in any malicious activity. These concerns demand online marketplace to take serious measures in order to prevent the data and money of their customers.

Prevent Money Laundering and fraudulent transactions

67% of fraudulent transactions remain undetected. Who belongs to these transactions? What is their identity? These questions should not remain unanswered as they carry a heavy cost. For money launderers, the online marketplace is an attractive target which can help them in money laundering.
There should be proper AML checks in the system which catches them on the spot and suspend their activities and transactions.


Fraudsters activities fluctuate with respect to time and behaviours. These activities must be monitored actively and so the adoption of updated technology should be ensured. The above steps are the primary ones which need to be the part of any online business. The need for security measures varies according to the business type and fraud potential risks associated with it. To mitigate these risks, a proper protection curriculum should be shared in the business environment. This can help in remarkable business development with respect to both revenue and reputation.

How API-based Technologies Can Transform the Future of Online Marketplace

How API-based Technologies Can Transform the Future of Online Marketplace

API Based Technologies: Application Programming Interfaces (APIs) are giving advanced ways of digitizing businesses. Multiple online marketplaces are extending their services using external and internal APIs. This helps online businesses increase customer traffic by providing them better user experience. It is estimated that out of 7.7 billion global population, 1.92 billion people are digital buyers (which is increasing incredibly). The reason is the advanced API technology that is playing a key role in the online marketplace in attracting customers. There are around 224 marketplace APIs available which include internet APIs, browser APIs, and a variety of product APIs. Online businesses are going beyond basic API management to create a full-fledged API marketplace to connect the producers and consumers rapidly.

What are APIs?

APIs are a set of procedures and functions through which applications are built to access the services, data or features of a system. Today, companies avoid the installation of multiple software and their management. All they do is that they use APIs as SaaS (Software as a Service) and integrate several APIs depending upon the need of their business. Those APIs then connect the producers and consumers to provide desired services. API management on the other side is a platform that manages the APIs. It helps APIs behave evenly according to their standards and services. API management supervises all the security, speed and compliance-related policies provided to the businesses.

How does the API-based technology works?

Multiple APIs (depending on the need) are integrated with the application. The API interface runs and delivers information from the application that you are using to the system over the internet. The response from the system then comes back and delivers the data to the application. Through each step in this process, the interaction is continuous between the system and the application. APIs ensure the interaction between the services, data, applications, and systems. This data varies from cloud applications to the online marketplace, it is the responsibility of APIs to assure connectivity.
The market volume of AI-based technology is rising rapidly from the last five years…
A broad interest in enterprise-oriented technologies is seen in the past few years. These technologies include SaaS, AI, big data, IoT, and microservices. APIs are the focus of all these areas. The communication and deliverance of several services are possible through APIs. Today, the accumulation of customers in the online marketplace due to the integration of APIs with their system. These APIs provide better user experience and facilitation to the companies.
Salesforce is a software company that generates its 50% revenue through APIs. Whereas, eBay is generating 60% and Expedia is generating 90% revenue through APIs. 75% of mobile applications use internal APIs to provide its customers with multiple features and services. The integration of Facebook and Twiter APIs is increasing the demand for more APIs.

API Based Technologies and Online Marketplace

Identity Verification APIs

Over $445 billion is lost annually due to security breaches. The security of online stores should, therefore, be taken into consideration. Security APIs are available for e-commerce stores to integrate with their system that provides encrypted APIs to secure their system from attacks. Identity verification APIs help online businesses to identify and verify the customers onboard to avoid credit card fraud and online payment scams. Anti-Money Laundering (AML) and Know Your Customer (KYC) Complained APIs are integrated with the systems to ensure that fraudsters do not enter into the system and perform malicious activities. There are multiple verification techniques available through APIs that system integrates according to their system need. Verification can be done using multiple documents, facial recognition, video verification or handwritten notes. For these verification methods, separate APIs are available which can help the online marketplace to secure their system. Even if it is an online account opening service by banks, the banking industry needs to ensure that the traffic coming into their system is honest. API Based Technologies help financial institutions which are offering online services to their customer to verify that they are protecting their system from all kinds of vulnerabilities.

Speed Efficient APIs

To provide customers a fast onboarding experience, many speed reliability APIs are available that ensure robust processing. These APIs not only facilitates the customers but also at the administration end, provide smooth system management. Also, shipping and delivery APIs are part of the online marketplace to track the parcel until it is delivered to the customer. These APIs help reduce the error rate and complexities associated with the sorting done manually. To coordinate with the customer regarding their parcel status, shipping, and delivery APIs help to achieve the goal of better user experience.

Payment Handling APIs

Payment Handling APIs provide the customer with an easy interface to add their card and payment details. These APIs help both customers and administration analyze and manage transactions properly.

Future Prospects of API based Technologies

In natural language processing, predictive analytics APIs are emerging. These APIs combine enormous data which includes text, visual data, location, network and information gathered through mobile phones. The APIs are getting more secure with encryption and cryptographic technologies. APIs are profiting several industries with many reliable services which include commerce, retail, financial services, the gaming industry, and entertainment.
In the future, APIs will be managing all the data more efficiently and jump into the data management of the sensor’s level. The advance level security of blockchain will be made sure through APIs. the data gathered through IoT devices will be managed and flew through APIs. Not only this, almost all industries are using APIs to advance their systems to provide better user experience and generate more customers.
Just like Amazon Cloud Service is using data-driven through API Based technologies, a different system integrating with APIs can utilize the API-driven data for multiple processings and training purposes. That data can be used for verification and AI model training purpose. By examining the endpoints of API, documentation will be generated automatically.


An online marketplace is revolutionizing with the help of multiple integrated APIs. APIs help reliable communication of applications with another system. They also provide user-friendly interfaces to engage the customers. These APIs are internally linked with their system to provide a secure, reliable and better user experience.

More posts