Sim swap

Sim Swap Fraud: A new battle in the war of your Identity

  In our connected world, we are using mobile devices for communication, work, banking, and entertainment. Phones help us manage the private files in our cloud storage accounts and organize our lives. By these devices, we manage our social media accounts. In short, our mobile devices hold every detail of our personal information. No matter the distance, the small chip in our devices known as SIM cards allow us to stay in touch with family and friends. But what if we lose our SIM cards? What if someone else hacked our SIMs? These are one of the many questions that are faced by SIM swap attack victims. 


In this article, we’ll cover all the insights of a SIM swap fraud and we’ll discuss how to protect yourself from this type of scam.

What is SIM Swapping Scam?

SIM swapping or SIM jacking is a type of ATO (account takeover) fraud in which a malicious fraudster uses various techniques such as social engineering by which they transfer victim’s phone numbers to their own SIM card. The hackers can reset passwords or receive 2FA codes that can gain all the accounts which are linked to that SIM number. This type of attack can give fraudster access to everything your number is linked to which may include your social media accounts, email, and bank accounts.  

How does it work?

A SIM swap scam occurs when scammers take advantage of a weakness in two-factor authentication and verification or exploit the system. So having control over your SIM would be valuable to fraudsters as he can have access to all of your personal data. Scammers start by gathering as personal information and engaging in a bit of social engineering to get hold of your number. The scammers call your mobile carrier, impersonating claiming that they have lost or damaged their (your) SIM card. They can then get a new SIM card activated in their possession with your number. So the fraudster is using a different SIM card with your number in his device.  Fraudsters can then access your phone communications with banks and other organizations by using your data. They can change the passwords by receiving reset links and codes on their phone. And that’s it: They’re in. They can even create a new bank account with your name and carry their malicious activities like money laundering and terrorist financing under your name.

SIM Swap Hackers Targeting Crypto Investors- Some Examples:

On June 11, it came to light that California resident Richard Yuan Li had been charged to commit SIM swap attacks that targeted at least 20 individuals. With his elaborate money swindling scheme, he exhorted 100 Bitcoin (BTC) in exchange for keeping private and sensitive information of individuals from being released online.

There has been a dramatic spike in SIM swap attacks in the past few years. A crypto investor  Michael Terpin fell victim to a $23.8 million SIM swap attack.

 Similarly, investor Seth Shapiro filed a lawsuit against American telecom giant AT&T as one of their employees had masterminded a nefarious SIM swap scheme that resulted in him losing $1.8 million in various crypto assets.

Sign to Know you are a victim of SIM swap fraud:

It can be a challenge to stay a step ahead of SIM swap scams. But there are always some warning signs so you can put a halt to fraudsters’ access as soon as you know those signs. Here are some of those signs:

  • One warning sign, which is very common, is social media activity that isn’t yours. Any social status upload or tweet which you have not done alerts you to the breach.
  • The other big sign is when your phone calls and texts aren’t going through. This may happen when the scammer deactivates your SIM and uses your phone number so you are unable to make calls or texts. 
  • If you get a notification that your SIM card has been activated on another device you’ll know you are a victim. So never ignore your notifications!
  • If you lose access to your accounts and your login credentials no longer work, it’s most likely that they have been taken over through your number. In such a case, without losing a minute, contact your bank or other organization immediately. 

SIM swapping due to poor ID verification process?

SIM swapping has become a significant threat for users as a large number of users are having their lifetime savings and invaluable data stolen from under their eyes. This is happening solely because mobile operators are seemingly failing to take reasonable steps to prevent these criminal hackers. They need to have proper identity verification checks so that they can restrain fraudsters from gaining access to anyone’s SIM. 

SIM-swap-related incidents have increased sharply over the past few years because the telecommunication industry lax identity verification checks and make customers vulnerable to a variety of different hack attempts.

Read Also: KYC for customer on-boarding in Telecommunications Industry

Facial Recognition Kiosks: A Modern Innovation in the Food Industry?

Background of Technological Advancement

Technology is regarded as a new way of thinking or doing normal things in a different, better, and much faster way with less hassle and at an economical price. Can you imagine how life before electricity, automobiles, airplanes, telephone, computers, and even mobile phones would have been? It was much less complex but at the same time, very tough to get many things done with just the twelve hours of visible light we have each day.

Currently, we can see how IT has completely changed the way we think, act, and react. From our homes to offices, hospitals to airports, we see everything embedded with technology one way or another. Most of the processes that were done manually are now automated. A recent example is that of identity verification of customers by businesses. The customer verification process was done manually, which involved a number of steps and took a lot of time to complete. Since it was majorly a requirement for banks and financial institutions, they had to practice it by all means. Customers were, however, not in favor of the long process of getting their identities authenticated. Identity verification companies, after carefully analyzing the demand, developed digital identity verification solutions to address the issue. 

Biometrics and their need in Identity Verification

In this rapidly changing environment, criminals and fraudsters have also modified their ways of causing harm to the world and its inhabitants. They regularly think of ways to by-pass the barriers set by organizations to fight crime. In order to prevent their attacks, law enforcement agencies advised the use of proper identity verification techniques. These techniques only allow the appropriate people to gain access to the systems, obstructing hackers, and fraudsters from onboarding themselves on the restricted platforms. These systems usually verify identities using biometrics, since they are the most accurate and efficient means of authentication.  Biometrics is the most secure method of verification and cannot be manipulated or compromised since no two people around the globe have the same biometric features. Anywhere a secure transaction is required, biometrics could be used to simplify the process without compromising on security. Some of the digital biometric techniques used nowadays include facial recognition, fingerprint scan, iris scan, DNA testing, etc.

Read more: Biometrics identity verification system – a masterstroke in verification market

Digital Facial Recognition and its Importance

It is expected that the facial recognition market will grow to $7.7 billion by 2022 because the technology has all kinds of commercial applications.

Facial recognition systems compare the captured information with a database to find the exact match.  It authenticates someone’s identity and is a widely used security measure across the globe. It is expected that the facial recognition market will grow to $7.7 billion by 2022 because the technology has all kinds of commercial applications. From airport security to healthcare and customer authentication, face recognition is now globally adopted. Recently, the food industry has also integrated facial recognition kiosks in restaurants to facilitate their operations.

Read more: 4 Reasons why Facial Recognition is Better at Biometric Verification than Fingerprint Scans

The Food Industry adopting Facial Recognition Kiosks

You’ve probably heard about fast-food restaurants integrating touch-screen kiosks and the way bill-payment kiosks can resolve common issues. But the pace of technology is becoming faster day-by-day, and now there’s another thing to be excited about. It is none other than facial recognition kiosks. It was reported by Mashable that the fast-food chain in the US, CaliBurger, has now introduced a latest point-of-sale system that enables consumers to order their food through facial recognition technology. According to a study, it is estimated that Self-service kiosks generated annual revenues of $218 million in 2016.

This is how it basically works. When customers wish to order their food, they approach the kiosk and are asked to attach a picture of their face to their account. Their face is recorded in the system, so the next time they visit, they directly place an order simply by getting their faces scanned.

Initially, customers had to use a credit card to make the purchase, but now they can easily pay with their faces. These systems were tested in California in the first place, but the company has plans to expand them further; maybe even internationally. Eventually, when the AI-powered facial recognition software is successful, CaliBurger wants to eliminate the use of the security code, making the process even quicker. The main plan of the company is to expand this technology across the globe. CaliBurger is not the only restaurant using facial recognition technology: there are other food chains in other countries using similar technology as well. KFC in China is one of them, which is enabling consumers to pay for their orders by scanning their faces. According to a report, the rise in consumer spending while ordering through self-service kiosks is 30 percent.


What the Future Holds for Facial Recognition Kiosks?

Biometrics is not new but has been getting much hype lately because its everyday uses are becoming more and more relevant. There was a time when fingerprint sensors were only seen in the movies. Currently, many of us have them embedded on our phones or computers and use them on an everyday basis.

Therefore, seeing biometrics being used on a daily basis is not surprising for us anymore. In the UK, especially, you may pay through a kiosk at a supermarket or fast-food restaurant a number of times a week. Once people get more used to it, facial recognition kiosks may well become a normal part of our lives in the near future. There is no uncertainty as to what the future holds for biometrics but with technological advancements regularly taking place, it is easy to notice how we could soon be paying for goods in stores by simply scanning our faces.

Read more: Facial recognition technology grooving into cruise ships for ID verification


The way things are headed, it seems as if the world we live in right now might be a lot different after the Coronavirus pandemic ends. People might avoid interaction, maintain social distancing protocols and businesses might have to shift to touchless services and verification protocols. Who knows? But we can be certain that touchless kiosks will be preferred and incorporated by places of public interaction. In such instances, digital identity verification systems would be the most effective technique to verify individuals and establish secure working mechanisms.

Europol’s European Financial and Economic Crime Centre (EFECC)

Europol launches European Financial and Economic Crime Centre (EFECC)

Financial and economic crimes are today the leading threats that are affecting millions of EU citizens as well as companies. The increasing number of organized financial crimes such as money laundering and funding of terrorist activities accelerate the criminals to make illicit profits. Amid the COVID-19 pandemic, the fraudulent activities are sky rising in Europe by the bad actors. Law enforcement agencies are effectively all active in following the money trials and consider it an integral part of criminal investigation procedures.

Europol has launched the European Financial and Economic Crime Centre (EFECC). The center aims at promoting systematic and advanced financial investigations. EFECC provides operational support for the EU bodies and the Member States in the fields of both economic and financial crime. Europol’s strategic report was published on June 5 and it provides a comprehensive overview regarding threatening crimes in the financial sector. The innovative fraudulent tricks are employed by financial crimes to exploit the vulnerabilities and fears in the financial system.

EU Commissioner for Migration, Home Affairs and Citizenship, Ylva Johansson said:

“The center we are launching today will help step up financial investigations across the EU. Financial and economic crime harms us all and doesn’t stop at national borders. And it’s often a key activity of organized crime groups that we can uncover if we follow the money. With our new center, we’ll be better equipped to fight economic crime together.”

About 58% of customers in the EU use digital banking solutions such as applications and websites to carry out mobile banking. The customers who lack technical knowledge become victim to vulnerabilities and a variety of cyberattacks. The increasing number of financial crimes, credit card frauds, phishing/vishing, and other online payment scams call out for stringent regulatory framework to curb them. The innovative tricks of bad actors require innovative ways to fight back. Weakened KYC (Know Your Customers) regimes are the reason behind an array of banking frauds.

The report of Europol highlights the list of all possible ways to curb financial crimes including fraud, money laundering, and property crime. The CEO of the European Banking Federation (EBF), Wim Mijs said he is extremely pleased that financial and economic crime can now be curbed by a completely dedicated center within Europol. 

“Financial crime undermines the stability of the banking sector and is a serious threat to the whole society. The fight against dirty money aims to cut off resources to organized crime gangs and terrorists and is hence of the utmost importance. At the forefront of this fight, EBF is a trusted partner of Europol and therefore very much welcomes that this cooperation will now benefit from the support of an even more adequate structure and resources”

Institute of International Finance (IIF) president and CEO Tim Adams said:

“The creation of the European Economic and Financial Crime Centre (EFECC) at Europol is a critical step to counter the threats posed by illicit flows through the international financial system. The IIF, and the industry broadly, has called for an intelligence-led approach to financial crime, and meaningful initiatives like EFECC are essential to improving outcomes. I urge policymakers to continue their focus on improving effectiveness in the fight against criminal financial activity in partnership with the private sector, as the impacts of a financial crime constitute a grave threat to society as a whole.”

The aim of EFECC is to establish a stringent framework that could increase financial intelligence for the EU. Being a partner of European Prosecutor’s Office, EFECC supports and promotes the financial investigations to mitigate the illicit fund’s transfers, money laundering activities, and high-scale financial crimes that are disguised. The interaction with national law enforcement agencies can help curb the increasing financial crimes in a collaborative manner.

Pandemic is challenging for every industry around the world. It is blowing up the environment of economic and financial crimes which is ultimately affecting the legitimacy of the global financial system. EFECC amid the COVID-19 crisis aims at reducing the increasing financial frauds due to rapid digital business transformation. 

Working from Home Spikes Demand for Digital Identity Verification

Due to the Coronavirus Pandemic, many businesses are grounded or are enforced to work from home. As an imperative to protect employees from the harm of Coronavirus and as a government mandate, most if not all employees are working from home. But businesses need to protect not only their employees but their organizations as well. Now,  what can you do to protect your company from harm? Are you concerned your systems credentials may fall into the wrong hands in the depths of the dark web? Someone posing as a senior manager can email your corporate controller to send money to a fake account. As employees are working from home using different servers can attract cybercriminals and end up losing precious data. The best-prepared companies can be vulnerable to cyberattacks as data hacks are everywhere. Email phishing, SIM cloning, and social engineering are constant threats that are urging businesses to take measures for cybersecurity. These types of cyberattacks have escalated dramatically in recent days due to coronavirus pandemic making your business even more vulnerable. 

What is Identity Verification for WFH Policy?

Identity verification solutions help businesses comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations. To combat the risk of fraud and to authenticate an identity while onboarding these solutions play a vital role. We are now living in a digital sphere, so knowing who we are dealing with is an important but an uphill task. Identity verification ensures that the user or customer information is real. It is to know who we are dealing with. But the point to ponder on is that if the staff is working from their homes how can we properly secure the company from fake identities causing harm to businesses? The answer lies in deploying digital ID verification solutions that provide contactless technology to conveniently carry out cumbersome procedures of authenticating identity in real-time. This technology provides a remote solution for verifying and screening out the fraudsters before they can cause any harm to businesses. 

Challenges Faced in Working Remotely:

When you are in offices, you know who is with you in a meeting and with whom you are sharing business information. You are always sure of each chat and everyone who is around you. But this is not the case when working remotely as the teams are flung far away and you do not really know to whom you have just given the keys to your kingdom. You are exposed to more cyber attacks now. As the other person is not sitting in front of you so cannot be sure of anything right? But Identity verification solutions have answers to such uncertainty.

Know Your Employees Remotely

Identity verification solutions help you offer an immediate biometric identification and authentication service that can harden your WFH process. Employees can quickly capture a selfie and upload a government ID to verify identity. So you can gain assurance that the employee who attended the meeting with you is the same as the one who is working from afar.

Drive Identity Certainty Throughout your WFH Processes

You can always identify anyone with digital solutions by using biometric technology. With a face verification solution using a 3D liveness detection feature, you can authenticate that the real identity is present from the other side.  Using these solutions, any corporate transaction you deem of high-value or high-risk can be monitored to comply with AML regulations.

Know your Candidate for Remote Hiring:

Due to maintaining social distancing in this pandemic season, even new hirings are done online. It is obviously risky to hire someone online and trust him with all the business matters right? So digital identity verification solutions along with document verification cover this stream as well. For distance working opportunities, companies have to hire individuals without directly meeting them beforehand. They are being interviewed via Skype or a telephone call and hired based on what they present. The provided documents can be fake and the person applying for a position may be a cybercriminal with no good intentions for your business.  So during onboarding them their documents need to be verified to know they are original using digital document verification solutions. 

To get hired, candidates may present forged documentation, depicting fake certifications, so to curb these issues, digital identity verification becomes essential. By using OCR technology the data can be extracted from documents and verified using authentic techniques. Furthermore, if the potential employee is a scammer, their identity documents may be counterfeit, or worse, stolen. So to combat such risks and to maintain social distancing digital solutions play a vital role.  It is essential to catch the suspects before they can posit any harm to the businesses hiring them. 

Read Also: Employees’ Digital Identity Verification for Remote Hiring

Digital Identity Certainty With No Integration

Without any complex integration or costly hardware, digital identity solutions assurance can be at your fingertips in minutes. That’s all it takes to drive identity certainty across your WFH processes and provide increased assurance to your business during these uncertain times. Facial verification and pattern recognition ensures that the image on the document and the original person’s face match. Even to hire new employees and remote workers in any part of the world digital ID verification solutions can reveal the true identity of an employee with the help of an ID card but it can also authenticate digital identity with the help of driving licenses and passports as well. Online ID verification is done in real-time so that no time is lost in verifying the true identity of an employee.

To conclude, in order to contain viruses and to fight back fraudsters while working from afar it is needed more than ever to have a sound identity verification solution. By knowing who you are dealing with it becomes a lot easier to curb frauds. You can always be sure of who you’re interacting online only if you have stringent measures to authenticate the identity.


Enhanced Digital Security with Facial Recognition and Liveness detection

The increasing number of cyber-attacks and online fraud calls out for strong security measures. Uncontrolled access over online user accounts is one of the major reasons for a wide array of cyber threats. Authorized access is the only solution that could help online businesses by allowing registered entities to participate in the digital space. Stronger Customer Authentication (SCA) methods are required in place to verify the identity of customers online that incorporate anti-spoofing measures. 

In unsupervised authentication solutions, facial recognition technology is one of the leading technologies to cope up with the digital frauds. Advanced biometric authentication solutions can fight against the sophisticated spoofing attempts of fraudsters who attempt to get unauthorized access over user accounts. Facial recognition technology employs a 3D liveness detection feature to determine the remote presence of the user at the time of verification.

Seven Billion

Among all online user authentication techniques, facial recognition praised most worldwide. Various industries are integrating this technology into their platform to verify the identity of customers in a convenient manner. Facial recognition kiosks are now installed at airports, conferences, and public events, etc. to verify the individuals through facial biometrics. Similarly, businesses such as banks, eCommerce, and digital financial services providers integrate facial recognition systems to authenticate their customers at each sign-in. 

At any place, the advantage of user authentication is to curb the fraud rate that is rising each passing day. Facial recognition technology has the potential to reliably expose the fraudster through its powerful antispoofing algorithms. Liveness detection feature in biometric face verification detects the spoofing elements through its capability of distinguishing the mimicked motion or image from the movement of a real person.

Key Features of Liveness Detection

With the passage of time, biometric authentication systems have gained immense popularity and the liveness detection feature is getting improved with it due to the rising challenges and demand in the biometric identification market. The following are some key features of liveness detection:

  • Artificial Intelligence plays a vital role in improving biometric security and reduces the rate of successful fraudulent attempts. 
  • Anti-spoofing methods detect suspicious elements in the user-uploaded picture. For example, photoshopped, static, and tampered user face images.
  • 3D perception techniques are used for the actual measurement of the captured image.
  • Micro expression analysis is performed that detects the minor facial movements of the user in live photo capture. These movements include lip movements, blinking of an eye, etc.
  • Liveness detection ensures the physical presence of the user at the time of identity verification.

Benefits of Liveness Detection

The liveness detection method is well-crafted as per the security demands of the digital space. It helps minimize the risks of spoofing attacks in the biometric facial recognition systems by detecting the suspicious elements in the user-uploaded picture.

  • Liveness detection streamlines the user authentication method making it more secure when it comes to verifying the onboarding customers to mitigate the risks of fraud.
  • The feature is totally resistant to spoofing attacks and ensure customers’ online account protection through controlled access.
  • It provides an optimal user experience through its convenient and faster authentication mechanism as compared to other traditional user authentication methods. 
  • Enhanced security can be ensured with liveness detection feature in facial recognition technology as it fights against the fraudulent attempts of users online. 
  • It has the potential of identifying Deepfakes through the deep learning algorithms.
  • 3D mask attacks, screenshot pictures, distorted images, and eye cut photos can immediately be detected through liveness detection to discard the account access request and reduce the risk of fraud.

Shufti Pro’s AI-powered facial recognition technology all the innovative sub-features that are part of liveness detection. The increasing risks of cyberattacks as a result of unauthorized access can be mitigated by the integration of facial recognition technology that verifies the face of a person in mere seconds. During the verification, a list of spoofing checks run which makes sure that no fake identity and its attempt get successful. The adoption rate of biometric facial recognition technology is very high and it is due to major other benefits that come along with it other than the security of the platform. Enhanced user experience and fast method of authentication is the demand of the digital customer base. At the same time, it is the responsibility of online merchants to be vigilant with respect to the security of the platform.

Disruptive Fintech Trends 2020

Fintech has changed the way consumers access their finances. From mobile payment apps to insurance and investment companies, fintech has disrupted the traditional financial and banking industry. Fintech is evolving and posing a threat to brick-and-mortar banks or financial institutes. It offers a plethora of other applications that are more consumer-focused. This technology manages funds and insurance, trade stocks, pays for food and changes the ways many consumers track and manage their finances. According to CNBC, fintech investment soared up to 18% in the year 2017 alone.


Fintech- A Global Disruptor:

Fintech is a growing industry and countries are adopting this technology at a much higher rate.

Read Also:  The FinTech Industry: A Snapshot

Top fintech trends in 2020

Fintech Cybersecurity and Stability

The digitization of financial institutions might concern the majority of consumers because technology is not known to be 100% reliable. The threats include money laundering, identity theft, and other financial crimes. Cybercriminals attack small businesses as they do not invest much into security. So there is a need to put up more effort in awareness of the importance of cybersafety in fintech companies. This year, more fintech companies will be making strategies on how they can ensure business operations to survive cyberattacks. A reactive strategy for a proactive security system to bring the business back to health after the attack. Fintech companies have to make security their priority because it is the most important commodity. If fintech companies fail to do so, they are putting themselves in the crosshairs of cyberattacks.

Digital Banking is Looming:

Since digital payments are grabbing all the attention digital banking is becoming the new normal in this pandemic season. The financial world is quick to notice when a bank exists in the virtual world and offers services like P2P transfer, contactless MasterCard with free transaction fees, and global payments. More and more businesses are following the lead and offering interesting online services. There are many appealing features of digital banking such as

  • You do not have to step out of your home in this pandemic.
  • Saves time.
  • No physical contact is required with the seller or other people – best for social distancing. 
  • It is paperless which helps to contain the virus. 
  • Banks can save a lot of money with digital-only banking.

In 2020, more customers are starting to recognize digital-only banks as a more efficient way of banking.
People have changed the way

AI: Gold for financial institutions

Banks embrace AI and generate higher revenue. Now banks are further fine-tuning their AI solutions strategies to drive wider adoption of technology. According to a report, AI will drop the bank operation cost by 22% around 2030. AI is well poised to deal with the growing incidence of financial fraud threats and cybercrimes. Using chatbots and other smart tools, AI is ready to hit the best customer service software for financial institutes allowing faster transactions and giving customers the convenience they expect.

Payment innovations

A couple of years back we had limited payment methods like signing checks or swiping a credit card only. But now we have many payment methods that are brainstormed and implemented as part of fintech. With these payment innovations, things have become simpler, easier, and user friendly. These mobile payment methods are now accessible to all and phasing out the need of carrying cash in the pocket every time. 

  • The trend of mobile wallets will gain popularity in 2020. 
  • The technological innovation like contactless cards that were piloted by different banks will gain the limelight in 2020 increasing their users exponentially. 
  • Payment innovation that has intrigued fintech fanatics is the use of QR codes to make payments. 
  • The developments such as Google Pay and Apple Pay to help customers check out faster have sparked the E-commerce market.

The use of Big Data in Fintech

Fintech companies use big data to detect fraud and manage risk. They analyze the big data with algorithms to make important decisions. They use big data and predictive analysis to manage risk better and identify how risky a certain investment is.  The use of big data can detect fraudsters easier than a human eye would. It contributes to the bigger picture of fintech, which is making transactions more secure.

Cryptocurrency and Fintech Blockchain

The blockchain has become significant in fintech as it speeds up the transactions between banks through secure and dedicated servers. Blockchain can monitor transactions in a fraction of the time. By using this technology businesses can build smart contracts based on any type of business or transaction. In 2020, more developments will go into the cryptocurrency blockchain to make it better suited for fintech. Most of the research will be done in this sector to fully implement it to the financial industry on a larger scale.

The bottom line

The Fintech industry will continue to develop and fine-tune in upcoming years.  To be more secure and satisfy customers this industry will evolve at a much higher pace. The payment innovations will continue to break the borders financially and enable users to make global payments.

Card Not Present Fraud

Card-Not-Present (CNP) Fraud – How to Prevent False Chargebacks?

The eCommerce industry continues to grow rapidly, so are fraudulent activities. According to Statista, eCommerce sales in 2019 were amounted to be $3.53 trillion and e-retail revenue is expected to grow to $6.54 trillion by 2022. The bad actors in the digital space are roaming to exploit vulnerabilities and target online users. There are a variety of malevolent activities that are becoming part of the streamlined eCommerce activities. Among those, Card-Not-Present (CNP) fraud and false chargebacks are on the top. In the U.S federal reserve report 2018, the amount of CNP fraud in 2016 was estimated to be $4.57 billion. This fraud projection rate is sky rising due to a lack of preventive measures that help combat an array of digital financial frauds. 

The digital transactions in the eCommerce are categorized as CNP. There are serious risks associated with the CNP fraud in which online merchants are liable for bearing the costs.

With the rapid invasion of individuals in the digital world, eCommerce sales and eventually CNP frauds are rising. Online merchants are required to be vigilant when it comes to the adoption of appropriate security measures over the platform. The cost of false chargeback claims from the fraudulent entities is received from online merchants, even merchant would be liable for the additional assessments and fees associated with the chargebacks. In case of a high chargeback rate, the merchant could be at risk of its account terminated. A study predicts that digital CNP fraud can cost retailers $130 billion dollars by 2023.


Detection and Prevention of CNP Fraud

Risk mitigation measures need to be taken into consideration by detecting and preventing the CNP fraud. These measures can be ensured by first understanding the fraudulent tricks and attempts of bad actors. The fraud prevention system requires a dynamic approach to fight against CNP fraud and its evolving techniques. 

It is forecasted that by 2023 all the companies that support retail transactions will spend about $10 billion every year for the purpose of fraud detection and prevention. 

KYC Verification

Just the way financial institutes used to verify their customers to mitigate the risk of financial crimes, the eCommerce industry can adopt the Know Your Customer (KYC) requirements to assess the risks. When it comes to open an online account, it is crucially important to perform the identity verification process on each onboarding customer. Identity checks can help determine if customers are legitimate or not. The process of KYC verification is secure and aligns well according to the demands of customer experience. 

KYC verification ensures that no fraudulent entity is allowed to take part in the financial system. The AI-powered identity verification solutions help verify customers digitally in mere seconds. Through innovative solutions and advanced AI-based algorithms, individuals can be verified and false chargebacks can be mitigated in the eCommerce industry. The following are some methods through which online identity verification can be ensured in a streamlined manner:

  • Document Verification of online customers against official ID documents such as ID card, passport, or driving license can be done. AI-powered Optical Character Recognition (OCR) technology can help extract the information from the document in real-time which can be verified. 
  • A biometric facial recognition system can help identify and verify the facial biometrics of the legitimate users against the ones uploaded at the time of account registration. Also, the face on the ID document can be matched against the one which is captured in real-time. 
  • Address Verification System (AVS) verifies the user-entered address against the one present on the ID document. The customer will be verified if both addresses match. 
  • Verification of customers at the time of account registration through video-KYC. The KYC expert connects the customers and verifies their identity through a video call in which other than ID document verification checks, experts take into account behavioral verification through a customer’s body language. Other than this, the liveness detection checks in video-KYC ensure the physical presence of customers through their minor facial movements. 
  • Anti-money laundering (AML) screening of customers against updated global watchlists, sanction lists, and PEP records can help the eCommerce industry mitigate financial crimes such as money laundering by the high-risk profiles.

Implementation of these measures can help online merchants prevent CNP fraud and false chargebacks. These practices can help organizations protect themselves from high-risk profiles that can become the reason for high-scale financial crimes that ultimately ends up giving harsh fines.

Electronic Know Your Customer

Instant Client Onboarding with E-KYC Screening

Technological Advancement and its Influence

The world needs to constantly evolve in order to survive. Like everything on the globe, technology is also evolving with every passing day but with a much swifter pace. It was not long ago when the first aircraft was invented by the Wright brothers in 1903. That was the beginning of an era that fulfilled the dream of mankind to fly. Now, we witness high-tech man-made spaceships flying to space. That is the essence of life – exploring new means to improve the lifestyle of mankind. Every day, companies spend millions of dollars to innovate and build existing inventions, in order to beat their competitors and earn profits. While the majority works for the betterment of others, there are some aiming to disrupt the system and cause damages to the people and the economy.

Cybercriminals Disrupting the Economic System

Criminals have been using their energy, resources and the new technology to develop ways to by-pass the legal standards and rules, causing harm to others for their personal benefits. Since the advent of the internet, criminals and fraudsters have switched to the online platform for their wrongdoings. According to the IC3 Annual Report 2019, financial losses went up to $2.7 billion in 2018. Most financially destructive threats include business email compromises (BEC), investment scams, and romance fraud. The “Ninth Annual Cost of Cybercrime Study” published by Accenture stated that the total amount of cybercrime for every company increased from US$11.7 million in 2017 to a new high of US$13.0 million — an increase of about 12 percent. 

These increasing figures are raising the concern of many businesses worldwide. Various global regulators across the globe have collaborated with law enforcement agencies to fight these cybercriminals and scammers. They have devised KYC and AML regulations to help businesses and financial institutions in identifying their customers with accuracy. KYC or Know Your Customer regulations are mandatory for banks and other financial institutions due to their nature of dealing with finances. Many other businesses are also increasingly following KYC compliances for their own security and safety.

Customer Onboarding – A Hassle for Modern Businesses

Most businesses understand the importance of KYC regimes and want to implement them in their business practices fro customer onboarding. But unfortunately, due to the long process of customer identification, they are reluctant to adopt them. The customers also do not prefer visiting govt offices and other institutions to get themselves identified as it takes a long time and the process is complicated. But nevertheless, due to the risk of fraudsters and scammers, they are forced to take preventive measures to secure themselves and their clients. Businesses such as banks, financial institutes, government offices, software companies, airports, military buildings, embassies, etc, all require identity verification before onboarding employees and customers.

Electronic KYC – A Means of Swifter Customer Identification

Modern identity verification companies have developed advanced software that conducts E-KYC of individuals effectively. This software is powered by Artificial Intelligence technology that flawlessly analyzes the identification data of customers, establishing that they are actually who they claim to be or not. The software has OCR technology embedded in it, which extracts relevant information from the government-issued documents. It verifies identities within a few seconds and has the capacity to verify individuals from anywhere in the world. This software can work through mobile cameras as well as webcams and can be integrated into websites and applications too. Electronic verification systems verify individuals through a number of techniques. Some of them are listed below:

The use of AI systems to identify and study facial features for verification purposes.

  • Digital Document Verification

The use of AI systems to check the authenticity of various government-issued documents to mitigate fraud.

  • Digital Address Validation

The use of AI technology to cross-match addresses from the documents to minimize the threat of address manipulation.

  • Multi-Factor Authentication

The use of multiple-step verification to increase the protection of your accounts by adding greater security barriers, usually through your mobile phone.

  • Digital User-Consent Verification

The use of handwritten user consent to giving access to only legitimate and genuine customers.

Businesses can adopt the technique which is the most suitable according to their requirements and budget. 

Future of the Digital Identity Verification

The digital identity verification is becoming a need for businesses in this era. Due to the efficacy of the E-KYC techniques, more and more businesses are incorporating them into their businesses. It is expected that post Coronavirus, people would avoid interacting with others and adopt touchless techniques for identifying and onboarding their employees and customers. Therefore, digital identity verification systems are necessary for businesses that want to secure themselves from imposters and comply with global regulations at the same time.

CFT and AML Compliance To Hold Back Financial Crimes

CFT & AML Compliance To Hold Back Financial Crimes

In this digital era, many factors are greasing the wheel of money laundering. Due to online transactions, it has become a piece of cake for fraudsters to carry out their financial frauds. But the AML Compliance Program for business is to govern the monitoring of accounts, detection, and reporting of financial crimes to relevant authorities. CFT and AML compliance promote stability in financial markets by mitigating the adverse effects of criminal economic activities and promote stability in financial markets.
SInfographic Korean Money Laundering

In this digital era, many factors are greasing the wheel of money laundering. Due to online transactions, it has become a piece of cake for fraudsters to carry out their financial frauds. But the AML Compliance Program for business is to govern the monitoring of accounts, detection, and reporting of financial crimes to relevant authorities. CFT and AML compliance promote stability in financial markets by mitigating the adverse effects of criminal economic activities and promote stability in financial markets. 

AML compliance trace and tackle the frauds like money laundering that any financial institute can face. Customer screening against certain PEP lists and sanction lists is done to complete due diligence and deter money laundering, terrorist funding, drug trafficking and other financial frauds. Anti money laundering checks provide a backbone for CFT (combating the financing of terrorism) and KYC regulations. AML regulations are key components of the US Patriot Act, 2001. In 2005 the Reserve Bank of India made it compulsory for banks across the globe to adhere to AML compliance to detect and prevent the financing of illegal activities.

Financial Regulations for Money Laundering- A Deep Dive:

The Financial Action Task Force, which is a group of 35 countries, work together to curb the risk of financing of terrorism by standardizing regulations to prevent such frauds. These authorities are working to keep a close check on money laundering activities. Many countries are following the guidelines of FATF to impede financial crimes and to restrict terrorist financing and money laundering. There are 40 recommendations of the FATF to put a halt on money laundering which countries follow. The FATF Recommendations are recognized by the global AML and CFT standards. The list of data sets of citizens that is being continuously updated is provided to law enforcement agencies in case any illegal activity is performed by any individual.

Key Features of CFT:

CFT is achieved by having a proper channel for AML checks. Following are some key features of how CFT works:

  • CFT is basically restricting the movement of funding of terrorist organizations. By focusing on a variety of entities, including banks, charities, and businesses by regulation, supervision, and reporting.
  • The efforts which are made to authenticate and put a halt on the movement of money and to monitor transactions to screen out those which are used to fund terrorist activities come under the umbrella of CFT. 
  • The CFT process plays a significant role in identifying money laundering activities from detection to prosecution. Money laundering appears to be legitimate but processes like CFT are used to identify such criminal activities and eradicate them. 
  • Financial Intelligence Units investigate suspicious transactions and information is provided to law enforcement for further investigation or prosecution.

How Combating the Financing of Terrorism Works?

CFT involves guiding and teaching financial investigative techniques and training financial institutes to identify suspicious activities.  CFT efforts may examine entities including charities, registered money service businesses, underground banking entities with many others. Money launderers need to conceal the origin and how the money will be used in order to carry out their activities. Such frauds come from legal sources such as legitimate organizations as well as from illegal sources such as drug trafficking and government corruption.  Terrorism financing and money laundering, both are interconnected. When an entity is able to detect money laundering activities, it is preventing terrorist funding simultaneously so combating money laundering is a key to CFT.

AML Compliance for Businesses

AML (Anti Money Laundering) practices are used to perform due diligence of customers. Businesses, especially financial institutes need to abide by AML checks to deny the loss of millions in penalties that will be imposed by regulatory authorities for not complying with the regulations.  To analyze customer data and to detect suspicious activities financial institutes deploy stringent AML checks. Such checks filter out customer data and classify it accordingto the suspicion level so that high risk customers can be highlighted. Any sudden and abrupt increase in money transfer or large withdrawal should be considered suspicious and businesses should act accordingly.  AML checks help financial institutes to impede financial frauds. AML screening detects not only money laundering but also other financial frauds like tax evasion, terrorist financing can also be traced and eradicated.

AML Benefits

PEP List Screening- An Integral Part of AML & CFT:

A politically exposed person or PEP is the one who has a high profile role in society. Due to this prominent position that  they hold in society they can commit money laundering and other offences.  Many case studies and analysis reports have confirmed this fact already. There is a list available that holds all the names of PEPs known as the PEP list. Screening individuals against this list is an integral part of AML and CFT to identify the person. As these people are more likely to be involved in financial crimes so they come under the umbrella of high-risk for financial sectors. With PEP status additional risks which are involved can be highlighted. Businesses need to be more vigilant and must apply additional AML and CFT measures when dealing with such persons. In order to avoid reputational and regulatory damages, PEP list screening is an integral part of AML and CFT regulations. 

Read More: Politically Exposed Person – An unsaid threat to Businesses

So in a nutshell, AML and CFT compliance are to eradicate financial crimes. Businesses need to abide by these regulations in order to be safe. If a business fails to comply with these regulations it will end up falling in the pit of money launderers and end up paying a hefty amount of fine which will be imposed by regulatory authorities. So in order to curb financial crimes and meet identity verification requirements businesses should have proper AML checks into their systems. 

2-factor authentication

How Can 2-Factor Authentication Protect Customers Against Fraud?

Need for Customer Authentication Mechanisms

Since the existence of humanity, new innovations and technologies have been introduced to improve living standards. Millions of dollars are invested every day in different sectors to enhance operations and work processes. As a result, our quality of work and lifestyles are improving with every passing day. An emerging industry, IT, has revolutionized our lives in innumerable ways. The work involving immense time and human efforts is now done within a few minutes or seconds with the help of computers. 

Like other inventions, computers can be utilized in a wide variety of methods, as per the requirement of the user. Some users utilize computers to their best ability for the betterment of the world and its inhabitants, while others use them to cause harm and damage. Since the advent of the internet, criminals have been deceiving and exploiting users through fraudulent activities and practices. It has become important to impede these criminals’ attacks before the damage gets more severe.

According to the Federal Trade Commission’s “Consumer Sentinel Network Data Book,” the most common types of fraud complaints registered last year included imposter scams, debt collection, and identity theft. Credit card fraud was the most widely occurring in identity theft cases — about 167,000 people reported a fake credit card account that was opened using their personal information. In 2017, it is estimated that in the USA about 16.7 million people became victims of identity frauds. The cost of such an organized attack on online user identities is estimated to be USD 16.8 billion.

Read More: Cybercrimes Rise 5 times in 4 years and Continue to Soar!

Financial Regulations to the Rescue

Such losses are causing immense damage to the businesses as well as the world economy. To fight this problem, law enforcement agencies teamed up with the financial regulatory authorities to introduce KYC and AML regulations for businesses. These compliances ensure that businesses properly know their customers before conducting any transaction with them. Although these regulations were introduced primarily for banks and financial institutions due to their financial significance. However, nowadays, many businesses are also complying with these regulations to increase their security.

Customer identity verification was implemented decades ago after the tragic 9/11 terrorist attack. Over time, it has improvised and become more accurate as well as efficient. Recently, identity verification service providers have introduced digital identity verification techniques that are powered by Artificial Intelligence technology. These verification methods are very accurate with little to no chances of errors. There are different types of digital verification techniques and the most effectual ones are facial verification, document validation, address verification, 2-factor authentication, and consent verification.

Read More: Financial regulators assure further assistance to the industry during COVID-19

2-Factor Authentication and its Importance

The 2FA process is carried out to protect both the user’s data as well as the resources that the user can gain access to. It provides a greater security level than other authentication methods that rely on single-factor authentication (SFA), where the user provides only one factor — generally, passcode or password. The two-factor authentication method relies on an individual giving a password, and another factor, which in most cases, is either a security token or a biometric factor, such as a fingerprint, iris scan, or facial scan.

The process adds an extra layer of security to the verification process by making it difficult for attackers to obtain access to an individual’s devices or online accounts because having the victim’s password alone is not enough to pass the security check. Two-factor authentication has been used for a long time for controlling access to sensitive information and processes, and online service providers are increasingly using this method to secure their users’ personal details from being misused by hackers who have hacked a password database or used phishing to obtain user passwords.

Read More: Why 2 Factor Authentication is vital for Online Identity Risk Management?

How does two-factor authentication work?

Here is how two-factor authentication works:

1. The users are requested to log into the website or platform.

2. The users provide the personal credentials they possess – generally, a username and password. Then, the site’s server identifies and recognizes the user.

3. For processes that don’t need passwords, the website generates a different security key for the user. The authentication tool processes the key, and the site’s server verifies it.

4. The site then asks the user to perform the second login step. Here the users have to prove that they possess something only they would have, such as a security token, ID card, smartphone, or other mobile devices. This is called the possession factor.

5. The user then enters a one-time code that was generated in step four.

6. After successfully providing both factors, the user is authenticated and provided access to the platform.


Two-factor authentication is a reliable way of securing customers and their belongings. The effectiveness of two-factor authentication can be understood from the fact that many leading social media platforms such as Facebook, Instagram, WhatsApp, etc, have incorporated it into their platforms to secure their users. Digital identity verification techniques are the future of customer identification and businesses of all sorts need to integrate them into their platforms. This will not only help them in securing their customers but also comply with the changing regulatory compliances

video KYC

Video-KYC – The ‘New Normal’ for Digital Customer Verification

The KYC requirements all over the world are getting stringent. ID document verification is a norm for major business entities when it comes to onboard a secure clientele base. Remote verification of customers has various forms. It can either be done through digital document verification or biometric authentication in combination with other attributes such as remote anti-money laundering (AML) screening and address verification. However, another method of customer verification is becoming “the new normal” in the identity verification market. Video KYC is now grooving in the digital space for remote verification of customers.

Multiple industries, dominating the banking sector intersecting with the Fintech use-cases are in need of digital customer identity verification. Video KYC thus is among the most suitable methods in which with the assistance of KYC expert and technology, identity is verified remotely. 

Role of KYC expert

The online user first fills the registration form and the KYC expert connects the user for remote verification. The expert guides the user to verify the identity throughout the identification process and takes consent at first when it comes to collect the data from the customers. The user will be asked to show the documents asked by the expert in the camera for verification purposes. The document could be an ID card, driving license, and passport. The expert asks the user to tilt the document to check holograms in them. They are trained not only to identify the spoofing elements in the documents but also for behavioral and body language analysis. 

Role of technology

During the verification process, AI-powered facial recognition of customers is also performed. The liveness detection feature in this biometric technology ensures the physical presence of a customer at the time of verification. The checks employed in the technology lookout for spoofing elements in the document as well. When both face and document is verified, the results are sent to the back-office.

Video KYC and Indian regulatory framework

The Indian regulatory infrastructure has revamped the customer identification process for the banks, NBFCs, Fintechs, and other financial institutes. The latest regulations allow the replacement of paper-based processes with the video call verification mechanisms as per the recent amendments in KYC guidelines in the country. The Reserve Bank of India (RBI) is the country’s banking regulatory authority which declared some amendments in the existing guidelines. 

Under the Prevention of money laundering (Maintenance of Records) Rules, 2005, KYC is a vital part when it comes to onboard the customers. The regulations make video verification vital for the digitization and automation of the current KYC norms. For the same, in February 2016, master guidelines were released.

The following are some of the amendments in RBI:

  • To build an account-based relation with the customers, a live Video-based Customer Identification Process (V-CIP) should be carried out by the official of the Reporting Entity (RE). 
  • A clear picture of the Permanent Account Number (PAN) card shall be captured that would be displayed by the customer during the verification process.
  • A live location of the customer should be captured to ensure the physical presence of the customer in India during the verification process. 
  • It is the responsibility of REs to ensure secure video storage that stores the time stamp and date as well. 
  • All the activity logs which also contain the official credentials while performing the V-CIP, should be protected.
  • REs are encouraged to employ the latest available technology which includes Artificial Intelligence (AI) and facial recognition (face matching) technologies to ensure honest verification and keep intact the process integrity.
  • The BCs can facilitate the customer identification process at the customer end only whereas the official one would be at the other end of V-CIP interaction which should be necessarily a bank official.
  • All the details of BCs who are assisting the customer should be maintained by banks. The responsibility of CDD will ultimately be with the bank.  

Relief for financial firms – In COVID 19

Among all the hype of COVID-19, major business transformations can be seen. The banking industry has to revamp the digital banking services to establish a secure and running program for the customers. The increasing digital frauds and financial crimes call out for the stringent identity verification methods. The financial firms have got relief with the latest convenient method of customer verification in the form of video KYC that could help them cope up with the situation smoothly from all aspects. 

benefits of kyc

Video KYC – Swift and convenient solution

Video KYC is a quick and convenient process in which all the traditional verification methods are replaced with a video verification by a KYC expert. It is a secure method that helps the banking industry, particularly the Fintech businesses in attaining a clean customer base. Another benefit of Video KYC is that it helps businesses comply with the KYC and AML regulations with easy and secure customer acquisition. 

age verification

Strengthening digital businesses with online age verification

It is projected that by the end of 2021, 2.4 billion will buy products and services online, up 46% from 2015 when 1.46 billion people made purchases online. Moreover, during current situations when the whole world is under self-imposed lockdown, people are staying home and prefer to make purchases online, more people are expected to shop online then predicted previously. This high demand landscape has made many entrepreneurs and businesses rich but also create unforeseen challenges. 

As age-restricted products and services have seen a surge in demand, it has become more than important to protect minors online. The age-restricted items such as alcohol, knives, tobacco, and others are safeguarded from minors offline but what about preventing minors’ access to the same products online?

The need for age verification has increased especially due to the open-access of the internet. Regulatory authorities are working to create an online environment safe by placing regulations for the online sellers of age-restricted goods. Businesses are also opting for age verification checks to comply with regulatory authorities. 

Shufti Pro’s experts have written a whitepaper on the need for age verification to secure minors and your business online. Download this whitepaper now.

Here’s a brief summary of the whitepaper. 

A brief on age verification

Age verification is a measure used to prevent access to digital products that are restricted to a certain age. Age verification systems are usually used to protect minors from accessing age-restricted content online. The examples of age-restricted content are:


2.Online dating websites

3.Online gambling and lottery platforms

4.Online gaming content that is not suitable for underage people

5.Tobacco and cannabis

6.Pharmaceutical drugs

Why is it important for businesses to know the age of the user?

Age verification is deemed necessary for the sellers of age-restricted goods and services and not having proper age verification checks may result in fines up to millions of dollars and other legal obligations. In short, it is necessary to stay up to date with recent regulatory requirements both local and global. 

Businesses often implement identity verification including age verification to set age brackets a particular user falls in and by doing this they separate unnecessary users. Read the white paper to explore details of traditional checks and where they lack. 

Ways to verify a user’s age

Online age verification is performed using different methods. Some of which are:

Self-verification checkboxes

 Most online business place checkboxes for asking the user if they fulfill minimum age requirements or ask them to enter their date of birth. This is the most common type of age verification check but it isn’t much effective because minors can easily surpass this check.

Verification using a credit card

Sometimes online stores ask for credit/debit card details by assuming that credit card companies will not issue the cards to minors. However, minors may access their parents’ credit cards to make purchases without consent.  While the credit card verification checks approve the transaction as the chances are that it will be performed from the same IP and the same address. This leads to a legitimate chargeback claim which in turn leads to a loss to the business.

Online age verification using ID documents

The process for online identity verification is as simple as uploading the picture of government-issued identity cards and a selfie to verify that the identity document belongs to the same person performing the verification. Due to sophisticated technology, this process becomes instant so that authentic buyers of legal age did not walk away due to the tiresome verification process.

Shufti Pro’s online age verification solution 

Shufti Pro uses AI-based ID document scanning combined with 3D facial recognition to verify the identity and age of the user, taking only 15-60 seconds. Users’ can be verified by using just and ID document and a selfie. 

Just a simple API integration and you’ll be all set to refrain minors from entering your platform while providing a secure and fast user onboarding experience to your legitimate customers. For more details, read the white paper to know how an investment in age verification solution will turn to be your competitive edge and a reliable resource to fight cybercrimes.

Chargeback Frauds

What are chargeback frauds and what do they mean for businesses?

The world we live in no longer seems to be honest and fair. A large number of individuals are participating in fraudulent and unethical activities every day. Causing a loss of billions of dollars per annum, the fraud instances are still on the verge of increasing. According to the FTC, about 3 million complaints regarding identity theft and fraud were received in 2018, out of which 1.4 million were fraud-related. In 25 percent of those cases, money loss was reported. In the same year, it was reported that consumers lost about $1.48 billion in fraud complaints, an increase of $406 million from 2017. 
Charge Back
In 2018, about 130,928 of the cybercrime cases were related to credit card frauds. These types of frauds are committed to obtain goods or services or to make payments to other accounts that are controlled by a criminal or fraudster. The Payment Card Industry Data Security Standard (PCI DSS) is the data security standard established to assist businesses to securely process card transactions and reduce card fraud. To cater to the problem of fraudulent credit card transactions, the concept of chargebacks was originated.

Chargebacks and their importance

Chargebacks are transaction reversals that are forcefully initiated by the cardholder’s bank in case of a fraudulent transaction. It is mostly considered a consumer protection mechanism. If you’re a business or merchant, chargebacks can be a frustrating threat to your livelihood. If you’re a consumer, chargebacks represent a shield between you and corrupt vendors. If someone’s payment card is stolen, it can be used to make transactions at any physical or online platform. When the cardholder is notified about the transaction, he/she claims that they were not responsible for it and they claim the transaction amount from their bank. This is known as a chargeback. The bank refunds the amount to the customer and in turn, imposes heavy regulatory penalties or fines to the business or merchant for not conducting proper due diligence of the customer. 

Chargebacks were introduced in the early 1970s when the US has started introducing credit cards. There was consumer fear regarding the use of these new cards. There were also complaints regarding unethical merchants taking advantage of the consumers. This led to the creation of chargebacks in the Fair Credit Billing Act of 1974. According to a study, Chargebacks account for 70% of fraud and cost merchants nearly $11.2 billion in lost revenue in 2015. The E-commerce industry lost an estimated revenue of $6.7 billion as a result of chargebacks in 2016 out of which 71% ($4.8b) was due to friendly/chargeback fraud. While chargebacks provide a protective shield to customers against fake transactions, on the other hand, they cause losses to many businesses as well. 

Types of Chargebacks:

1: Merchant Error

Innocent mistakes and errors at the merchant’s behalf can have a major impact on the business’s bottom line. Errors are mostly linked with merchant setup, transaction data, and order processing. About 20-40% of all chargebacks are caused by merchant error.

2: Criminal Fraud

Criminal fraud is one of the primary reasons chargebacks were created. In this type the cardholder claims that the transaction was not authorized. This chargeback is triggered due to various forms of criminal activities:

  • A criminal finds a lost card
  • Counterfeit cards are generated with stolen account information
  • Hacked account information is used to conduct the card-not-present transaction

About 1-10% of all chargebacks are caused by criminal fraud.
3: Friendly Fraud

This chargeback involves unsatisfied customers who contact the business directly with any complaints they may have. However, some consumers use the bank as a middleman and file a chargeback instead of asking for a refund. And because the business is not aware of any issues with the transaction, friendly fraud is performed by apparently satisfied customers. Friendly fraud chargebacks account for 60-70% of all chargebacks.

How can businesses save themselves from false chargeback claims?

As we can conclude from the statistics above, false chargebacks can have devastating effects on the prosperity of a business. It is crucial for businesses to take strict measures for the prevention of chargeback instances. This is possible by conducting proper identity verification or due diligence of customers before transactions are conducted. Financial regulatory authorities such as FATF have introduced strict KYC and AML regulations that are mandatory to follow for financial institutions and banks. However, businesses are increasingly adhering to these compliances for their own security. 

Identity verification has been practiced for many decades but the manual method is very time-consuming and there are chances of human error. Recently due to the innovations in the IT sector, artificial intelligence-based digital identity verification systems have been introduced. These systems remotely verify the identities of customers from any corner of the world within a few seconds. There are different types of digital ID verification techniques that are used by businesses:

  • Face Verification
  • Document Verification
  • Address Verification
  • 2-Factor Authentication
  • Consent Verification

Once the identity of the customers is verified before every transaction, businesses will have recorded proof for it which can be presented to the bank in case of a false chargeback claim. If businesses ensure the provision of prompt and attentive customer service, quality products and services, and paying attention to transaction details, customers will not have a sound reason to file a chargeback. Instances of friendly fraud will decrease significantly.

Wrapping Up…

Fighting chargebacks is the last major responsibility businesses should face at this time. Banks have allowed fewer chargebacks to be filed against businesses that regularly argue regarding these claims. Not only does chargeback resentment make sure that the business gains more profits, but it is also helpful in educating consumers about what isn’t and what is a chargeback and how it should be used accurately. Customers should also understand that chargebacks should be filed in extreme scenarios only; they are the last resort rather than the first action to take to seek a refund. Chargebacks should not be used senselessly, as the consequences for the businesses are quite harsh. Hopefully, with proper education about chargebacks, both customers and businesses can notice a decline in the number of fraudulent chargeback claims.

Online age verification

Online Age Verification: Children’s Digital Privacy amid COVID-19

The meteoric rise in the adoption of digital technology has influenced every phase of modern humans. From societies to economies to culture, each aspect undergoes both positive and negative transient changes. Predictably, it also means that the internet has penetrated into the lives of children and impacted their way of living. It is estimated that about 71% of youth is online as compared to 48% of the overall global population. The youth that ages 15 to 24 is estimated to be the most connected group over the internet. Globally, one out of three internet users is a child under the age of 18.

Undoubtedly, the digital space provides ample opportunities to children where they could learn, ensure self-development, and get entertained at the same time. However, in one way or another, minors are exposed to a variety of threats that could harm them. Children are at a big chance of falling prey to the vulnerabilities in a digital space. For instance, child identity theft incidences in an online space are not a concern of today. The year 2017 compromised the data od more than one million children which resulted in a total loss of about 2.6 million dollars against which families paid more than 540 million dollars out of their pocket.

The statistics, therefore, call out for a stringent regulatory framework that can acknowledge the need for strong child data protection measures. The COVID-19 outbreak has increased the ratio of digital activities that could be more harmful to the children and their data. Fraudsters roaming in the digital space target the children’s data to fulfill their list of malevolent purposes. Online age verification checks, thus, are contributing to providing a safe space for children that keeps intact security and child’s data protection aspects simultaneously. The regulatory bodies all over the world have declared regulations regarding data protection of children in the digital world. 

Online Age Verification – Global Regulatory Framework

Among all, major legal approaches highlight the need for parental consent and its principles. However, these approaches may vary in certain countries. Usually, their mandate is that all the digital services providers must obtain verified consent from parents before obtaining information from them. In this section, some of those regulatory frameworks are discussed.

United States

In 1998, the US passed the Children’s Online Privacy Protection Act (COPPA). This legislation is dealing with the protection of minors’ privacy online. The legislation highlights the need for age verification of children online and parental consent before collecting information about children. It ensures the parents have control over the information of children under 13 that is been collected by the online websites. 

South Africa

In South Africa, The Protection of Personal Information Act, 2013 (The POPI Act) is in force that prohibits the processing of children’s personal information. Consent is necessary to process, exercise, or even for legal defense purposes. 

European Union (EU)

The EU’s General Data Protection Regulation (GDPR), explicitly recognizes that children are less aware of the consequences, risks, and safeguards that concern their data and its sensitivity in the digital world. The Act, therefore, enforces parental consent before processing the online information of children having age under 16. 


In Germany, the interstate treaty aims at minors’ data protection and mandates the use of online age verification solutions. Instead of enforcing parental consent, the legal regulatory framework of Germany highlights the implementation of age verification solutions to verify the age of children before providing them access to the digitals services. 

United Kingdom (UK) 

The Digital Economy Act (DEA) of the UK passed in 2017, which is explicitly designed to regulate the digital services and communications infrastructure. The law strictly ensures the implementation of age verification measures while providing children access to age0restricted content online. However, the specific method for age verification is not mandated but the implementation is declared mandatory. 

Online Age Verification Methods

The online age verification practices vary with respect to the methods. The manual age verification methods included only simple Age Affirmation Pages (or self-certification) in which just by ticking a checkbox, the age was confirmed by the user side. The method does not serve the purpose as it could be tricked easily. 

The globally digitized world is moving towards the adoption of technological advancements as so the innovative solutions for age verification of customers online. The following are some methods that can be used for the age verification of customers online:

Credit/debit card verification

In this method, users are required to enter the details of their credit card/debit card. This method ensures that only adults or people above the legal age use debit/credit cards and will be verified.

Government-issued ID cards

The age of online customers can be verified through the government-issued ID card that could also be a passport or a driving license. Through OCR (Optical Character Recognition) technology, the data from the user-uploaded document will be extracted and verified by the system for the purpose of age verification. 

Semantic Analysis

This method of age verification works on the principle which identifies the level of sophistication based on which people having a certain age are highly likely to use different ways while constructing and online profile. Many online companies use semantic-based search algorithms that parse the user-entered information and find out words and terms which are commonly used by minors. 

Biometric Authentication  

Based on the facial biometrics, biometric authentication of online users can be done in combination with the verification of some official identity documents. The facial recognition system will identify the face and verify it against the picture present on the identity document. If both match, an identity will be verified.

How can AML play a role to impede the financing of terrorism?

Money Laundering and Terrorism Financing are global issues and there is no dispute regarding it. Every year, billions of dollars are lost due to money laundering. According to a study by UN Office on Drugs and Crime, the estimated amount of money laundered worldwide per annum is 2 – 5% of global GDP, or $800 billion – $2 trillion in current US dollars. Money laundering and financing of terrorism have been going on for a very long time. Keeping in mind the immense loss that has to be encountered, global regulatory authorities set up compliances that were required to be followed by all financial institutions and banks. But before going into that detail, let’s get a glimpse of when were the AML and CFT regulations initially introduced?

Background of Money Laundering and the Financing of Terrorism

On 9/11, 2001, a tragic terrorist attack took place in which 19 militants related to the extremist group al Qaeda hijacked four airplanes and administered suicide attacks against targets within the United States. Two of the planes were flown into the dual towers of the World Trade Centre in New York City, a 3rd plane crashed into the Pentagon just outside Washington, D.C., and the fourth plane crashed in an open field in Shanksville, Pennsylvania.

Approximately 3,000 people lost their lives during the September terrorist attacks, which led to major U.S. initiatives to fight terrorism under the presidency of George W. Bush.

To carry out the attack, the 9/11 planners spent between $400,000 and $500,000, which was majorly provided by al Qaeda. Albeit the origin of the funding is undisclosed, detailed inquiry has unveiled about the financial transactions that supported the attack.

The hijackers and their financial facilitators used the anonymity provided by the international and domestic financial system to channel their funds via a number of hidden transactions. 

Although the existing financial mechanisms of the country were strong enough to prevent the misuse of the system they were not designed to identify and obstruct transactions that financed state terrorism.

This ultimately led to the development of the KYC process and AML regulations as key components of the US Patriot Act, 2001. Later on, in 2005 the Reserve Bank of India made it mandatory for banks across the globe to adopt these guidelines to prevent the financing of illegal activities.

Read more: 24 scammers arrested on money laundering charges

Introduction of Financial Regulations

International authorities such as FATF and world bank are working with national authorities such as GDPR, FinCEN, FCA, FINMA, etc. and state banks to keep a close check on money laundering activities. Most of the countries are following the guidelines of the financial regulatory authorities such as FATF in impeding crimes such as money laundering.

The Financial Action Task Force or FATF is a global body that provides suggestions to countries with respect to their efforts to restrict terrorist financing and money laundering. The countries mostly follow the 40 recommendations of the FATF to prevent money laundering.

Governments and financial institutions have huge datasets of information regarding their citizens and these lists are regularly updated.

The lists are provided to law enforcement agencies in case any illegal activity is done by an individual, to bring them under the law. 

Read more: Financial regulators assure further assistance to the industry during COVID-19

Techniques to Counter the Financing of Terrorism

Traditionally, financial Institutions would examine government-issued identification documents like a driver’s license and/or passport. These documents, generally, should essentially display an image as well as other identification data of the individual. Best practices, however, involve the displaying of multiple documents to diminish the risks presented by counterfeit and fraudulently obtained documents.

Read more: The Definitive Guide to Anti-Money Laundering & Countering of Terrorist Financing

In today’s online era, when consumers deeply value convenience and instantaneity, a visit to the bank to line up an account may be too inconvenient. So why create difficulties for customers, and asking them to physically present themselves, when there are easier and convenient ways to verify themselves online?

Identity verification service providers have built digital identity verification software that seamlessly authenticates the identity of individuals in a couple of seconds. These systems usually involve the use of cutting-edge AI technology that digitally verifies if the individual actually is who they claim to be or not. To make it certain, the software requires the user’s identification details which could be done through facial verification, document validation, address authentication, 2-factor authentication, and consent verification. These digital identity verification techniques conduct an in-depth analysis of the profile of the users to see if they are involved in any sort of money laundering or terrorism financing activities. 

The software usually attains information from various data sets and sanction lists that are regularly updated by the international authorities. On-going AML checks can also be adopted to keep a close check on the Politically Exposed Persons or people with a history of suspicious activities.

Wrapping Up…

Money Laundering and the Financing of Terrorism are menaces in our society that need to be eradicated entirely. But this cannot be achieved immediately. It takes years of hard work, technology, policy formulation, compliances, and most importantly, the sheer will to fight these hazards. We should all stand united with our authorities and agencies to catch money launderers, terrorism financiers, and criminals. One of the most effective methods of doing this is by incorporating digital KYC verification into our systems and business processes.

6 industry experts explain the role of KYC in cybersecurity

Cybersecurity is no more limited to firewalls and antiviruses. It is protecting your system, employees, and customers by implementing security checks at certain touchpoints for all stakeholders, so due diligence is vital to practice robust cybersecurity. Due diligence is also not restricted to just customers but applies to all entities that access your system. However,as customers are the primary source of risk and return, KYC (Know Your Customer) is significant for complete cybersecurity.
Consumers are a vital asset of your company and their security is significant. That’s why companies spend millions on cybersecurity and KYC. But cybersecurity investment is not enough as sometimes long verification processes demotivate customers to leave the platform during onboarding. Faster and seamless KYC integrated with cybersecurity checks proves to be a feasible strategy to fight evolving cybercrimes. 

Due diligence in cybersecurity is a tool to gain the trust of all stakeholders

Cybersecurity if grouped with customer due diligence helps fight fraud and enhance the customer experience. A research found that 88% of consumers say their perception of a business is improved when a business invests in the customer experience, namely security. 

Adil Advani of Pure VPN considers cybersecurity a means to gain customer trust by making them feel secure in sharing their data with the company. He states, Due diligence is a routine part of any acquisition. Identity verification is very important these days due to an increase in cybercrime. Customers, partners, shareholders, and prospective employees want evidence that the organization can protect its sensitive data. Without a cybersecurity policy, an organization may not be able to provide such evidence.”

Pair cybersecurity checkpoints with KYC to fight payment frauds 

David Bell from Country VPNs recommends using several KYC checkpoints along with other cybersecurity practices to fight payment frauds. “We implement a combination of KYC tactics like asking security questions, assessment of customer’s IDs through artificial intelligence, verify customer’s biometrics, and even use social media for verification purposes along with the more formal database. Businesses should pair databases with KYC checkpoints and fraud prevention technology to prevent being exploited by cybercriminals.” 

Cybersecurity aligned with regulatory requirements is the key 

Cybersecurity practices reap benefits when KYC practices are aligned with KYC and data protection regulations. Cybersecurity and customer due diligence need to be practiced while taking necessary measures to secure customer data as well. 

Dan Blum, Principal Consultant at Security Architects Partner stated the significance of data protection in KYC and cybersecurity and said; “Service providers must protect the value of customer’s information systems or data, as well as customer privacy rights using sound, risk-based cybersecurity practices as a matter of due diligence. KYC requirements must be aligned and balanced with a good understanding of the laws and business requirements.”

Peace of mind for you and your customer

Cybersecurity is essential and becoming inevitable with the evolution of technology. Primary business operations are going through a technological shift, proactive risk prevention and backup are crucial to sustaining technical growth without affecting customer experience. 

“It is an important part of preventing cybercriminals from committing crimes such as money laundering by implementing methods such as document checks or facial recognition. KYC creates a layer of protection that gives both you and your customer peace of mind about the safety of their data. KYC, therefore, creates an all-round better security practice by protecting the company, the company’s reputation, and your consumers.” said Will Ellis, Founder of Privacy Australia and IT security consultant.

Customer due diligence helps in securing systems

Data collected during customer due diligence provides reliable information for the customers which can be used to trace them when needed. It helps in securing the system from data breaches by only allowing access to reliable and verified users, it further streamlines the security operations of a company and makes them transparent enough to identify any threat.

“When it comes to cybersecurity, verifying users and gaining a reliable source connection is something that is crucial to maintain safety and privacy when online. By applying customer due diligence to cybersecurity it gives a right for the wanted user to be located which then helps by acknowledging potential security breaches that can then be reassessed later. This helps to control internal data and manage customer information more efficiently which can create a better flow within a company. It’s important to include customer due diligence in cybersecurity to have full say in what is going on in the systems.” said Ludovic Rembert, founder of Privacy Canada.

KYB is also vital for fraud prevention

Due diligence is not limited to individuals but extends to business entities related in B2B relations. When acquiring or partnering with a company it’s necessary to review their data protection and cybersecurity practices as a risk prevention measure. 

Sophie Summers from Rapid API highlighted the significance of KYB (Know Your Business) screening in B2B relations, either a company is acquired or partnerships are planned. “It is best to find out whether the target organization has the basic blocking and tackling in place to prevent, detect, and respond to cybersecurity incidents. Additionally, look for their secure backups to recover from unfortunate events.”

Cybersecurity practices if executed wisely reap several benefits.  Customers regard these security practices of their companies if done swiftly through advanced technological solutions. Otherwise, KYC and cybersecurity which demand more time and effort affect customer experience and lead to cart abandonment and reduce customer value.

The expert insights show that KYC is an unavoidable part of cybersecurity and it’s more than just customer due diligence. It helps prevent financial fraud, identity frauds, cyberattacks, data breaches, and unauthorized access to your system or your users’ accounts. 

More posts