KYC Compliance – Strengthening Fraud Prevention Across the Globe

Know Your Customer (KYC) : The widespread availability of the internet has made our world more connected than ever. This, however, has made our information more vulnerable to fraud. The ever-climbing fraud statistics continue to trouble consumers and businesses as well as regulators across the globe. Yet traditional practices for Know Your Customer seem no longer effective. With the increasing scrutiny of regulatory bodies and global financial regulators, businesses need to come up with an effective Know Your Customer or KYC Compliance process. The KYC process involves the verification of the identity of individual customers for preventing fraud and money laundering activities.

Traditionally, banks and other businesses performed KYC manually. However, manual procedures take longer and tend to frustrate customers. For banks too, manually verifying and vetting each customer can be costly and arduous. Herein, comes the role of SaaS KYC service providers. Providers of identity verification as a service, nowadays are using machine learning, advanced biometrics and a combination of Artificial and Human Intelligence capabilities to verify end users. It is an all in one solution that is equipped to fully automate KYC procedures in companies. 

A comprehensive KYC and AML solution can effectively fulfil a business’s KYC requirements. It not only makes the implementation of compliance obligations seamless but can also improve the onboarding process. Its KYC services include document, face and address verification along with global AML background checks. 

Some of the major KYC and AML procedures that Shufti Pro offers include;

  • Document Verification
  • Face Verification
  • Address Verification
  • AML Background Checks

Document Verification

A simple and efficient way for banks, financial institutions, e-commerce stores, crypto exchanges, ICOs and a number of other businesses is to verify customers through document verification. It allows businesses to verify users through multiple documents including ID cards, passports, driver’s license, credit/debit card, utility bills and other customised documents, that a business may need verification for, for its users. 

The verification of the document(s) can be personalised for business, according to its need to verify its users. For example, an online retailer would want to verify the address of its customers to avoid shipping fraud and errors. Different features of a document that can be verified include Name, Date of Birth, Age, Date of Issue and Expiration, Document Number (MRZ code, passport number etc.), Gender, Nationality etc.

The process of document verification for a business is simple and easy. All they have to do is select the mode of verification (onsite or offsite) and document checks they want. The rest is taken care of by the verification software. The process of document verification involves;

  • The end-user or customer comes in for verification and selects the type of document he/she wants to be verified by. It is up to the company to provide multiple options for its customers for verification including ID card, passport driver’s licence or any other ID document.
  • The user then scans their document(s) or uploads a copy of it to verify their identity. 
  • The system verifies the user using hybrid AI and HI technology in 30-60 seconds.

Document Verification

Face Verification

Face verification nowadays is normally performed through a facial recognition software developed on AI-based protocols. Biometric facial authentication is usually performed by businesses that run a higher risk of attracting fraud and financial crimes like money laundering, bribery and tax evasion. This may include but is not limited to, banks, insurance providers, investment firms, crypto exchanges, ICOs and forex companies. All such businesses are highly regulated and require additional protection from fraudsters and criminals. 

Performing facial verification is simpler than document verification and only requires the end user to show their face in front of the web camera. Alternatively, they can also upload a picture to authenticate their identity. The choice to verify the user through image or video or both lies with the company availing KYC services. An end user is verified in the following way in the face verification feature;

  • The end user comes in for facial verification
  • They show a fake or photoshopped image for verification
  • The facial recognition system declines the verification since it a fake image is being used for verification.

In another case,

  • The end user comes in for verification
  • He/She will show their actual face or image for verification
  • The verification is approved as the software detects the presence of a real person, or does not detect any photoshopped elements in the image used for verification.

Online Facial Verification

Address Verification

E-commerce sites, online retail businesses and banks often require address verification of customers in order to check if the person is using legitimate credentials to gain access to services. Address verification services allow for better and more convenient authentication of users around the globe. It is the fundamental solution for businesses to eliminate identity theft. Address verification further increases the accuracy in the shipping of orders allows companies to conveniently deliver merchandise to customers. 

Address verification is performed using a number of different documents including utility bills, bank statements, tax bills, ID cards, passports etc. The system is also able to corroborate addresses using different documents. Therefore, if either of the documents is forged or stolen, the system will stop the verification. The address verification process is performed in the following way;

  • The user selects the document using which he/she wants to verify their address. It is up to the company if they want to provide their customers or users with various document options with which they want to verify their address.
  • Scan or upload the document for address verification.
  • The system will use data extraction protocols to verify the address of the user.

Address Verification

AML Screening

Banking and financial institutions are required to perform customer due diligence (CDD) for individual customers and clients. For higher-risk individuals, they are obligated to perform enhanced due diligence (EDD) to evaluate, assess and eliminate the risk they pose to the institution. For more efficient risk assessment, AML screening of each individual client is a must. 

With an AML screening system, banks can now easily screen new and existing clients through a foolproof system. The screening process flags PEPs and high-risk individuals from a vast databank. It contains data from over 1000 sanction lists and 3000+ databases. Some of the lists through which end users are scanned include OFAC, FATF, DFAT Australia, FinCEN, CIA, FINMA and numerous others. The databank is updated every 14 minutes to account for any updates in the lists. Banks and other financial institutions can choose to implement batch screening or ongoing screening for their clients. Batch screening screens individuals in bulk in one request whose basic name and DOB are already known. In ongoing screening businesses operating in a high-risk environment can issue an “on-alert” status to clients with a greater risk profile. 

AML services are generally availed with KYC verifications and checks are run in the background. 

  • The system extracts a user’s Name and DOB from their credentials as they perform their identity checks.
  • The system will scan the person from global AML watchlists (FATF, OFAC, Terrorist Financing, FinCEN, DFAT etc.)
  • If the individual is flagged in any list their verification will be declined and the company will be notified of specific individual’s flagged status.
  • If they are cleared, their verification is approved.

AML Screening

Requirements for Each KYC Procedure

The documents required from each end user for a KYC verification depends on the company availing the KYC services. Each company has its own requirements about verification of its users. However, certain standard documents are used by most businesses to verify their users. These documents include ID cards, passports, driver’s licences and credit/debit cards. The company can choose to provide different options for verification for its users or set a standard document through which the person can be verified. 

Documents for address verification include, but are not limited to, utility bills, bank statements, tax bills, rent agreement, employer letter, insurance agreement and other standard ID documents. The AML checks require the full name and date of birth of an individual that can be extracted – or entered – during the KYC process. 

It must be noted that the requirement for each verification is set by the company availing the identity verification services. They may ask for only one or multiple documents for verification from each user according to the needs of their industry and the regulations they are obligated to adhere to. 

Industries that Adhere to KYC Compliance

KYC compliance applies to a vast range of industries. Different businesses need to adhere to KYC requirements of their region as well as the region(s) they operate in. Some of the many industries and businesses that require KYC procedures include, but are not limited to;

Kyc Compliance

  • Banking, Financial Services and Insurance (BFSI) Industry
  • E-commerce businesses
  • Foreign Exchange Brokering Services
  • Cryptocurrency Exchanges or Companies dealing with or operating on cryptocurrency (ICOs, Bitcoin wallets etc.)
  • Freelancing platforms
  • Telecommunication Services
  • Travel and Hospitality Services
  • Peer-to-Peer Marketing
  • Online Gaming and Gambling 
  • Healthcare Industry
  • Real Estate Sector

Standard KYC Compliance Procedures Around the Globe

Every jurisdiction around the globe has its own set of regulations and requirements for businesses to operate safely. Different countries and regulatory authorities set their own standards according to their legislative structure. However, standard KYC requirements are fixed for most regions across the world. Most KYC Compliance Procedures are centred around: 

  • Digital Identity Verification.
  • Electronic identity Verification or e-IDV, that verifies individuals through different government or independent databases.
  • Address verification through different documents

Any specific distinction in the process of KYC exists based on;

  1. Use case – The use case for each business involves in what capacity a business might need KYC, how it would apply KYC procedures.
  2. Regulatory Requirements – regulatory requirements differ based on the type of industry, the level of risk an individual or business may pose and the region in which an enterprise operates in. For example, in a few countries including Germany, Spain, Switzerland and Austria the regulations require businesses to verify users through video conferencing 
  3. Type of Business – the risk associated with a business also comes with the industry it operates in and its nature. For instance, financial service firms are bound by more legal obligations than perhaps an online retail store.

Kyc Procedures

The identity solution from Shufti Pro offers universal language support, along with the ability to verify over 3000 documents. This allows us to verify users from over 230 countries around the world. Our AML databank includes names of Politically Exposed Persons (PEPs) from over 1000 + sanction lists and 3000 + databases. It is currently catering to a diverse set of clientele ranging from financial services to online retail businesses to crypto companies. With the ability to verify users in under a minute, Shufti Pro can fulfil a business’s KYC compliance requirements with increased efficiency.

Due Diligence checklist

What Due Diligence Means for Your Business

Due diligence is a process that helps banks and individuals to get to know in detail who they are dealing with. Sometimes it is mandatory and other-other times voluntary. This article looks at the concept of due diligence implications for your business and includes a due diligence checklist to help you with compliance 

What exactly is Due Diligence?

When a business is about to sign an agreement or buy a product, it investigates the party to the deal and the product. It is a ‘measure of prudence’ or an attempt to ‘perform a prudent review’. A more common form of referring to the same is customer due diligence (CDD).

Types of Due Diligence

There are different forms of performing due diligence, each has its own merit. The process depends on the risk level and purpose. Here is a short list of the types of due diligence;

  • When Buying a company – To check if a company is legally and financially secure before buying
  • M&A due diligenceMergers and acquisition (M&A) due diligence is performed when businesses are merging or one business is planning to acquire another
  • Financial due diligenceIt is to investigate the financial health of an asset before purchasing
  • Customer due diligence (CDD)Businesses perform CDD to ensure that the customer is not involved in illegal activities or funding terrorism 
  • Commercial due diligencePrivate equity firms readily perform this diligence to test the commercial viability of a business
  • Vendor due diligenceWhen a business is about to be sold it requests a third party to perform an audit for the financial health of the business 
  • Third Party due diligenceA firm looking to outsource its services undertakes 3rd party due diligence to evaluate the risks


Does Law require you to perform Due Diligence?

Due diligence is a subset of ‘know your customer’ (KYC), which is mandatory for all registered banks and financial institutions. The digitization of banking services is expanding the list of businesses obligated by law to follow the due process. For example, the emerging industries of Fintech, Wealthtech, and Insurtech are a few names.

The law is stricter with financial institutions and asset management companies when it comes to performing due diligence. If you own a fund such as a mutual fund or a hedge fund you will have to perform the due process irrespective of the amount of investment an investor brings in. 

Similarly, the trend of ICO’s and cryptocurrencies has attracted the attention of the regulators in recent years, making due diligence mandatory in all developed economies of the world. It makes perfect sense, no one should be allowed to launder money through ICOs and tokens. 

How do You carry out CDD?

Here is a checklist to help your business achieve CDD;

  • Perform due diligence before you enter into any business with your customer. It is quite difficult to deal with risks afterward
  • Verify your customer’s identity
  • Verify the address of your customer
  • Screen third parties (your business partners, banks, lawyers, etc. also carry risk)
  • Collect all the necessary information, store it professionally (for example, high-risk clients should not mix with low-risk profiles)
  • Be vigilant in identifying profiles that might need enhanced due diligence (EDD)
  • Organize and manage the records as neatly as possible, make a digital copy

What if You do not perform Due Diligence?

There are two ways in which you could come short; not performing due diligence and inadequate due diligence. Both carry serious risks. 

For example, if an investigation reveals that your business did not perform due diligence, and allowed a person to open an account with your bank, who is listed on the Anti-money laundering (AML) blacklist, you might have to pay a hefty fine.

In addition, your business repute might get tarnished, causing irrecoverable damage. Other investors and customers might avoid doing business with you. You might also face hurdles in expanding your operations into other countries.


Due diligence might be required by law for your business. Even if it is not, it is wise to investigate who you are dealing with. Businesses not only perform due diligence before onboarding customers but also before entering into a contract with other businesses. 

However, the demands of regulatory bodies are tightening. Compliance is already a top priority for businesses associated with the financial industry. Many firms find it more feasible to get professional help regarding compliance. It frees up their resources for the core business.

Millenials Bank

Why Millennials don’t care about Conventional Banking Services?

Millennials are different from the baby boomer generation. They earn less than what the previous generation was earning at their age. It is odd that the banks have been unable to capture the market of millennials – the perfect target audience right now. However, faster customer identity verification can make banks millennial-friendly. 

Overview of Millenials

Millennials are the first of their kind – the true digital natives! 

They are internet savvy and armed with smartphones, which they check dozens of times a day. We are talking about people currently in the age group of 18-34. Smartphones play a huge role in their lives. 

The banks have started to think in terms of apps and online services. Also, the young generation is prone to fast internet.

What does internet speed have to do with customer identity verification?

A lot!

Banks are not selling toys or stationery. They have to comply with the financial regulations in providing their services. Say, a millennial wants to open a bank account. The ideal or expected way would be to open it over the internet. But not many banks are providing these services currently.

Why Banks have a hard time Capturing Millenials 

The millennials are not happy with the conventional banking system. They do not have to depend on any particular bank or service in most cases. An army of Fintech companies and products are swarming the markets. 

But despite the banks’ marketing, they are not there where they would like to be, in fact, they are far from it. If there is a bug in the app of a bank, the young customer would not like to wait for it to get fixed. They would like to know, which service is better and faster. 

Moreover, the banks have not yet figured out the perfect products that cater to this market. Millennials are putting off buying large ticket items but, in the future, they will be holding a significant amount of wealth.

Cybercrime is the elephant in the Room 

Let’s address the elephant in the room; privacy and security. We are spending more time gawking at the screens of computers and phones than ever before. You can buy stuff online, apply for a visa, date someone, and the list goes on. However, among this significant amount of data, security is of utmost importance,

Privacy breaches, hacks and other forms of cyber attacks have made this generation weary and cautious of banks. Since the majority of wealth exists digitally, this raises concerns for privacy.

A Safe and Bright Future

One obvious tool to handle security concerns is the verification of identity. When a customer is about to send or receive payment, the verification should be foolproof. This relates to the identity of the user. 

Each time we interact online, it leaves a footprint, which creates their digital identity. As technology gets more advanced, so do the tools. Banking and security services that are powered by AI and machine learning can collect the data better, faster and with better accuracy. Faster identity verification solutions are a healthy sign for banks. 


There are troves of rich data available for businesses. How fast banks capture and utilize it to offer banking products to customers will define who can corner this market first. Banks need to get aggressive in integrating state of the art technology in their services. Otherwise, more technology-based services will take over.

Biometric Identification

Warning: You’re Losing Money by not Using Biometric Identification

On the surface, Biometric Identification might seem as if it’s only useful for opening your bank account or when you cast vote at the polling station. The reality is that it can increase business profits and prevent fraud.  

Install Biometric Clock to Save Time 

Manually marking attendance is not only tedious but wastes time. And you cannot rule out errors. Install a biometric clock and it will take the burden off the supervisor. No need to manually check who is absent or who arrived late.

Profit and loss of a business are not only about the margin on the products sold. Managing human resources effectively is as crucial as selling a product for profit. The biometric clock also keeps a record of employees’ habits or biological traits. 

This also ensures that no one is ‘buddy punching’. What this means is that employees share PINs or swipe cards and use it for their friend, who is spending time away from the office.

Stop Fraud from Within the Company

Marking attendance for someone else is not always voluntary. Factory unions and offices can have small groups that can put tremendous peer pressure on employees to clock in for someone else. 

The company loses money by paying the wages for the day to a person that did not work. In certain cases, this apparently harmless act can turn ugly. What if the person absent at the office was involved in a crime but their register proves that they were at work?  

Eliminate Loopholes

You can lose your swipe card or the PIN you wrote somewhere but you cannot lose your fingerprint. When a payment is processed through biometric-enabled POS systems, you can be certain that the person was present. 

An employee could also be working for you remotely. Think about it. There are apps that give you access only after you identify yourself via a biometric. If you are the business owner managing a team of remote workers, you can make sure that your worker who is appearing online is genuinely present. 

Beyond the Finger Print

Think Beyond simple fingerprint identification. Imagine banks opening up bank accounts for you when you don’t even have to visit the branch. This has been tried at a few locations using facial and identity verification. It proved convenient for customers and profitable for banks. They didn’t have to spend money on additional staff and paperwork.  

A standard way to achieve this is to ask the potential customer to upload a government-issued ID to a secure online portal. Then biometric identification services match the picture on the ID with the person’s face. This entire process takes a few minutes.

You can open a bank account in minutes!  

Facial verification systems are becoming smart. They are not fooled by someone holding up a picture. The algorithms search for 3D depth for liveness. Moreover, there are systems that ask the user to turn the face away or blink to verify the person.      

Business, banks in general, are heavily invested in state of the art biometric verification of customers. Customer convenience aside, these are mandatory in many cases for know your customer and anti-money laundering compliance.

Knowledge based Authentication

Knowledge Based Authentication a Thing of Past

If you are wondering what is knowledge based authentication or KBA, let me ask you a question, ‘what is your pet’s first name?’. Such questions are asked to verify someone’s identity. This information about a person can be found online. After experiencing the vulnerability of such questions, the world is moving towards stricter yet efficient measures for granting access.

The Basics of Knowledge Based Authentication

A standard KBA system has four elements;

  1. The question should be suitable for a large population
  2. The user should easily be able to remember the answer
  3. There should be one correct answer
  4. Others should not be able to guess it

Going through this list alone reveals that many of these ‘barriers’ can be easily overcome. The premise is that if someone (or anyone) answers these questions correctly, their identity is verified. 

But this could be anyone answering correctly.

What Went Wrong with KBA

Since social media has spread like wildfire, finding personal information about a person has become easier. Let’s look at four ways why KBA is a weak security measure;

  • Easy to Find information on Social Media

It is becoming very easy to find information about a person on social media. The more they engage online the more ‘crumbs’ they leave for identity thieves. Go to LinkedIn to find where a person works, visit Facebook to find out the movies they like, search a twitter handle to see their political affiliations, and the list goes on.

  • Information is for Sale

There are only a finite number of KBA questions circulating the web. Figuring things out about someone is not that hard. After hacking a website, the hackers put this stolen information up for sale. Pay the right price and buy someone’s personal information.      

  • Agonizingly Slow User Log in Process

Every online portal performs a balancing act between usability and security. Put in place KBA questions and it slows down the entire online experience. The more rigid the authentication process the more chances that the customers will leave an unfinished form. This means fewer sales for an e-commerce website. 

  • KBA – The All Access Pass

The old form KBA used to give access after answering the security questions. The problem was that once access was granted it was like giving a kid the keys to the candy store. The identity thief had access to everything. There should be different checks and different levels of security to those checks.  Changing your profile picture does not carry the same risk as transferring $1000 into someone’s account. 

What about KBA 2.0?

Upgrading the old system won’t solve the problem. Authentication here is based on knowledge, which is becoming easy to acquire. Just look at your email spam folder. Probably you’ve never even heard of those companies but they still found out about you and your interests. 

Modern forms of Verification

  • Facial Recognition

The authentication trend has gravitated towards facial recognition. It is very difficult to appear as someone else in front of the camera. Even attempts of holding up a picture in front of the camera to fool the system are being thwarted by modern technology.

Facial recognition is becoming increasingly popular, specifically with banks. Not only that the banks are using it to give access to accounts but there have been pilot projects for onboarding with it. They are constantly on the hunt for the best online verification services.

  • Securing Identity with a Chain

The year 2017 saw the rise of cryptocurrencies. Bitcoin reached an unprecedented high. This wave also highlighted the technology that runs the cryptocurrencies, the blockchain. Better to address a misconception before proceeding.

Blockchain technology is not confined to cryptocurrency, it is a cryptic form of networking. Once this open ledger is in place it can be used for communication, monetary transactions, smart contracts, and many other things.  

The key feature of blockchain is that it protects your digital identity. It is ingrained with a digital watermark that is unique to you. Every transaction that you carry out is performed with it, it can’t be stolen.

Knowledge based authentication is slow, unsafe, and quite vulnerable to attacks. Deep learning and artificial intelligence based services are readily replacing KBA. These are much faster and safer. With API, they easily integrate with websites and smartphone applications. Going forward solutions such as facial verification and liveness tests will become common.

Verify identity

How Blockchain is Making the World a Better Place

Verify identity: The whole world lives online now. Yes, that’s an exaggeration but we are gradually moving there. Every day millions of people connect with the internet to research, shop, comment and to pay bills. The more a person interacts online the more concrete their digital footprint. 

How Blockchain Can Resolve Identity Management Issues

What’s Wrong with Online Money Transaction?

Most online transactions require a person to give identification before proceeding. If you have purchased items on Amazon, used PayPal or Google Pay, you know the drill. Usually, these companies ask you to answer personal questions. 

Answering questions is not the problem, where they store them is.

Every time someone interacts with the internet this way, they leave that information on the web. Your digital identity creates clones on different platforms (wherever you interact), which is a security risk. Hacking of Equifax was one such episode where personal data was hacked. This event and many others expose how vulnerable the system is.

Try Out 15 Day Free Trial! 

How can Blockchain Help?

Blockchain offers security. It lets individuals and businesses create a peer to peer network. They can exchange information or currency through it. It also allows individuals to create digital identities or self-sovereign identities which are difficult to steal. 

What is so special about Blockchain? Democracy!

Master nodes are a possible solution to verify identity online. Master nodes democratically select a node to verify the user. Similarly, they can verify documents. Nodes are the soul of the blockchain.

There are three types of nodes;

  • Node: Send and receive transactions
  • Full node: Whatever the node does plus it keeps the copy of the entire chain
  • Master nodes: It has the power of the full node plus enables decentralized governance and budgeting. It’s the master.

Your Digital Identity is in Safe Hands with Blockchain

Blockchain basically creates your digital identity or a digital watermark that can be affixed to all your online transactions. Hence any unusual or suspicious transaction will not be approved since they won’t be wearing your digital watermark.

Blockchain not only secures your Verify identity but also helps secure the clones. Which means that you are more secure transacting online if it exists on the Blockchain. You get more freedom about your identity. The companies also get more control in who they approve or include in their blockchain network. 

Identity Theft Protection

10 Quick Tips Regarding Identity Theft Protection

Identity fraud has grown substantially in the past two decades, and unfortunately, it is here to stay. Here we share 10 quick tips about identity protection so that you’d have the necessary knowledge when choosing among the best identity theft protection services. 

The number of people hit by identity theft each year is staggering. In the US alone, this number reached over 16 million in 2017. The stats from the rest of the world are similar. Hence, the rising demand for identity theft services.  

These services monitor personal information on websites, public records, and other credit applications to look for suspicious activity. Click here for a basic intro by the consumer financial protection bureau. The major service providers, besides providing protection against identity theft, offer insurance for the following;

  • Specific out-of-pocket losses
  • Chat room monitoring
  • Public record searches
  • Monitoring black market websites
  • Anti-virus software

10 quick tips about identity verification services

  1. Identity theft protection services basically offer monitory and recovery services. Monitoring keeps an eye out for thieves looking to steal your identity, while recovery service helps to deal with the aftermath.
  2. There are two main types of monitoring services; credit monitoring and identity monitoring
  3. Depending upon your choice, credit monitoring can track your credit reports at different credit bureaus
  4. Credit monitoring services might alert you when;
    • a firm examines your credit account
    • a new credit card account is opened under your name
    • a creditor or debt collector says your payment is late
    • You file for bankruptcy
    • There is a legal judgment against you
    • Credit limit changes
    • There are changes in personal information (name, address, phone number etc.)
  5. Your monitoring service will only alert you when something suspicious shows up on your credit report. If an identity thief steals your social security number or files a tax return in your name, your theft protection service will not inform you.
  6. Identity monitoring services inform you when there are unusual requests regarding your identity. For instance, a request for a change in address.
  7. Identity recovery services help you after the theft. Normally, the trained counselors and case managers help you in recovering your name and finances.
  8. Major identity theft services offer insurance as well. Normally, they only cover out of pocket expenses, for example, in reclaiming your identity.
  9. Putting a security freeze on your credit report will prevent the thief from opening any more accounts in your name. You can unfreeze it free of cost by credit reporting companies – Experian, TransUnion, and Equifax (in the U.S.).
  10. If you suspect that someone has stolen your identity, you can put a fraud alert on your credit report. This will not freeze your account but the new lender will take extra measures to verify your identity. 

Credit monitoring products from credit bureaus generally do not provide robust coverage. They might also reduce your rights to sue them. You should seek identity verification services that give you the best cover. The most comprehensive theft protection service is Shufti Pro. It provides the protection using state of the art artificial intelligence and machine learning algorithms, for a fast and accurate theft protection system.

More posts