The FinTech Industry: A Snapshot

The FinTech Industry: A Snapshot

What is FinTech?

Financial technology, known more commonly as FinTech, is a term that refers to the use of technology to improve financial services and make them more efficient. As a driver of the digital economy, FinTech has the potential to revolutionize financial sectors through innovative financial solutions. 

The global FinTech industry is expected to grow at a compound annual growth rate (CAGR) of 6%, making it worth $26.5 trillion by the year 2022. Using software or other technology, FinTech powers mobile payments, crowdfunding platforms, insurance, investment, lending, as well as blockchain and cryptocurrency. In simple terms, it’s an emerging industry that aims to streamline financial flows and manage finances to enhance user experience and service delivery in the industry. 

Taking the financial services industry by storm, FinTech companies are valued in billions of dollars, with companies such as Adyen, Qudian, Avant and Ant Financial topping the list. In 2019, FinTech investments reached $55.3 billion, with close to half the amount coming from China. For the common man, services like Square, Swipe, Venmo, WePay have altered the way they perceive lending and payment transactions.

The mobile cash app, PayPal, recorded a 17% year-on-year growth and 286 million accounts active worldwide in the second quarter of 2019. Relatively traditional credit cards, such as Visa, are also catching up on the trend and making the move towards software technology. 

From businesses to consumers, the term encompasses all kinds of technology used in financial services, including mobile, software or cloud services. This has made consumers less reliant on traditional banking services and financial institutions. 

In 2019, 64% of consumers used at least one or more FinTech applications. This steep rise in the use of FinTech services reveals a new consumer pattern, in that users now prefer a digitized experience when it comes to accessing their finances on the go. 

With consumer-focused applications, technology has moved from the back-end of banking platforms directly into the hands of the end-user. Managing and tracking funds, insurance, and investments are easily just a tap away, with most of the services accessible from hand-held devices like smartphones and tablets.   

FinTech Categories

Personal Finance

 

  • Alternative Financing  

 

As a substitute for traditional financial institutions, Fintech lenders provide customers with loans based on credit scores and peer-to-peer loans. Budget apps provide financial advice and opportunities for individuals and households, as well as retirement and investment advice. 

 

  • Crowdfunding

 

Raising capital has become easier for firms, startups, and entrepreneurs through online crowdfunding platforms. Social projects, innovative products, and causes manage to raise equity capital by connecting with established investors. This virtual technique for fundraising also provides transparency to lenders and borrowers alike. 

Digital Banking

 

  • Consumer Banking

 

Consumers currently outside the formal banking sector can be reached with digital banking services, for example, in the form of prepaid cards. 

 

  • Mobile Payments

 

Banking services such as bill payments, funds transfer, and virtual access to bank accounts have been made possible on mobile devices through FinTech. A number of banking operations can be performed online using biometric technology. This includes payment back-end and infrastructure required to run payment processing, electronic payments and other points of sale terminals. 

Insurance

 

As a more flexible option than conventional insurers, the use of software technology to provide insurance services has become common. Personalized offers and pricing, data-driven insurance plans and risk management allows users an enhanced experience. 

Investment

 

FinTech investment solutions allow users to manage their investments in one place. Using a smartphone, financial instruments can be bought and sold. Augmented investment management analytics, offered as part of the digital service, allows users to better manage their next investment move. 

Blockchain and Cryptocurrency

 

Blockchain technology and digital currencies provide secure transactions that can be implemented to business-to-business (B2B) transactions. FinTech companies can leverage this technology into finance and banking realities and extend their user base. 

FinTech Use Cases

Inclusive Banking 

 

An estimated 2 billion people do not hold a bank account. Tapping into this market segment, located mainly in South Asia and parts of Africa and South America, is a key business opportunity for FinTech firms. This follows from the basic premise that FinTech builds on: reaching the end-user without friction. 

This outreach of Business to Client (B2C) budget apps and cash apps has the potential to revolutionize finances as we know it. Anyone with a mobile device can have direct access to their financial assets and make transactions without having to go through formal, and somewhat outdated, banking formalities. 

Easy Lending Solutions

 

Banks have served as the primary source of loans and financing for businesses for a long time. With the advent of FinTech, this is about to change. Through mobile technology, companies and individuals can now find a greater mix of lending avenues and make the process more transparent as they go. 

Lending and payment services were amongst the first few services offered with the intention of supplementing established financial institutions. Access to financial data through cloud-based platforms and Customer Relationship Management software also lends a hand in supporting businesses. 

What’s Next for FinTech?

The fact that FinTech has infiltrated the financial services industry does not indicate the demise of conventional banking just as yet. While financial institutions may not be able to turn the tide, they can draw level with disruptors by incorporating innovative technologies in their offerings. Innovation incubators, labs, and other investment vehicles have been put in place by large institutions with a view to adapt to changing times. 

As a strategy, understanding FinTech will be part of business acumen, for a future outlook on financial services. As opposed to being considered as alternatives, technological solutions will need to be considered as permanent collaborations between the new and the old. The eventual outcome will be based on the extent of cooperation that can be achieved before innovations start to pay back.  

The Internet of Things (IoT), AI and APIs will transform the way businesses plan to use technology to complement their services. Blockchain, for instance, has untapped potential for redefining payments by amplifying the speed at which transactions can be made. Big data is revolutionizing decision making in areas of investment, customer engagement and outreach, as well as product/service development.

WHY YOU NEED TO KNOW YOUR BUYER

Why You Need To Know Your Buyer

Online payments are fast replacing cash transactions with the top payment companies harboring 1billion+ active users. By 2023, global mobile payment transactions will be worth more than £3.5 trillion, as indicated by findings from Allied Market Research. Between 2017-2013, the market is expected to grow at a compound annual growth rate of a staggering 34%. 

Merchants are currently supporting various online payment channels including desktop browsers, mobile apps, POS systems, and direct purchases through social media. Support is being developed and furnished for all of these channels, along with additional innovative solutions for a growing online buyer base. 

In order to safeguard themselves from online fraud, suppliers are also looking into buyer verification solutions that help you know your buyer, and more importantly to know your buyer’s customer. 

Implications for E-commerce and Online Security

According to Worldpay’s 2018 Global Payment Report, the global share of cash as a payment method will decline from 32% in 2018 to a little over 15% by 2022. The same dataset reveals that the use of credit and debit cards has remained steady in this time period, while mobile payments have witnessed a steep rise since 2018. By 2022, e-wallets and other modes of cashless transactions will be just shy of 30% of the point of sale payment (POS) methods globally. 

Following potent buying trends in global online payments, a number of security concerns surrounding online transactions need to be accounted for. Both consumers and service providers worry about the new mode of doing business, with privacy and data breaches emerging as the largest barriers to online payment adoption. 

Thanks to mobile e-wallets, digital currencies and payment alternatives like PayPal and WePay, opportunities for mobile commerce are also proliferating. As a result, online fraud has become an imminent threat to digital transactions, with 16.7 million victims of identity fraud reported in 2017 alone. Additionally, the Online Fraud Benchmark Report by CyberSource notes a 30% increase in eCommerce fraud attacks compared to 2016. 

Previously, financial crimes centered around the misuse of physical credit cards, but as merchants switch to chip-enabled cards and in-store mobile app payments, fraudsters have made the move too. Online fraud activity builds on stolen consumer information with data breaches on the rise, and millions of consumer records exposed to malicious minds. 

E-commerce fraud is a double-edged sword, impacting both victims of identity fraud, and suppliers alike. While buyers lose sensitive personal information, merchants find themselves at a larger financial loss. This is because of the reimbursement process following a fraudulent transaction. The seller loses the merchandise ordered by the fraudster, refunds the original buyer, and pays credit card charge-back fees associated with the transaction.

How Know Your Buyer Checks Can Help

 

Businesses have to look deeper into foolproof methods of providing online services. This means that Know Your Buyer checks are going to be increasingly important in order to safeguard business and financial operations, as well as maintain good industry repute. 

Verification providers have also caught up with malicious trends in e-commerce fraud, and tailor Know Your Buyer solutions to provide a risk cover. For a cashless world to be both efficient and safe, extra layers of security at the point of sale is just what is required right now to ensure compliance with know your customer (KYC) regulations. 

Buyer Identity Verification

 

The security of payment networks depends largely on verification of sellers and buyers, to ensure that only genuine transactions are allowed to go through. To know you, buyer, evidence of a member’s identity is collected by verification providers using a Verification API that also provides proof of transaction. 

An official ID is required to be submitted by the user, such as a driver’s license, passport, or national identity card. For liveness verification, a selfie will be taken to act as proof of presence, which must match the identity document. This completes the process and tells the seller that a buyer has actually purchased the product. 

Safe marketplaces

 

Keep your community safe by verifying both sellers and buyers, and opt to know your buyer solutions that protect sensitive data from fraud and unauthorized access. 

Know Your Buyer solution providers take into account the high volume of e-commerce being reported each year, and thrive to provide seamless buyer verifications. Before making or accepting payments, vendors and buyers are required to complete an identity verification process with high-security protocols. The verification systems must comply with global regulations for AML/KYC/KYB in order for the business to complete Know Your Buyer compliance procedures without friction.  

Know Your Buyer Persona 

 

Your customers or your business’ customers can have varied priorities and choose different metrics to steer progress. Using a buyer-centric approach to business expansion and growth will translate into fruitful long-term customer relationships. 

Key information and credentials about buyers can also help you know your buyer’s persona in a better way. Buying behavior in the digital age is a key indicator of shaping new plans and promotions and can be gleaned from the channels that the buyer is choosing for a purchase. 

Especially true for new entrants, brands can leverage this data to target a specific audience that has shown interest in their product or service. This will also help streamline business policies and schemes if you know your target market, eventually boosting user experience for the end product. 

For the safety of growing digital economies, knowing your customers, businesses, and buyers has long-lasting implications. As we continue to embark on new avenues for cashless transactions, complying with essential regulatory directives will help keep us on the right track. 

How Biometric Technology is Shaping Up for 2020

How Biometric Technology is Shaping Up for 2020

The verification of individuals for security measures has become remarkably important for organizations across all sectors. It’s not only imperative for financial institutions, banks, and law enforcement agencies to employ robust authentication systems but also for educational institutes, small businesses, and online retailers. The heightened threats of identity thefts, frauds, and online scams make greater security measures a necessity. 

One of the most appealing features of biometrics technology as a security measure is its simplicity. Biometrics employs the use of individual biometric traits. The most commonly used biometric authentication tool is fingerprint followed by facial recognition. Other forms of biometric modalities include facial verification, retina scans, voice recognition, finger vein IDs, etc.  

Biometrics has advanced to much prominence, especially in the last few years. In a 2015 report by Juniper Research, more than 770 million biometric authentication applications will be downloaded each year by 2019. In 2018, the global biometrics market accounted for $14.6 billion. It is expected to grow at a CAGR of 16.2% over the years of 2019-2027. 

The concept of biometrics can be traced as far back as 31,000 years ago when men were leaving handprints as signatures next to their cave painting. This system went through a number of changes and by 1903, New York prisons were utilizing fingerprints of inmates to keep track of offenders. But it’s only been in the recent past that biometric technology has gone under striking evolution to become what we see today. The integration of biometrics in smartphones expanded rapidly in 2013 when Apple introduced the fingerprint sensor on its iPhone X’s home button. 

A number of businesses these days employ the use of biometrics. Healthcare, banking, financial services, digital currency, telecom, aviation are some of the businesses that have to incorporate customer identification. These businesses have exercised biometrics to protect their processes and remarkably increase their efficiency. The average identification time using a biometric system typically varies between 3 to 5 seconds. 

What Will Biometrics Look Like in 2020? 

 

According to a poll by Spiceworks, 90% of businesses will be using biometrics by 2020. The biometrics market is expected to reach a value of $24.44 billion by 2020, according to a report by MarketsandMarkets. This significant rise in biometrics begs the question of the future of biometrics. 

Let’s take an in-depth look at how biometrics will be all the rage in 2020. 

 

  • Majority Banks Will Employ Biometrics For Identity Verification 

Financial institutions and banks fall under immense constraints to verify the identity of their clients and have robust identification systems. Being the guardians of some of the most sensitive data, banks have to be at the forefront of biometric authentication

According to a report by ResearchandMarkets, 1.9 billion bank customers will be employing biometrics. Bank customers will be using biometrics to

  • Withdraw cash from ATM
  • Prove identity during customer onboarding
  • Initiate the process of online money transfer 
  • Access the mobile bank app 

According to a Goode Intelligence report, biometrics will be the primary means of identity authentication utilized by banks and financial institutions. 

 

  • Multimodal Biometric Systems expected to grow the most

Due to a growing need for security and protection, biometric technology is constantly evolving. The growth of multi-modal biometric systems can be attributed to the need for mitigation of frauds, scams and hacks. Multimodal biometrics employ at least two or more biometrics to verify the identity of the clients. There are a number of advantages of multimodal biometric systems over the unimodal systems: 

  • Through the combination of multiple identifiers, an additional level of security is added. 
  • Multimodal biometric systems are more effective, accurate and dependable. 
  • Another supplementary advantage of using a multimodal biometric system is the reduction in the Failure to Enroll (FTE) and Failure to Capture (FTC) rates. 
  • It provides a greater recognition efficiency compared to a unimodal system.
  • The intruder would have to break into more than one biometric system to break into the biometric multimodal system. 
  • Due to the availability of a number of features, a multimodal biometric system is more reliable.
  • If any of the modalities in a multimodal system is eliminated, the system can still effectively ensure security

Multimodal biometric systems will continue to gain more traction in 2020 with the increased development in the biometric sector. 

 

  • New Means of Identity Screening Will Be Explored

When it comes to biometrics and their application, most people limit it to fingerprint scans or facial recognition. Fingerprint modality is a huge market and is one of the most used biometrics. Biometrics is a vast field and through every passing day, its needs are escalating. In a 2017 report, it was noted that fingerprint modality will grow to an exceptional $11 billion in Banking and Financial Services by 2020 securing about $5.6 trillion payments. It becomes imperative to include newer means of biometrics for identity screening. 

The year 2020 will see other means of biometrics-based security systems. According to FCW, other biometrics methods will be joined alongside fingerprint and facial recognition. These different methods include measuring respiration and pulse or identifying veins in a finger. Cognitive vetting is also being explored like evaluating reactions to certain stimuli. These methods may very well prove to be more secure and reliable as compared to the present ones. But it is crucial to note that with more developments in the biometric industry, privacy questions will be raised as well.  

 

  • Biometrics Will Become Mainstream in Smartphones

It was not that long ago when digital biometrics was only a myth seen in sci-fi movies. In the last few years, biometrics has become remarkably mainstream, especially in smartphones. In 2016, 750 million smartphones which employed biometrics were in use, representing 30% of the global smartphone installed base. According to a report, by 2020, 100% of the smartphones in use will incorporate biometrics. 

Supplementary to that, more than 800 million smartphone transactions employing biometrics will be completed by 2020, generating close of $7 billion in annual biometric authentication revenue. Facial recognition for smartphones is going to gain a lot of traction as well. In 2020, 64% of smartphones shipped worldwide will have facial recognition technology. This percentage is up from just 23% last year, according to a report from Counterpoint Technology Market Research. 

Biometrics is a growing industry and when used correctly, it has provided an accurate set of data. Through the use of biometrics technology, users don’t have to go through the mundane processes of building complex passwords and remembering them. Biometrics provides a transparent way of identity verification and user accountability. 

Despite being secure, there are some privacy concerns attached to biometrics technology. There are issues that revolve around the safety of data collected and stored by retailers as well. Due to these privacy concerns, regulations regarding the use and collection of data are also being considered. In spite of this, the year 2020 will bring remarkable advancements in the biometrics industry. 

AML Technology Eradicating the Perils of Money Laundering

AML Technology Eradicating the Perils of Money Laundering

In the past few years, we have seen a substantial increase in the number of legislations regarding how legal entities especially financial institutions combat financial crimes like terrorist funding, money laundering, and identity theft. A report estimates that in 2009, criminal proceeds amounted to 3.6% of global GDP, with 2.7%  (or USD 1.6 trillion) being laundered. Businesses are in dire need of KYC and AML compliance to fight back all such frauds. Business owners are deploying various measures against scams but the AML compliance program is effective out of all. 

AML compliance program is basically a methodology that defines the role that governs how a company monitors accounts, detects and reports financial crimes to relevant authorities. AML screening tackles with the intrinsic money laundering risks the company faces or can face in the future. The role of legislation is crucial in order to know how the AML compliance program should work. Customer screening for anti-money laundering is for completing due diligence to prevent and deter money laundering, terrorist financing, and other financial crimes and frauds. 

Why AML Compliance?

AML( Anti Money Laundering) practices have been used for businesses around the globe and all regions require the businesses to perform due diligence on their customers in one way or the other. AML compliance is not as difficult for organizations to follow as it seems. An investment of a few thousand dollars can obviously demit the loss of millions in penalties that businesses will have to pay eventually. 

To detect suspicious transactions and analyzing customer data, Anti-money laundering AML screening has been employed by financial institutes and other businesses. To filter customer data and classify it according to the level of suspicious and inspect it for errors is done by AML systems. Any sudden and substantial increase in funds or a large withdrawal of cash includes such anomalies.  AML checks are not for money laundering but also put a tight reign on frauds like tax evasion, terrorist financing, etc. AML compliance has a system to report money laundering activities to relevant authorities evaluating the client’s risk profile. 

Artificial Intelligence Enhancing AML Checks:

 

Artificial intelligence (AI) has the potential to transform financial institutions (FIs), disrupting every aspect of financial services, from the customer experience to financial crime. AI technology can be utilized by FIs in a number of ways, with anti-money laundering (AML) one of the main areas of focus. FIs can employ AI to analyze large amounts of data, to filter out false alerts and identify complex criminal conduct. It can identify connections and patterns that are too complex to be picked up by straightforward, rule-based monitoring or the human eye.

FIs are awakening to the potential of AI, both internally and externally, and beginning to embrace it. According to the Digital Banking Report, 35 percent of financial organizations have deployed at least one machine learning solution. Artificial intelligence has the ability to completely transform how banks perform AML and Know Your Customer (KYC) compliance. Additionally, for this need of anti-money laundering, artificial intelligence systems are capable to mine a great volume of data to prevent risk, which simplifies the process of identification of high-risk clients.

 AI is crucial when performing repetitive tasks, saving a lot of valuable time, resources and efforts that can be refocused on other tasks. AI technology including natural language processing NLP and machine learning ML can create automation in process of AML screening.

How is AML Compliance impacting Businesses?

 

AML compliance can intelligently extract risk-related facts from a huge volume of data making the process of identity verification a lot more smooth and risk-free. It has the ability to track the alterations in regulations around the globe. It fights against financial crimes by identifying gaps in customer information by financial institutions and provide Know Your Customer ( KYC) alerts. Here are ways in which  AI has revolutionized AML screening to help the client onboarding process easy, resulting in bringing higher revenue and lower fraud risk to the business:

 

  • Enhanced Due Diligence:

 

Artificial intelligence can automate AML screening that helps automate the creation and updating of the client risk profile to match this against the classification process i.e high, medium or low risk that ensures continuous compliance throughout the client life cycle. Moreover, it assists the process of identity verification easier for enhanced due diligence.

 

  • Improved Client On-Boarding:

 

When applied to workflow automation, AI along with AML  has the ability to transform the generation of documents, reports, audit trails and alerts/notifications.

 

  • Risk Assessment :

 

AML compliance can help mitigate risk as whenever a client is highlighted with a suspicious activity system can block resulting in the removal of any sort of risk. It gives a full understanding of the different tiers of risks a customer presents and how to mitigate them

 

  • Detection of Suspicious Activity:

 

Any suspicious activity can be detected and immediately reported to the concerned department without putting yourself in trouble. The goal here is to have systems in place for prompt detection of activities associated with money laundering. For instance, suspicious activity can be:

  •  Increase in cash deposits of or business without any obvious reasons.
  •  Providing very little information when applying for a bank account.

 

  • Managing Regulatory Compliance and Change:

 

AML screening ability to counter patterns in a vast range of text enables it to make an understanding of all changing regulatory environment. Furthermore,  to analyze and classify documents to extract useful information such as client identities, products, and procedures that can be affected by regulatory changes. It can be instrumental in helping banks and other financial institutions to fight back financial frauds. 

 

  • AML Screening and Investigation:

 

A recent Dow Jones-sponsored ACAMS survey revealed the most challenging for bank compliance is of false positive. Underpinning the alert generation method with AML may end up in fewer false positives. whereas they’re a major part of the AML compliance method, alerts don’t seem to be enough to support an efficient and thorough investigation method. What’s needed is that the linking of high-quality information to the alert (via interpretation associate degreed link analysis) to supply a correct, graphical illustration of the legal entity structure. AML beside AI will facilitate to leverage antecedently performed steps within the alert investigation method to formulate a suggested next steps approach.

AMLD5- Closing the loopholes of AML:

 

Consider new technologies and improve transparency AMLD5 is here to fulfill the EU’s next-generation AML requirements:

The goals of 5AMLD are as follows:
  • Impact on  financial intelligence units and facilitate increasing transparency on who really owns companies and trusts by establishing beneficial ownership registers
  • Prevent risk associated with the use of virtual currencies for terrorist financing and limit the use of prepaid cards
  • To secure the financial transaction to and from the high-risk third parties. 
  • The access of financial intelligence units to information including bank account registers must be enhanced. 
  • Ensure centralized national bank and payment account registers or central data retrieval systems in all member states.
Cybercrimes Rise 5 times in 4 years and Continue to Soar!

Cybercrimes Rise 5 times in 4 years and Continue to Soar!

 A rapid stride in the tech world over the years has increased cybercrimes immensely. According to a report, cybercriminal activities have clamped up 5 times in 4 years.  Since the usage of the internet is increasing with every passing day this internet connectivity has clamped up the volume and pace of cybercriminal activities. It is a challenging task to keep the pace up with new technologies, security trends, and threat intelligence. 

In order to protect information and other assets, it is necessary to take precautionary steps to avoid falling prey to cyber-attacks which are of many types. For instance, identity theft in order to gain sensitive information that is typically protected, credit card fraud, Ransomware which is demanding a payment to decrypt the locked computer or software, phishing in which fraudulent emails to steal sensitive data. Cybercrime in recent times has taken a curious turn with the character assassination of individuals and multi-crore frauds by lurking its way through popular social media platforms.

Cybercrimes- Calling out a set of Perils:

The use of cybersecurity can help prevent cybercrimes, data breaches, and identity theft and can aid in risk management. The protection of internet-connected systems, including hardware, software, and data from cyber-attacks is referred to as cybersecurity. Cybersecurity is a technique of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation. Protection of the usability, reliability, integrity, and safety of the network comes under network security. 

At the global level, the U.S. is taking giant strides forward in terms of implementing cybersecurity. In 2017, two cybercrime major incidents brought down government networks that sent an alarming signal. The need to implement reliable and impenetrable cybersecurity systems received an added push. 

Trends in CyberSecurity:

 

In the wake of the growing sophistication of cyber adversaries, the unprecedented volume of attacks and increasingly lethal IT security threats, coupled with stricter regulatory mandates, there is a pressing need to cope up with IT security more than ever in this new year. Here are some cybersecurity trends at a glance:

 

  • Tracking Shadow IT Inventory

 

Software programs and applications which are not approved by enterprise IT but still running on user devices will be more liable to exploit shadow IT resources. As businesses increasingly embrace software as a service (SaaS), norms are becoming somewhat lenient as users enjoy greater freedoms with their own devices. But it should not be happening by putting cybersecurity at the stake. In digital transformation, businesses will need to take steps for security and constantly monitor user access rights and permissions for any possible regulations.

 

  • User Awareness

 

Businesses need to keep their eyes peeled for any potential risk that can come from their own users. This may include potential harm arising from a sophisticated phishing scam or a user’s lack of awareness in fulfilling a mandate, resulting in data loss, identity theft, etc. Users are always the weakest link in the security chain of business. So it’s crucial to give user awareness training for cybersecurity. 

Just by the employment of next-gen security measures will not help in doing what’s necessary. There are a variety of incidents where users violate the security code of conduct. For example, logging into unsecured public networks, using work devices for personal transactions, downloading unapproved applications, etc. This needs to change.

 

  • Targeted Phishing Attacks:

 

Unsuspected users continue to fall prey to phishing attacks which are the most pervasive IT security threats. A study conducted toward the end of 2018 suggests that online phishing attacks were up 297% over the last year and 2019 shall see this trend booming. Comprehensive security awareness programs should be adopted by businesses. This may include investing in phishing simulators that explain various emerging patterns. This should help users identify suspicious phishing emails, ensuring they do not end up handing over the keys to the castle.

 

  • Operationalizing GDPR

 

Businesses should think of GDPR to increase IT security. As GDPR makes it necessary to appoint a dedicated data protection officer (DPO), operationalizing this compliance will require understanding several aspects of the law, such as how information privacy is protected and anchored in. It will help to determine if the up to date intelligence on the data processed is available. 

 

  • Cloud security:

 

Cybercriminals take aim at the cloud. An increasing number of databases are being hosted in the cloud, which is where software and systems are designed specifically to be deployed over a network. As more and more businesses migrate to the cloud, a new role of cloud migration security specialist will be a key part of large IT teams. Cloud hygiene will only grow in importance over the next 12 months, particularly in avoiding devastating data breaches. Many management and identity verification tools can be used in this regard.

How Can We Fight Cyber Crimes?

 

Fighting cybercrimes is everyone’s business in one way or the other. Following are some ways to protect yourselves against cyber-attacks:

Use Internet Security System

 

Use software that can provide real-time protection against existing malware including ransomware and trojan viruses. It will help protect your data when you go online.

Use Strong Passwords

 

Do not just add easy to guess traditional passwords. Always use a strong password and keep on changing the passwords after some time. Do not repeat the same password for different sites. 

Keep Software Updated

 

Always keep an updated version of the software. Cybercriminals use known exploits frequently to gain access to your software. Keeping updated software will make it less likely that you’ll become a cybercriminal target.

Guide your Children

 

Teach children about the use of the internet. Make sure they are comfortable sharing with you if they experience any sort of online harassment, stalking, or cyberbullying.

Take Measure to Protect Identity Theft

 

You can save your identity from falling into the wrong hands. Know that identity theft can happen anywhere so always be very cautious. It occurs to obtain your personal data in a way that involves deception mostly for economic gain. You might be tricked into giving personal information over the internet or cybercriminal can steal your mail to access account information. So guard your personal information by using VPN over new Wi-Fi connection and keeping your travel plans off social media. Protect your children as identity thieves mostly target children. 

Keep up to Date on Data Breaches

 

Just over the last decade, there have been over  2,550 data breaches with millions of records being affected and the nature of the stolen information makes them considerably more serious than most. One should always stay up to date by such cases so that he can protect himself against such incidents. This will help you find out which type of data was targeted by criminals so that you can protect them. 

Manage Your Social Media Accounts

 

Keep your private information well secure and locked down on social media sites. Just a few data points will be enough for social engineer cybercriminals to get your personal information. It the less you share publicly the better it is. 

Always Use a VPN

 

Whenever you are using any WI-Fi network at a public place it is a good practice to use VPN whether in a library, hotel, cafe or airport.

Become a Victim? Know what to do

 

If you believe you have fallen prey to cybercrime, you need to inform local police and in some cases FBI even if the crime seems minor. Your report may assist the authorities in their investigation or may help to thwart criminals from taking advantage of people’s personal data in the future. If cybercriminals have stolen your identity following are some steps you can take:

  • Report the crime to FTC
  • Get your credit reports and place fraud alerts
  • Contact financial institutes or companies where the fraud occurred. 

As technology is advancing, it is important for every organization to identify the real problem i.e. lack awareness related to cyber intelligence and crime could potentially inflict a heavy loss. One should be aware of how to protect himself against these crimes and where to report if he gets trapped in. In a nutshell, cybercriminals are becoming more discrete and to identify the breach in security needs to be identified and dealt with high urgency to avoid identity theft and data breaches. 

 

Why CDD is significant for both Know Your Customer and Know your Business verification?

Customer Due Diligence: From KYC to KYB

Why CDD is significant for both Know Your Customer and Know your Business verification?

Banking is a profitable sector but is risky at the same time. Frauds, as well as compliance risks, are often complicated and intricate. The banks and financial institutes are spending a high amount of capital on KYC compliance, which surpassed $100 billion in the year 2019. Even with this much investment, global banks have been fined $321 billion since the global crisis in 2008. Further complicating these risks is the fact that financial crimes such as money laundering, terrorist financing, and cyber frauds are increasing.

On the other hand, regulatory authorities are striving hard to enforce measures that could lead to the eradication of financial crimes. One of the first regulations that were enacted amidst the Vietnam war back in the 1970s was BSA. US regulatory authorities issued the Bank Secrecy Act of 1970 (BSA).

The purpose of this law was to counter money laundering activities emerging from illicit drug trafficking. Under this provision, banks are obliged to report any customer activity that seems suspicious such as transaction above $10,000 to the Federal Financial Crimes Enforcement Network (FinCEN).

The regulations aimed to make it difficult for the drug cartels, terrorists, and other lucrative criminal enterprises to launder money by making their transactions more visible to law enforcement agencies.

Introduction of Customer Due Diligence as Know Your Customer (KYC) regulations

 

The Banking Act of 1970, laid the foundation for the Anti Money laundering (AML) regulations later in US patriot Act, 2001, after the tragic incident of 9/11. Customer due diligence (CDD) was declared necessary for the financial sector. The term coined for performing CDD is Know Your Customer or KYC.

The KYC regulations were fortified to restrain the flow of money to the terrorists. It requires financial institutes to verify the customer to ensure that they are, who they claim to be. These regulations led to the adoption of various approaches to comply with CDD and KYC laws. Since the US regulatory changes affect the landscapes of the global financial sectors, these regulatory changes were accepted by the banking sector worldwide.

Financial Sectors adopted several ID verification controls to respond to these regulations. These ID verification controls include:

  • Maintaining a thorough Customer Identification Program (CIP).
  • Verifying customers against the list released by Law enforcement agencies.
  • Predicting, customer’s behavior and criminal risks associated with a particular entity, based on the statistical data.
  • Ongoing screening of the transactional activities of suspected customers.

It continues to be the main line of defense for the financial sector against financial crimes, with minor amendments. For a simple person, this law appears comprehensive. However, in June 2016, a loophole was identified in KYC compliance regulations. 

The banks weren’t required to verify the identity of stakeholders and beneficiaries of the businesses they provide services. It was after Panama Papers Scandal the world realized that apparently, legitimate businesses could hide the identities of bad actors and perform illegal activities on their behalf. The regulatory authorities identified the risk and issued a fix as Know Your Business (KYB).

Tying up Loose Ends with KYC Verification

 

This fix made by regulatory authorities in the KYC checks includes the Customer Due Diligence for the financial institutes. Under the new provision, Financial institutes are now required to perform stringent verification checks. KYB regulations are aimed to identify the shell companies that are involved in money laundering and other illicit financial crimes. 

Firms are required to verify the person who owns the business legally as well as, the identity of stakeholders owning a minimum of 25% share in the business. European Commission also introduced the same legislation in its 4th AML Directive (4AMLD). This process of business verification was improved, with new regulatory changes in AMLD5 and AMLD6, which are aimed to make due diligence transparent.

However, KYB compliance is not easy to achieve as it seems. The major problem in KYB verification is the identification of shareholders in the businesses. Most of the time, no record of these entities is available and to make things worse, the disclosure requirements in each jurisdiction varies. This sometimes makes it impossible to identify the stakeholders in the business. It is a recipe for disaster, for the firms who want to stay in compliance.

Turning towards Technology for Solution 

 

Emerging from the ashes of the global financial crisis in 2008, the new regulatory technologies are helping to ease the burden of compliance by reducing the operational costs as well as mitigating the risks for financial crimes. At the crux of these technologies, is the use of new technologies such as Identity verification and KYC identification, to help financial institutes to monitor, comply and regulate. The RegTech solutions are already assisting financial institutes to meet KYC and AML regulations.

Businesses need to stay one step ahead of the fraudsters. With a comprehensive approach to global risk mitigation, businesses could easily prevent fraudulent activities and stay in compliance with regulatory authorities. 

RegTech industry is rendering efficient AI-based solutions for Business verification solutions that can eliminate the inefficiencies and risks involved in onboarding new customers. For instance, automation of official document checking process and verification against the government issued registries. 

The future of RegTech is expected to see great adoption in the financial sector in the future. Owing to the changes in regulatory compliance, performing KYC and KYB verification parallelly will enhance the customer due diligence process and businesses to stay compliant.

 

FATF Guideline Key Features

RegTech – FATF Guidance for Digital Identity Verification

Regulatory authorities have recognized the benefits of technology and its use for seamless regulatory compliance and scrutiny. Digital identity verification referred to as “digital ID systems” in the FATF guidelines, is a futuristic approach towards fraud prevention. FATF recently issued a guideline for digital ID systems, their use cases, the risks involved and the benefits of such solutions. 

FATF took this initiative back in 2017. It showed its positive attitude towards technological solutions for regulatory compliance that are aligned with the regulations of FATF. Since then FATF has been working on developing guidelines for such fintech and RegTech solutions, that will further make this industry fraud-free. As the guideline highlighted that risk prevails in the fintech industry as well and it can be mitigated through regulatory compliance. The FATF guideline on the digital ID systems is still under scrutiny and it requested suggestions for public stakeholders to leave no loophole for financial criminals. 

FATF Guideline Key Features

The following are the key features of FATF guidance on digital ID systems. It is expected that the final draft of guidance will be very much different from the current draft. 

 

  • Stakeholders of the Digital ID guidance

 

FATF developed guidelines to assist in regulatory compliance, supervision, examination, and cybersecurity authorities by government organizations involved in policymaking. Also, the private sector that delivers digital ID systems will have a lot to gain from the guidance. 

Last but not least, the businesses and organizations that use outsourced digital ID systems will also benefit from this guidance, as it will help them to choose the best Digital ID verification solution. 

 

  • Limitations of the guidance

 

The guidance draft issued by FATF doesn’t cover any information regarding some Customer Due Diligence (CDD) practices. The guidance doesn’t cover the CDD through digital ID for legal person verification, Ultimate Beneficiary Owner (UBO) screening, and nature of a business relationship. 

There is no doubt that digital ID verification can serve these above-mentioned purposes as well but for the time being FATF didn’t cover these in this guidance. 

 

  • Main components and participants of the digital Identity systems

 

The guidance mentioned three main components and participants that it seeks to be available in digital identity systems used by the entities. It includes the process of identity screening through digital ID systems, the ongoing screening and the technical aspects of the digital identity systems. 

  • Identity proofing and enrollment is the first component and it involves the collection and verification of customer data. A picture is shown on the 13th page of the guidance draft and it shows the process of collection of data from the official identity document (like ID card) and then screening of the information to verify the identity of a customer. The component one also includes the verification of a person through biometrics like face verification and liveness detection to ensure that the original person is providing the identity evidence.

 

  • Identification and identity lifecycle management is the second component and it includes the information regarding the stakeholders that need to be verified. The system should be designed to verify the identity of new customers and to verify the identity of already existing customers. It also mentioned that the digital identity system can be used every time a customer logs in to his/her account online or for every face to face interaction with the customers. Such verification should be performed on all the transactions and events mentioned in the FATF regulations regarding identity verification.  

 

  • Portability of identity proof is the third component that allows the end-users to develop portable identities that will be issued for future verification. 

 

 

  • References 

 

The guidance referred to NIFT Digital ID Guidelines and EU’s EIDAS Regulations and explained how Digital ID systems help in the effective implementation of CFT and AML regulations. 

 

 

  • Technical standards

 

The Digital ID systems that follow the guidelines of following international standard organizations are good to go as per the guideline:

  • various jurisdictions or supra-national jurisdictions (e.g. eIDAS Regulation by the European Union)
  • International Organization for Standardization (ISO), International Electrotechnical Commission (IEC), Faster Identity Online (FIDO) Alliance, and the OpenID Foundation (OIDF), and
  • International Telecommunications Union (ITU) and GSMA (for industry-specific). 

To wrap up, businesses are required to comply with KYC, AML and CDD recommendations of FATF in every corner of the world. Now FATF is making things easier for them by developing a guideline for digital ID systems. Just follow this guideline for choosing the best identity verification solution for your business.

AML Compliance in EU Member States and Risks of Businesses

Making regulations is just the first step, the true game starts when it comes to implementation, the European Supervisory Authorities report gave this clear message. 

European Union regulatory authorities are always in a wake to improve Anti Money Laundering (AML) and Counter Financial Terrorism (CFT) regulations. Currently, the fourth AML directive is in action in the member states of the EU. Europen Union Supervisory Authorities (ESAs) recently gave a joint opinion based on the AML and CFT data collected from the member countries and expressed their concerns regarding the CFT and AML compliance in the reporting entities. 

The member countries are required to give this joint opinion on money laundering and terrorist financing risks in the EU financial sector every two years based on Article 6(5) of (EU) 2015/849 (the 4th AML directive). The ESAs (EBA, EIOPA, ESMA) report showed concerns regarding monitoring transactions and suspicious transaction reporting, cryptocurrencies, Brexit, and the risks associated with operations of businesses that handle a large number of financial transactions. 

Major Concerns of ESAs

The ESAs expressed some major concerns regarding the risks lurking in the financial infrastructure of EU countries. The detailed report contained the data proof of how credit institutions are exposed to more risk as compared to previous years. 

Inconsistent implementation of 4th AML directive

 

The uniform implementation of the 4th AML directive is a challenge as the legislations in a country are influenced by several stakeholders. The report of Joint Supervisory Authorities (JSA) highlighted that political and regulatory entities in the countries influence the implementation of the EU AML and CFT regulations. The countries often don’t understand the regulations properly and there is a lack of uniformity in the regulations across the EU so it leaves a loophole for the companies that plan to do illegal business. For example, if one country is rigid in AML and CFT compliance then the businesses or the criminals move to other countries with relatively lenient regulatory compliance requirements. So, it affects the effectiveness of AML and CFT regulations. 

Brexit

 

The United Kingdom is all set to leave the European Union in some time. The report of the ESAs identified that the firms working in the EU will be affected by this change in the EU landscape. The firms listed in the UK will have to update their operations as per the new UK regulations. Also, the firms outside the UK will have to get themselves registered with the UK as per the new regulations. 

This huge change in the infrastructure will affect the regulatory landscape of the EU. Most probably it will make loopholes for financial criminals. The UK was used by the shell companies in the past, and now this sudden shift in regulations will definitely take some time, so, the criminals are most likely to gain over this delay. 

Nicola Gratteri a public prosecutor in Calabria predicted that Brexit might aid the Italian mafia in pooling in their illegal money to the UK. Shell companies will be the safe haven of criminals to legitimize their cash proceeds from drug dealing, human trafficking, etc. 

Regtech and Fintech

 

Technology is a freeware that is used equally for fraud and fraud prevention. The advent of Fintech and Regtech definitely improved the operations in the financial sector but it also increased the risk. Lack of regulations and minor regulatory compliance in this sector is the source of risk. Fintech and Regtech are widely adopted by people and are very dear to legitimate users due to the ease created due to these solutions. 

Lack of legal and regulatory understanding among the Fintech and Regtech businesses is a point of concern. The businesses that don’t practice are more likely to fall prey to identity thieves and criminals. The in-depth understanding of regulations and regulatory compliance by Regtech solutions is vital to deliver quality risk prevention, so the businesses should be careful while choosing one such solution. 

Cryptocurrencies

 

Cryptocurrencies are major concerns of the JSAs. Although the AMLD5 and AMLD6 are drafted to address this risk. Lack of regulatory awareness and commitment in the cryptocurrency ecosystem are some major concerns expressed in the report. The EU is also planning to increase the scope of “virtual currencies” to “virtual assets” as per the FATF regulations. This is because there is a lack of awareness among the businesses offering the cryptocurrency services. 

Internal control

 

The internal controls of businesses are found to be lacking in their internal controls. Some major issues were found are Customer Due Diligence (CDD), lack or suspicious transaction reporting, lack of transaction monitoring, etc. 

Lack of effective compliance 

 

The businesses in the EU countries are found to be lacking in AML and CFT compliance, the report stated that sanctions screening is not enough. The businesses have to keep an eye on the transactions of their customers as well. Complete reliance on CDD is the loophole in the internal controls of firms. 

Also, businesses are required to practice compliance in a smart manner. In case they completely disown the customers based on the high risk associated with them, it will increase the chances of money laundering in the EU. 

Credit Institutions

 

The report highlighted that some credit institutions are exposed to major risks due to their business operations. Financial transactions as the key part of their operation so the risk of being exploited by money launderer sand terrorist financiers is high. The businesses are required to practice proactive fraud prevention and CDD. 

To wrap up, the businesses in the EU and outside the EU will be affected by the increased pressure on AML and CFT compliance among the member countries. The businesses from non-member countries will also be affected by this. The EU has also recommended the reporting entities to practice the EU regulations outside the region (Non-EEA states). The Brexit is also expected to happen in the near future so it will also affect the operations, regulatory compliance of the global businesses. Proactive fraud prevention, thorough regulatory compliance, and timely decisions will help businesses in achieving high returns in the future.

Facial Recognition: Worries About the Use of Synthetic Media

In 2019, 4.4 billion internet users were connected to the internet worldwide, a rise of 9% from last year recorded by Global Digital 2019 report. As the world shrinks to the size of a digital screen in your palm, the relevance of AI-backed technologies can hardly be overstated. Mobile applications took over marketplaces; cloud storage replaced libraries, and facial recognition systems became the new ID. 

On the flip side, this has also exposed each one of us to a special kind of threat that is as intangible as its software of origin: the inexplicable loss of privacy. 

AI-powered surveillance, in the form of digital imprints, is a worrying phenomenon that is fast taking center stage in technology conversations. Facial recognition is now closely followed by facial replacement systems that are capable of thwarting the very basis of privacy and public anonymity. Synthetic media, in the form of digitally altered audios, videos, and images, are known to have impacted many in recent times. As the largest threat to online audiovisual content, deepfakes are going viral, with more than 10,000 videos recorded to date. 

As inescapable as facial technology seems, researchers have found a way to knock it down using adversarial patterns and de-identification software. However, the onus falls on the enablers of technology who must now outpace the rate at which preparators are learning to abuse facial recognition for their own interests. 

Trending Facial Recognition Practices 

Your face is your identity. Technically speaking, that has never been truer than it is today. 

Social media, healthcare, retail & marketing, and law enforcement agencies are amongst the leading users of facial recognition databases that stock countless images of individuals for various reasons. These images are retrieved from surveillance cameras embedded with the technology, and from digital profiles that can be accessed for security and identification purposes. 

As a highly controversial technology, facial recognition is now being subjected to strict regulation. Facebook, the multi-billion dollar social media giant, has been penalized for its facial recognition practices several times by legal authorities. Privacy Acts accuse it of misusing public data and disapprove of its data collection policies.

In popular use is Facebook’s Tag Suggestions feature using biometric data (facial scanning) to detect users’ friends in a photo. Meddling with the private affairs and interests of individual Facebook users, the face template developed using this technology is stored and reused by the server several times, mostly without consent. While users have the option to turn off face scanners at any time, the uncontrolled use of the feature exposes them to a wide range of associated threats. 

Cautions in Facial Replacement Technology

 

As advanced as technology may be, it has its limitations. In most cases, the accuracy of identification arises as a leading concern among critics, who point to the possibility of wrongly identifying suspects. This is especially true in the case of people of color, as the US government has found them to be wrongly identified by the best facial algorithms five to ten times higher than whites. 

For instance, a facial recognition software, when fed with a single photo of a suspect, can match up to 50 photos from the FBI database, leaving the final decision up to human officials. In most cases, image sources are not properly vetted, further dampening the accuracy of the technology underuse. 

De-identification Systems

 

Businesses are rapidly integrating facial recognition systems for identity authentication and customer onboarding. But while the technology itself is experiencing rampant adoption, experts are also finding a way to trick it. 

De-identification systems, as the name suggests, seek to mislead facial recognition software and trick it into wrongly identifying a subject. It does so by changing vital facial features of a still picture and feeding the flawed information to the system. 

As a step forward, Facebook’s AI research firm FAIR claims to have achieved a new milestone by using the same face replacement technology for a live video. According to them, this de-identification technology was born to deter the rising abuse of facial surveillance. 

Adversarial Examples and Deepfakes

 

Facial recognition fooling imagery in the form of adversarial examples also have the ability to fool computer vision systems. Wearable gear such as sunglasses has adversarial patterns that trick the software into identifying faces as someone else, as found by researchers at Carnegie Mellon University. 

A group of engineers from the University of KU Leuven in Belgium has attempted to fool AI algorithms built to recognize faces, simply by using some printed patterns. Printed patches on clothing can effectively make someone virtually invisible for surveillance cameras.

Currently, these experiments are limited to specific facial software and databases, but as adversarial networks advance, the technology and expertise will not be limited to a few hands. In the current regulatory scenario, it is hard to say who will win the race: the good guys who will use facial recognition systems to identify criminals or the bad guys who will catch on to the trend of de-identification and use it to fool even the best of technology? 

AI researchers of the Deepfake Research Team at Stanford University have delved deeper into the rising trend of synthetic media and found existing techniques such as erasing objects from videos, generating artificial voices, and mirroring body movements, to create deepfakes. 

This exposure to synthetic media will change the way we perceive news entirely. Using artificial intelligence to deceive audiences is now a commonly learned skill. Face swapping, digital superimposition of faces on different bodies, and mimicking the way people move and speak can have wide-ranging implications. The use of deepfake technology has been seen in false pornography videos, political smear campaigns and fake news scares, all of which have damaged the reputation and social stability. 

 

Deepfakes

Humans Ace AI in Detecting Synthetic Media

 

The unprecedented scope of facial recognition has opened up a myriad of problems. Technology alone can’t win this war. 

Why Machines Fail 

 

Automated software can fail to detect a person entirely, or display improper results because of tweaked patterns in a deepfake video. Essentially, this happens because the machines and software understand faces can be exploited.

Deep learning mechanisms, that power facial recognition technology, extract information from large databases and look for recurring patterns in order to learn to identify a person. This entails measuring scores of data points on a single face image, such as calculating distance between pupils, to reach a conclusion.

Cybercriminals and fraudsters can exploit this weakness by blinding facial recognition software to their identity without having to wear a mask, thereby escaping any consequence whatsoever. Virtually anything and everything that uses AI solutions to carry out tasks are now at risk, as robots designed to do a specific job can easily be misled into making the wrong decision. Self-driving cars, bank identification systems, medial AI vision systems, and the likes are all at serious risk of being misused. 

Human Intelligence for Better Judgement

 

Currently, there is no tool available for accurate detection of deepfakes. As opposed to an algorithm, it is easier for humans to be prepared to detect altered content online and be able to stop it from spreading.  An AI arms race coupled with human expertise will discern which technological solutions can keep up with such malicious attempts. The latest detection techniques will, therefore, need to include a combination of artificial and human intelligence. 

By this measure, artificial intelligence reveals undeniable flaws that stem from the abstract analysis that it relies on. In comparison, human comprehension surpasses its digital counterpart and identifies more than just pixels on a face. 

As a consequence, the use of hybrid technologies, offered by leading identification software tackles this issue with great success. Wherever artificially learned algorithms fail, humans can promptly identify a face and perform valid authentications. 

In order to combat digital crimes and secure AI technologies, we will have to awaken the detective in us. Being able to tell a fake video from a real one will take real judgment and intuitive skills, but not without the right training. Currently, we are not equipped to judge audiovisual content, but we can learn how to detect doctored media and verify content based on source, consistency, confirmation, and metadata. 

However, as noticed by privacy evangelists and lawmakers alike, the necessary safeguards are not built into these systems. And we have a long way to go before relying on machines for our safety. 

 

The Bank Secrecy Act (BSA) of 1979:

Know Your Business-Pillar of Strength To AML Regulations

Moving in the world of technology, where every industry is going digital, there has been very less transparency among the businesses. Collaborating with businesses and entities online leaves room for some suspicious activities – means you will have no idea about the identity of the person on the other end. For example, the business you are onboarding may be a shell company or funding the terrorist.

Know your business (KYB) – these three words always seem to pop up everywhere in the industrial sectors, especially in financial institutions. KYB has successfully evolved from Know your customer (KYC) process and has eventually become an important part of today’s regulatory firms. It plays a vital role in low-friction regtech platforms to serve all types of customers without getting involved in illegal activities and entities.

The Bank Secrecy Act (BSA) of 1979:

Back in 1970, when the Vietnam war was on the full swing, a deadly confrontation erupted regarding drug trafficking. As a result, the administration laid a strong foundation against the War of Drug. The Bank Secrecy Act of 1979 (BSA) was introduced as a part of this policy agenda to deter illegal fundings. The BSA requires all U.S. financial institutions to report certain types of customer activities to the regulatory firm – FinCEN, the federal Financial Crimes Enforcement Network. For instance, financial firms need to report about the transactions totaling $10,000 or above.

The intentions of these regulations were to hinder the cartels, drug smugglers and other productive criminal enterprises from moving money through the US. The BSA makes the transactions more visible to the federal law enforcement hence starving the actors from their profits.

From KYC to KYB

The BSA is itself a foundation for the anti-money laundering (AML) regulations also known as Know your customer (KYC) compliance. It was enumerated in the 2001 USA Patriot Act as a result of the 9/11 incident and came into effect in 2003 – adopted by a joint resolution of federal financial agencies. These regulations intend to curb the flow of money to terrorist factions and other money laundering crimes. To meet these regulations, the institutes are required to maintain a record of personally verifiable information of every customer.

It won’t be an understatement to say KYC was built upon the BSA, which enforces the financial firms to ensure the identity of their customers that they are who they claim to be. However, the BSA rules were somehow vague that were covered by KYC regulations with the introduction of the Customer Identification Program (CIP) and Customer Due Diligence (CDD).

While KYC compliance ensures the identity of the customers and keeps an eye on the risk factors associated with them, but unfortunately there is still a major loophole unsolved. That is the financial institutes weren’t required to identify or verify the stakeholders and beneficiaries of the businesses and entities they are serving. This means that legitimate firms could unknowingly shelter bad entities or shell companies while performing illegal and high-value transactions on their behalf. Doing so makes the financial firms equally responsible for the illicit transactions taking place right under their nose. 

This issue came into light through the scandal of Panama papers back in 2016 and as a result, KYB services were introduced for business verification.

Dive Deep into KYB

 

The officially titled “Customer Due Diligence Requirements for Financial Institutions” is what we consider as know your business checks or KYB. It can be taken as an extensive form of knowing your customer since it doesn’t only verify the name of the person to whom the business is registered. It also enforces the institutions to verify the identities of the chief executives and any other person who owns 25 percent or more of the business. 

KYB compliance covers an entire industry of consultants who facilitate various firms to ensure that their business customers are properly investigated and none of them are involved in illegal activities. Every financial institution, merchant acquirer or payment companies who deal with money transfers and transactions, is enforced to perform KYB check of the businesses with whom it does business.

The checks for KYB solutions include the verification of company registration, business license, identification of a business, and other executives of the business. The KYB compliance requirements may vary from address and date of birth to driving license, passports and bank statements. Moreover, these checks are also performed against sanction lists, PEPs, Adverse media, and disqualified directors. 

These authentication checks are carried out by the KYB solution providers depending on the nature of the business, transaction value, suspicious reports, and more importantly the country legislations.

The Role of 5th AML Directive

 

The regulatory regimes around the world are continuously changing with every passing day. Last year, two major regulatory directives were updated, the 2nd Payment Services Directive (PSD2) and the Fifth Anti-Money Laundering Directive (AMLD5). The PSD2 requires financial institutions to make certain data available to other institutions through the use of APIs (Application Programming Interfaces). Whereas, AMLD5 compels the financial businesses to keep tight reins on the personal information online.

The businesses from financial institutes to merchants, everyone is facing regulatory pressure to meet stringent verification requirements. To do so they deliberately need to adjust the processes to conduct due diligence. The 5th AML directive along with PSD2 and GDPR regulates organizations to verify the businesses – the KYB compliance.

AMLD5, in particular, holds liability for the EU states to collect all the legal documentation regarding the company in a central registry. Moreover, it is mandatory that this central registry must be available and accessible to all the obliged entities that are required to perform business verification. 

Enhanced Due Diligence

 

After the Panama Paper Scandal, verifying the business entities and the mainstream business structure is an integral part of AML compliance requirements, compelling enhanced due diligence (EDD). It obliges securing additional information about the business client, for instance, the nature of the business relationship, source of funds, transaction history and the enhanced monitoring of the business relationship.

KYB in Europe

 

In Europe, the 4th AML Directive is already in effect and by January 2020, AMLD5 will also be in action. The AML 4 requires the businesses to identify the obliged entities and take prudent measures to verify their identities. It facilitates the businesses to know about the UBOs in regards to trust, foundations, and legality of the entities to better understand the structure of the business and customers.

According to defined rules, the beneficial proprietor in the EU is any person who owns 25% of the corporate business. However, in the upcoming AMLD5, the proposal is lowered to 10%. 

KYB in the US

 

The Customer Due Diligence (CDD) Final Rule has been in effect since May 2018, in the US. This rule states as: 

“Beginning on the Applicability Date, covered financial institutions must identify and verify the identity of the beneficial proprietors of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted)”

As per the regulations, the financial institutes include banks, dealers and brokers, mutual funds and futures commission merchants. However, different jurisdictions constitute different requirements. In fact, even one region may have different regulations to be applicable to the state members. For example, the US financial institutes, in addition to the Bank Secrecy Act (BSA), they are liable to OFAC (Office of Foreign Assets Control), FACTA (Foreign Account Tax Compliance Act) and SEC disclosure rules.

KYB Process –  From Weeks to Seconds 

 

Performing Business verification is quite difficult, time-consuming and costly. Most of the companies hide their true identities in order to surpass the money trial. Also, the shell company can obscure their true information in filling and different jurisdictions. The percentage of possession is mostly disguised through different paper trials which makes it difficult to identify. In fact, in some countries, there is no proper paper trial – means no documentation is required for setting up a business, hence no source to investigate for shareholders’ information – which is against the FATF, AML and CTF regulations.

Some of the companies are overcoming this problem by implementing KYB solutions just like KYC. However, manual verification is quite slow, error-prone and costly. To incorporate this con, the KYB solution providers are actively adopting automated ways to verify the businesses in real-time.

In this era of high competition and complex compliance requirements, there is a need for electronic ID verification of business. By automating the KYB process, the financial institutes can securely access the UBOs identifying information from the central registry and verify it. Moreover, meeting the KYB compliance can paramount the complex regulatory environment.

Data-breaches

Data Beaches – Types, Sources, and Preventive Measures

A large number of well-renowned companies are under the threat of high-scale data breaches. After one data breach, it does not mean that the same company could not again be exposed to a data breach. Exceptions are there if that company successfully take in place stringent actions after tackling the vulnerabilities exploited before. An example of frequent data breaches is Yahoo data breach. Statistics show that in August 2016, Yahoo hack was uncovered that took place in 2014. It affected user accounts of around 500 million people. The same company faced another hack in December 2016 due to which 1 billion accounts were affected. In October 2017, this report was updated, stating a total of 3 billion affected users and is considered biggest data breach in history.

With the advent of digital file transfers and reliance on digital communication means by multiple industries, data breaches are residing fairly at a high rate. In the U.S, in 2015 data breaches increased to 781 million which were 157 million ten years back i.e. in 2005. In the same time period, compromised user records increased from 67 million to about 169 million. An aforementioned data breach of Yahoo was absolutely contributing to these exposed records. The company advised its users to immediately change passwords and guarantees its users that it will take stringent measures to eliminate the risks of further attacks.

There is a lose-lose situation when a data breach occurs. It is not only the customers whose information is compromised, not just the deceived organization which is dealing with the recovery of hijacked information, meeting legal compliance needs and doing the aftermath of reputational damage. This breach cycle has to break. Otherwise, the lose-lose situation will never end. 

What Data is Breached?

Personal, as well as a sensitive chunk of information, is breached. The information which online platforms ask to recognize some identity is compromised. This data includes first and last name, email address, residential address, contact number, username, passwords and some encryption keys that are a secret between user and organization for identification purposes. This information is called personally Identifiable Information (PII). 

This hijacked information is sold to third parties and are also weaponized by cybercriminals who use this information to conduct a large number of fraudulent activities. Credit card information is stolen through which fraudsters perform transactions, account takeover frauds are done, real identities are used in several other cybercrimes. Identities of children and adults are used to perform money laundering and terrorist financing. The reason is that these names have not been previously used or involved in any criminal activity before.

Emerging Forms of Data Breaches 

 

The dark web and emerging data breaches are threatening industries. Phishing attacks and account takeover frauds are looming online websites. E-commerce businesses, online gaming, charity, banking websites, etc. are highly prone to cyberattacks because of the assets it deals with. Any loophole in the system can cost businesses with heavy monetary and reputational loss. Online websites need to ensure that they authenticate each onboarding entity thoroughly against a bunch of checks that are enough to filter out bad actors from honest ones. Along with this, existing users should continuously be verified to make sure that identity is not switched with any fraudulent entity. 

Identity Theft

 

It is one of the most common data breaches. Identity theft was estimated to be accounted for about 50% of data breaches globally in 2015. It included about 40% of compromised records in the same year. Due to identity theft, a large number of financial institutions are affected. These sectors hold highly sensitive information in which financial information is common. This information if gets compromised results in huge damage for both the victim and the organization. Among this, the second most common type is the financial data breach. The financial sector lost 120 million identities in 2015. Cybercrimes are high in these sectors due to the attracting opportunities that fraudsters look for. The annual loss is an average of $13.5 million, which is highest as compared to other industries.

Phishing Attacks

 

The emergence of social engineering is giving rise to multiple other frauds. Among which, email phishing attacks and website phishing attacks are common. End-users are targeted with email phishing attacks. A phishing email from a renowned brand is sent to the legitimate customers which ask users to enter their credentials and credit card information. This email is from a fraudster who is trying to hack the account of end-users. This could be done by clicking the malicious link which redirects the user to a website that seems real but is just a clone of that website. Right after suer enter credentials, the account is hacked through that phishing attacks. 

Last year, most of the phishing attacks targeted e-commerce businesses, financial systems, and payment websites. Hackers are all active to exploit weaknesses in the system thorugh innovative tricks. On the same side, online businesses should take in place technological solutions to acter to these tricks.  

Credentials Stuffing

 

Credential stuffing is more or less similar to account takeover fraud. It is a cyberattack in which username and password related information are compromised and that account is hijacked. Fraudster gets unauthorized access to the account by stuffing combinations of username and passwords through automated requests for login. This stuffing is done by automated bots who fit in every possible combination to hack the account and use it for malevolent purposes. Research shows that stuffing attacks are 8% successful while attempting to account for takeover.

Overcoming Data Breaches with Biometric Authentication

 

Understanding the nature of data breaches, now there is a need for taking into account measures that mitigate future damage. Considering the common methods of user authentication i.e. 2-factor SMS based authentication ensures security when a user tries to access the account from different devices or locations. But unfortunately, this method of user verification is not most adopted. Only 10% of Gmail users use two-step verification. 

Well, that was one choice, data breaches take place as a result of unauthorized data access. Therefore, this should be catered with the immediate security layer that ensures an authentic user is trying to access the data/account, edit it or delete it. 

Biometric authentication is another option. For identity proofing and online user verification, a prompt, efficient and robust method is to verify the end-user based on biometrics. This could be through fingerprint scanning, iris/retina scanning or face verification.

Face Verification: Through unique facial features, an end-user can be verified. Every time a user gives an access request to the backend system, it will ask to verify the face biometrics. If the traits match, the user will be authenticated and get access to the account. Face verification uses Artificial Intelligence and Machine learning technology to map the facial features and decide in real-time whether the characteristics match the real user or not. 

Yes, fraudsters use tricks to fool the system, but facial recognition systems are strong enough to cater to those. The tricks of the printed image, or already taken selfie are used, which are tackled through liveness detection. Liveness detection ensures that the user is physically present at the time of verification. This can be done by recognizing the blinking of an eye, minor facial movements, 3D depth perception, etc. It ensures that the end-user is not fooling the system in any way. 

Biometric authentication is the primary step to cut the roots of growing data breaches. All possible cyberattacks are the result of unauthorized access which compromises user data and costs the businesses way more than the technical solution installment. Also, the regulatory authorities are set up to evaluate industries that are prone to data breaches and whether or not they take in place security measures to deter the risks. Identity verification through biometrics contributes to combat the risks of cyberattacks and hefty compliance fines.

KYB know your Business

Know Your Business: The Next Step in Identity Verification

The complex regulatory environment and increased exposure to illegal activities indicate that business verification is in the best interest of regulated companies eyeing long term stability. According to the UNDOC, money laundering is estimated at 2-5% of global GDP, amounting to almost $2 trillion. Digital data breaches have also increased substantially over the recent past, with rising threats of virtual ID theft.  

In order to counter this, banks are spending more than $48 million on due diligence and KYB processes, with rising onboarding costs, as reported by the Thomsons Reuters’ survey. 

With the advancement in digital technologies and virtual data sets, KYB compliance and verification tools can help mark businesses that are involved in undercover activities and transactions. International requirements of both KYB and AML are increasingly reflecting the need to secure business transactions and prevent illicit financial flows from entering the formal sector. 

The Regulatory Approach to KYB

Businesses face strict regulations that require them to identity and verify customers before onboarding them. The 4th AML Directive, in particular, puts emphasis on stringent audit trails that help prevent fraud and financial crime. For this purpose, Digital Verification Services such as KYC and AML screening have proven to be significantly effective in improving compliance procedures. 

In a similar tune, regulatory requirements, such as the AMLD5 directive, now demand strict evaluation of both individual clients and commercial entities before carrying out business with them. This is to ensure that financial institutions and other businesses can avoid being connected to illegal transactions conducted by their clients. 

Money launderers often get under the cover of businesses and the EU is rolling our stricter regulations for customer due diligence to stamp out aggressors. For regulated companies, this translates into a legal compliance requirement for which the adoption of a duplicate screening process for suppliers, vendors and traders becomes important. Other regulations such as the GDPR, PSD2, and FinCEN also require companies to be aware of the Ultimate Beneficiary Owners (UBOs) of entities before beginning a relationship. 

According to new registration demands of the AML directive, all EU states are required to maintain national registers of beneficial ownership information on corporations and other legal entities. All companies and their owners now have to get their details registered, making it all the more easy to identify individuals involved in illegal activities through a business. Information of such regulated businesses will be made available to companies with a legal interest in business relationships.

KYB Process 

Similar to KYC, Know Your Business (KYB) is a Verification Solution that cross-checks business identity by extracting official commercial register data using APIs. Using a business’ registration number and jurisdiction code, an efficient digital KYB service can collect verifiable information for the business. 

Access to automated commercial registers through a data-powered business verification service make the due diligence process swift and free of errors, while saving valuable time and manpower. 

Business Search 

 

This includes background data on the company: registered address, current status, company type, UBOs, previous name, trademark registration. A financial summary of the company’s operational accounts is also provided by the authentication service, in order to better validate its authenticity. 

Business FIlings

 

In addition, business filings offer instant, verifiable information about company financials; access to financial statements, sources and links to downloadable reports (such as register reports, annual accounts and shareholder lists). 

Business Statements 

 

Business statements can help companies stay on top of changes in management and organisation of connecting businesses. A change in directors or beneficiary owners can also reflect an evolving business environment, indicating the need for followup information on business matters. 

Business Networks

 

Detailed information on corporate structure also provides insights into parent entities and lists of company subsidiaries (child, sister companies). Key factors under consideration are also based on the country in which the business is registered, the nature of business activities and the value of transactions it carries out. 

Challenges in KYB

 

By far, one of the foremost challenges in KYB compliance lies in accessing beneficial ownership information, especially in jurisdictions that do not require companies to submit relevant documentation. A lack of shareholder information can make it harder to investigate money trails and business authenticity, leading to potential non-compliance costs. 

Timely availability of data, in the right format, is also another hindrance, especially as company structures and management change over time. Storage and interpretation of data is also subject to a number of factors, mainly centering on companies adopting a manual approach to due diligence processes. 

Moreover, companies that are currently implementing KYC processes have ample room for improvement in process efficiency, costing banks millions of dollars in lost time. It follows that digitization of KYB verification solutions will also be a tedious process of hit-and-trial before firms can grab its full potential. 

Business Verification: Moving Forward

 

When it comes to risky transactions, regulatory authorities are not ready to bend their rules. The 6th AML Directive is also ready to be implemented soon, which indicates little or no leniency for financial institutions or businesses in the coming future. Therefore, KYB is central to the efficiency and transparency of firms doing business. 

Data analytics software that aggregate and updates information about businesses assists stakeholders in keeping tabs on their operations and practices, as well as fulfilling due diligence requirements of KYB.

As a one-stop solution for business verification, Shufti Pro offers a cost-effective solution of due diligence review of companies. With an electronic identity verification (eIDV) service, the authentication process for business entities is made easier and more accurate. The integration of APIs and data-driven systems now allow easier extraction of data, as well as smoother coordination mechanisms for compliance review. 

Transparent B2B Relations 

 

As a pre-emptive measure, businesses can use KYB solutions as fraud covers in case of a breach. Using the right mix of technology and support, full coverage of business financials and organizational structure can be accessed in order to trace business activities. This also allows firms to maintain updated company databases for better workflows. 

Business reputation is also incumbent upon due diligence processes that are reliable and foolproof. As a consequence, identification and verification of the beneficial ownership of connecting entities is vital to solving verification challenges.

Effortless Regulatory Compliance

 

A user-friendly interface allows businesses to fulfill regulatory compliance needs without any friction. Potential losses and non-compliance penalties diminish productivity for firms willing to extend their business networks. Reputational damage is also a leading cause of business failure when it comes to carrying out business with suspicious entities. 

With a comprehensive approach to risk mitigation, online KYB authentication services provide strong risk-shields against such losses, securing long term benefits for all concerned parties. 

 

Initial CCPA Compliance Costs Could Hit $55 Billion

Initial CCPA Compliance Costs Could Hit $55 Billion: Report

According to an economic impact assessment prepared for the state attorney general’s office by an independent research firm, California’s new privacy law could cost companies a total of $55 billion to get in compliance. Total CCPA compliance costs are likely to vary considerably based on the type of company, the maturity of the businesses’ current privacy compliance system, the number of California consumers they provide goods and services to, and how personal information is currently used in the business.

CCPA provides sweeping privacy protection to California’s residents. It includes a provision that will allow consumers to know what data companies are collecting on them. The bill grants rights to California residents to be informed about how companies collect and use their data, and allows them to request their personal data be deleted, among other protections. It represents the start of a new era of privacy laws designed to protect personal data, says Kelsey Finch of the Future of Privacy Forum. CCPA’s section gives consumers the right to delete personal information from the company’s database. 

CCPA Affecting Businesses :

CCPA will affect three types of businesses based in California:

  • Companies that have gross revenue of at least $25 million.
  • Companies that buy, sell and share the personal information of 50,000 or more consumers, households or devices.
  • Companies that get 50 percent or more of their annual revenue from selling consumers’ personal information.

By estimates, companies with less than 20 employees have to pay $50,000 for compliance. Large companies having more than 500 employees will have to pay an average amount of $42 million. This will make up for 1.8% of California Gross State Product. According to a report, total compliance costs for the companies subject to the law could range from $467 million to more than $16 billion over the next decade.  Researchers estimated that as many as 75% of California businesses earning less than $25 million in revenue would be impacted by the legislation. States have begun to take efforts for privacy legislation. Facebook CEO Mark Zuckerberg advocated for creating a nationwide policy in this regard. Cost and complications will be lessened by setting one legal standard for tech firms than a piecemeal approach to compliance. 

Since many businesses in California that operate in Europe had to make changes to comply with the GDPR which went into effect last year, CCPA has taken some elements from GDPR. The research suggests that the compliance costs for California’s law will be reduced this way. The EU estimated average incremental compliance costs for the GDPR would total about 5,700 Euros a year (nearly $6,300), according to the report, though there is also evident that the regulation lost productivity in sectors that rely heavily on data. Smaller firms are likely to take on a disproportionately larger share of compliance costs compared to larger firms with GDPR.

CCPA- An Inherit Part of GDPR:

Over a year after the introduction of the GDPR, concerns regarding its impact on larger firms appear to have been overstated, while many smaller firms have struggled to meet compliance costs. Resources explain this dichotomy as large technology companies are often several steps ahead of both competitors and regulators. In the long term, however, it is believed that the differential impact will likely shrink, driven in part by competition among third-party services that will help small businesses comply with the legislation. 

Economic Impact on Companies:

Companies are going to face an economic impact due to CCPA. As smaller companies with less than 20 employees are expected to spend about $50,000 in initial CCPA compliance costs, while mid-sized firms with between 20 and 100 employees could incur costs of $100,000 to start, according to the study.

The expenses come at a time when companies are reaping big rewards from the buying and selling of personal consumer data. The use of personal data in online advertising is a $12 billion annual business in California. When combined with the buying and selling of information from data brokers, the number rises to $20 billion annually.

California businesses could spend an additional $16 billion over the next decade after initial compliance expenses to keep up with changes and other expenses, according to the report. Those expenses could include hefty fines for those who violate the law.

A recent report from the International Association of Privacy Professionals found that as of this summer, only 2 percent of affected businesses were fully compliant with the law.

Meanwhile, some other state legislators are using California law as a model. In Nevada, for instance, a new privacy law went into effect on Oct. 1. That law, known as Senate Bill 220, will give consumers more ways to keep websites from selling personal data.

 Businesses that need to comply with CCPA:

Following are some businesses that have huge private data that needs to be protected by CCPA:

 

  • E-Commerce:

 

Online businesses have a huge private date of which they are taking advantage. The user surfing through the internet is analyzed by AI-based products and products of their interest are shown to get him attracted. This means that user data is being used to get more sales of their desired products by advertising it. So CCPA will enhance the privacy policies of businesses across the globe. The so-called rights over consumer data will be exploited by CCPA.

 

  • AI-based Verification Services:

 

As the regulations regarding KYC and AML are becoming more stringent businesses are adopting identity verification services for their customers and for other businesses. For this, they have huge data of clients that they have to verify. Identity verification service providers have the most confidential data on hand, hence they must follow the provisions of the California Consumer Privacy Act.

 

  • Social media:

 

Social media plays a vital role in their shopping decisions. Its a platform to target audience of interest. According to a study, 87% of shoppers are satisfied with the shopping experience through social media. There are many social media marketing tools that are employed to get to the audience of interest and to improve the sales of a particular product. Businesses are aware of these tools and deploying them well. The use of these marketing products employe available information on social media platforms. Social media sites have to change their practices of selling the personal information of users to third parties. The consent of the user must be required for selling this data to a third party business.

So, businesses need to comply with CCPA for the protection of private data of consumers. Since many California businesses had to comply with Europe’s General Data Protection Regulation last year, some of the compliance costs for the new state law will likely be reduced, according to the report’s authors. Many businesses need to comply with CCPA to mitigate the risk of a data breach. The law will go into effect on Jan. 1, 2020.

Common-online-frauds

Common Online Scams You Need to Know About

The explosion of the internet and the world moving towards the fourth industrial revolution have exposed the majority of the businesses and individuals. The user experience and ease of access to everything are driving the major proportion of humans towards the adoption of digital operations. This has created another opportunity for the scammers and fraudsters to look out for some extra cash.

With the increased presence of individuals on online shopping platforms and social media, the swindlers are always looking for a chance to fleece you by any means. With advanced technology and social engineering tactics, the fraudsters have become quite sophisticated. Due to this, most of the scams even seem real and not fake.

Here are some common types of scams that people fall victim to.

Smishing (SMS Phishing)

Smishing, also known as an SMS-phishing attack is becoming common due to the smartphone revolution. In this type of fraud, people often receive a text message from “Bank” or “Card issuer” saying there is some problem with the account or someone tried to access their account and they immediately need to contact with their account information. Even some messages say that you have won a lottery or a gift card from let’s say, Wallmart, and you are required to prove your identity through a call or whatever the message says to avail.
Such messages seem like a real warning from the company, but actually sender is some fraudster hoping to receive the account information from the victim. The same is the case with bogus gift cards. In order to avail that offer, the scammers ask victims to pay the shipping fee or and pay a security fee. Biting into such messages, you will have to surrender your card details to the black hat marketers and scammers leading to credit card verification and CNP frauds.

The Dating Scams

With the expanding trend of online dating sites, cybercriminals are availing this opportunity to scam people in a romance scam and gain financial benefits. Such scams are not limited to defrauding people, in fact, there have been multiple cases where the scammers are professional cybercriminals and use victims as money mules and drug mules without their knowledge.

In these scams, the scammers and imposters lookout for the real-people and after gaining their trust they start their activities by demanding money. These scammers know really well how to play the emotional card and trick the victims that they are ready to do anything as per the scammers. 

The Hitman Scam 

The hitman Scam is a type of scam in which the victims receive an email from scammers saying that they are hired to kill them and if they want to live then they must transfer money to their account. Though it seems very ridiculous why would someone fell victim to such a message? But the truth is people don’t take life threat easy and that’s what the scammers take advantage of.

To make the threat look more real, the scammers add some information about the person in the message so that the person receiving it would feel under threat. This information is something that people already share on their social media accounts. Due to an active presence on the internet, accessing someone’s information is not difficult anymore. Using this information the fraudsters target people and are successful in stealing money from them

BEC frauds

Business Email Compromise (BEC) frauds are a very common type of frauds, especially in the corporate sectors. To target the entity, the criminals and fraudsters have to do a lot of research. What they do is they present themselves as the representative of some company and send an email or make a call to the victims demanding urgent funds transfer or any other financial incentives.

People easily fell for this scam because firstly the email is from an official account and secondly it is full-fledged planned fraud involving detailed information about the target. Moreover, this scam is executed in a very friendly way. Either the scammers manipulate the targets with their sugar-coated chats or they show the urgency to fulfill their request of funds transfer. 

Free Trial Offer Scam

One of the most common scams is the Free-trial scams which fascinate the users a lot. Finding free trial on the internet that just requires the users to pay shipping and handling fees. Such products and services and really attract the customers and they often register for a free trial. But this is not about it only.

On the backend, there is a lot more. The behavior of a user of clicking “I agree” without reading the whole terms and conditions gives it away to the fraudsters to add the clauses as per their advantage. When you sign up for a free trial, you unknowingly get yourself in trouble with a monthly subscription which is automatically deducted every month from your account.

The World of Charity

The scammers are proactively taking advantage of people’s sympathy and kindness by pretending to be a charity organization. Playing with people’s emotions has never been easy like it is now. By creating fake identities on the internet, the scammers are continuously tricking people into transferring the funds for the orphans and people in need. Many people fall for this scam and end up losing their money to the fraudsters. 

What should you do?

These digital scams and frauds are very common and can target any individual with an online presence. People aren’t the only ones getting affected by these frauds, but businesses are equally on the target list of cybercriminals. Most of such online scams rely on the users to take action. In order to avoid and prevent such scams, the people and businesses need to be educated first about the ways the scammer carry out their activities – i.e. social engineering tactics.

Another way is before taking any action, you must verify the identity of the resource. Especially the businesses must follow proper identity verification services to combat BEC frauds.

Face Verification

Face Verification – One Solution for Several Identity Frauds

Biometrics is the technology that verifies the unique personality traits of a person to identify him. Biometrics include face verification, eye retina screening, voice recognition, and fingerprint scanning. All types of biometric verifications are used widely for customer onboarding, security protocols, regulatory compliance, phone unlock, etc. 

Face verification bears huge potential for businesses. The businesses are required to run complete KYC and AML screening on their customers and face verification is a feasible real-time solution for thorough compliance. Other than that, face verification helps businesses in fraud prevention, customer onboarding, customer verification at the time of making transactions, verification of vendors and other businesses in B2B or B2C relationship. Biometric Verification is like by consumers as well, a study found that 74% of consumers believe biometrics are safer and more secure than businesses. 

Businesses in financial, non-financial, e-commerce, legal, retail, etc. all can utilize face verification for above mentioned benfits. 

One of the major threats to businesses is the people connecting to them with fake identities. Such fake identities can take several facets to defraud businesses. Below is a list of some major fraud scenarios that are conducted through fake/stolen identities. 

 

  • Stolen Identity

 

Criminals steal the identity of a person, by using his ID card, driving license, or account credentials to access his account, to get free services entitled to the original person, to execute illegal acts. This is one of the most common crimes that hit businesses of all types and sizes. The reason why such businesses are required to practice KYC and AML screening on their stakeholders. 

 

  • Fake Identity

 

Criminals make fake identity cards and other identity documents that neither belong to any real person nor are issued by some authority. Such cards often appear real to the naked human eye but if screened through document verification software they are identified as a fake one within seconds. Because the human eye could be manipulated through look alike QR codes but an AI-powered software could identify such frauds within seconds. 

 

  • Synthetic identity 

 

Synthetic identity is a type of planned fraud. In this case, the criminals build a new (synthetic) identity by using some of the original information and some fake information. As per payment frauds insights (2019) of federal reserves, synthetic identity fraud is the fastest-growing fraud in the united states. Also, synthetic identities are created by using the identities of children, homeless and elder people, because such identities remain unused for a long time. 

Synthetic identities often get them past weak security protocols, especially when manual verification is adopted or the software only verifies the ID card number and does not verify the originality of the identity document. Synthetic identity is not like “fake identity”, because it is a combination of fake and original identity. This lethal combination makes it difficult to identify a synthetic identity by just verifying the ID card number. It requires a thorough screening solution that verifies the document, face, and the ID card number simultaneously to identify a synthetic identity among the original identities.

 

  • Ghost Identity

 

This is also a type of stolen identity but of a dead person. Criminals use the identities of dead people to develop synthetic identities and to get free benefits that were associated with that person, e.g. pension, insurance, etc. Ghost identities could also hit all types of businesses, government organizations, banks, insurance companies, etc. 

Face Verification is the Ultimate Solution

Face verification is one of the dearest biometric technologies of this age. Why? Because it is easy to use, integrate, and is becoming more refined with every passing day. It is proved time and again that face verification along with document verification is a feasible solution to detect all types of identity frauds. The process adopted in the face recognition solution does not leave any loophole for criminals. 

Face matching

The face verification process screens a person’s face in real-time and matches it with the face on the identity document (the document is already verified through “document verification” solution). If a criminal is using a stolen, fake or synthetic ID card he would be identified at this stage as a criminal could steal the identity but he could not steal someone’s face. 

Liveness detection 

Face recognition technology detects liveness through minor facial movements. The AI-based system detects minor movements like the blink of an eye, smile, etc. So there are no chances that a  criminal could show a picture of a person, a printed photo, etc. In the case of video verification, the user is asked to take a selfie video and to make some facial movements like a smile or blinking eyes. The AI-based system detects the movement and verifies that an original person is making the verification. 

3D depth perception

This feature leaves no loophole for fraud, as the picture or video uploaded by the end-user is screened for unique facial features. In case a criminal has developed a synthetic identity by using the ID card number of a person with alike facial features, 3D depth perception will detect the minor difference in the facial features so, identity theft will be detected at the very first stage. 

3D depth perception detects the face image for unique facial features shown in the photo in an identity document. Also, it screens the depth on the contour points and edges of the face to detect a picture taken from a paper-backed photo or photoshopped images. 

To wrap up, face verification is the ultimate solution for several needs of the businesses. Face verification delivers highly accurate results within a minute. The easy integration of such solutions is easy ad swift, making regulatory compliance, customer onboarding, and fraud prevention an easy affair for global businesses. No matter how many facets a criminal changes to get into a business’s system face verification eliminates all such attempts at the very first stage. 

KYC checks, KYC solutions, KYC and AML,

Winter is Coming: With a Storm of KYC and AML Regulations

The ever-evolving regulations are creating challenges and complexities for the financial institutes, both in national and international markets. Financial sector deals approximately with 200 regulatory changes per day and these numbers are rising. Most of the time, businesses fail to concede these regulatory requirements and face heavy fines. Since 2008, global banks have been fined more than $321 billion collectively for not following Know Your Customer (KYC) and Anti Money Laundering (AML) regulations

Even with a compliance cost of almost $100 billion globally in a single year, crimes like money laundering, terrorist financing, and cyber frauds are increasing. Financial Institutes (FI) do not only find it challenging to comply with KYC and AML regulations but increased fraudulent activities make these things even worse. Financial institutes often fail to identify fraudsters and face fines and even get banned.

Fraudsters and money launderers are exploring new ways of carrying illegal activities. An undercover agent who infiltrated Pablo Escobar’s drug cartel responds, “You can launder money in so many different ways, it is as unique as snowflakes.” To counter these challenges, regulatory authorities are making updates in regulations almost every day.

Changing Regulations with the Changing World

 

In the aftermath of the 2008 financial crisis, regulatory authorities put forth several noticeable amounts of regulations, but now almost after a decade, some regulators and lawmakers think it is time to analyze what is working and what is not and make necessary amendments accordingly.

Banks and financial institutes are the protectors of the financial systems and the responsibility to prevent financial crimes lies with them. In the last decade, these institutions have worked tirelessly to establish reliable KYC and AML procedures and systems. However, changes created by technology and globalization demands modifications in regulations. 

For instance, high demand for virtual currency has made regulators reassess in place regulations and make amendments to regularise cryptocurrency. As most of the cryptocurrencies are not backed up by any central governments the potential of its use in illegal activities, especially terror financing and money laundering, already threatens the authorities and businesses. 

The authorities are making amendments and the newest laws to regulate all these advances in financial systems. Here are some recent changes by notable global regulatory authorities: 

FATF

Financial Action Task Force (FATF) is an intergovernmental organization, which strives to eliminate money laundering and terrorist financing globally. The organization has been very keen on recommending necessary changes required to comprehensively deal with financial crimes.

Noticing the recent trends of money laundering (ML) and terrorist financing (TF), FATF recommends member states to perform legal screening of Ultimate Beneficial Owners (UBOs) of every business. Owing to the exploitation of virtual currency by criminals, FATF also recommends regulating cryptocurrencies. According to a report, $4.26 billion worth of cryptocurrencies were stolen by cybercriminals, only in 2019. FATF expects members to implement these regulative reforms in their respective states for combating ML and TF. 

European Commission’s AMLD5 and AMLD6

As a part of an action plan against money laundering and terrorism, the European Commission has introduced new regulations in the 5th and 6th AML directives. Every European country is required to implement these regulations as a part of its national action plan on AML and CFT.

AMLD5

 

The most prominent law in AMLD5 is the regulation of cryptocurrency exchanges and service providers. Before this directive, e-wallet providers and crypto exchanges were not covered under the financial regulations. AMLD5 made it compulsory for crypto businesses to perform KYC for identity verification. Furthermore, member states are required to maintain a central register for Ultimate Beneficial Ownership (UBOs) of the crypto businesses.

AMLD5 also lowers the threshold for the prepaid cards to decrease the risks of money laundering through these cards. According to the U.S Federal Bureau of Investigation (FBI), drug cartels use prepaid cards as a source to launder money earned from illegal drug sales in the USA. European countries are required to implement AMLD5 by January 10, 2020.

AMLD6

 

While the European Union’s member nations are striving to implement AMLD5, the European Commission published a new directive i.e. AMLD6 in their journal. This new directive will make AML and KYC regulations more stringent. By setting a clearer definition of money laundering and increasing the minimum liability for predicate offences, the EU aims to make AML and KYC more robust. 

The key elements of AMLD6 are: 

 

  • Addition of Cyber Crimes in Predicate offences. Predicate offences are crimes underlying money laundering and terrorist financing. Initially, cybercrimes including online identity theft, credit card frauds were not included in predicate offences. Once AMLD6 is implemented the businesses will require more enhanced KYC checks to avoid indulging in unlawful activities.
  • Inclusion of the entities that are aiding criminals to launder money in money laundering crimes. The addition of ‘enablers’ can make money laundering tracking easier.
  • The punishment for money laundering and terrorist financing is increased for up to four years including other penalties.

RegTech: A useful KYC solution  

 

While the aforementioned are major regulatory changes in the world, many countries are also regulating businesses to perform enhanced due diligence and KYC at national levels. Financial Sector is obliged to follow these regulations.

However, the financial sector is not lagging and is taking measures to remain compliant with rules. Since the finance sector always remains one step ahead in adopting innovative technology. One of the latest addition to the finance sector’s arsenal is Artificial Intelligence (AI). The finance sector can adopt AI to make KYC/AML screening more robust, cost-effective, and time-efficient.

RegTech (Regulatory Technology) refers to the use of technology-based solutions to help in compliance with financial regulations. RegTech is enabling rapid development in the financial sector regarding compliance. AI-based identity verification and AML screening solution are both cost-effective and time-efficient. Businesses should adopt AI-based KYC and customers due to diligence solutions (CDD) when onboarding customers to remain compliant with regulatory changes and avoid any offence.  

Conclusion

 

KYC laws are continually modified to catch up with the latest techniques for perpetrating financial crimes. A recent example is AMLD6 by European Commission, which intends to make KYC and AML compliance stricter. The financial sector must adopt effective measures to maintain the integrity of the institutions as well as meet the regulatory requirements. They are the first line of defence against money laundering and need to act accordingly. To ensure that businesses remain in compliance with these changes, RegTech industry is rendering efficient AI-based solutions for KYC checks.   

More posts