Why Digital Identity Verification is Booming - A Detailed Insight

Why Digital Identity Verification is Booming – A Detailed Insight

According to the report “Digital Identity & Document Verification Market & Technology Analysis & Forecasts 2019-2024”, services of digital identity and document verification are estimated to be a market of $15 billion by 2024. Goode intelligence says that the estimation is a 20% increase in the global market as compared to 2019. There are several perspectives that are fueling this growth. Among these, one is the increasing digital frauds due to which businesses face several issues. The second being identity verification a requirement by local and global regulatory authorities.

Identity verification is performed to verify each identity that is becoming part of your system. It is important to deter the risks of digital fraud by capturing, verifying and recording user identities. Lack of digital identity verification practices result in heavy monetary loss and are vulnerable to business reputation. 

From Manual to Digital Identification

Previously banks and other financial institutions used to verify onboarding identities manually by verifying them against documents and biometrics. Traditional verification practices are time-consuming and require additional human power. On the other hand, it is hefty for customers to wait in queues for hours. But, it is not less than a challenge to ensure business security from bad actors in digital platforms. Either it is a bank or any online business, its digital problems need digital solutions that are now available in the form of digital identity verification. 

With the advent of digitization, there is a need to take advantage of AI and ML technologies and its algorithms to automate the verification process. The integration of technology-based API with online systems ensures identity verification of each onboarding identity in real-time. Just to make sure that no unauthorized or suspicious identity becomes part of the legitimate system, identity verification is performed at the time of account registration and sign-in. 

Factors Fueling Growth of Identity Verification Market

Small and Medium Size Enterprises are experiencing high risks frauds in the form of cyberattacks. These businesses either limit the scope of business services but need to cater to a large population. A bad actor can ruin the seamless business processing with its malevolent activities. Large enterprises hold a higher identity verification market share. However, SMEs lack digital solution integration for fraud prevention due to financial constraints. Although being KYC and AML practices, a regulatory requirement, small businesses are moving towards integration of identity verification services into their system that automatically verifies each onboarding identity without compromising user experience.

Identity Theft

In 2018, a report by the Federal Trade Commission presented 1.4 million fraud reports. The loss due to these fraud totals to be $1.48 billion. Most common frauds, according to FTC’s, Consumer Sentinel Network Data Book, are debt collection, imposter scams and identity theft. High-risk customers target online platforms and find out loopholes that can help them commit these frauds. 

Who is at risk of Identity theft fraud?

Most of the online users who neither take security alerts seriously nor report irregular online activities/warning signs regularly are prone to the incidences of identity theft. Children and old people are most likely to be attacked by identity theft. Their identities are helpful for criminals as they have not previously been used in any criminal record and a clean state for fraudulent activities can be gained. Similarly, old people’s identities are targeted through the internet or email phishing scams. Their identities are considered trusted because of their age and help fraudsters easily commit. 

Who is at risk of Identity theft fraud?

Credit Card Frauds

Credit card frauds are prevailing in the category of identity theft frauds. 167,000+ online users reported credit card accounts that are opened with their personal information. Cybercriminals earn millions every month by hijacking financial information of customers in the form of the credit card information. In 2018, more than 57,600 websites lost their confidential data from payment forms. New accounts are exposed to credit card frauds more. 

Account Takeover Frauds

Account takeover frauds rose up to 79% in 2018 as compared to the previous year, 2017. Fraudsters use innovative technologies to hijack the accounts of online users. Using malicious scripts they use credentials stuffing techniques in which an automated script uses combinations of usernames and passwords to take out the right credentials user has saved an account with. The account takeover fraud is followed by many other frauds, for instance, stolen identity information is used in various fraudulent activities among which money laundering and terrorist financing are highlighted. 

How Automated Digital Identity Verification Helps?

Unauthorized access, root to various online frauds. Identity verification solution helps cut these roots by identifying each identity access to your business platform. It seems a long process of verifying identity, but if it takes just 30 seconds then?

A digital identity verification solution is robust that identifies the individuals in real-time without compromising user experience. It helps authenticate. Using document verification, identity is verified by capturing the details from documents using OCR technology. Similarly, biometric authentication is done that verifies identity in seconds using facial recognition technology. Small as well as large businesses are integrating these technologies to make their platforms secure from any fraudulent access. 

Due Diligence Compliance

Identity verification is more than an approach to avoid online fraud, it is a regulatory requirement in several countries to ensure customer’s data protection and privacy. GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) are regulations for customer data privacy to prevent it from getting into bad hands. Moreover, the growth of the digital identity verification market is driven by Know Your Customer (KYC) Anti-money Laundering (AML) and Customer Due diligence (CDD) requirements.  

Digital identity and document verification consist of these four steps:

  1. Asking the user, “are you a real person?”
  2. Verifying authenticity of documents
  3. To ensure that you can continue business with the individual
  4. Enhanced due diligence to verify customer background

Among these, in the last step, identity is screened against global watchlists and PEPs records to make sure that your onboarding customers are not part of any criminal activity.  Customer screening helps mitigate the risk of onboarding an entity that could be high-risk for the business. 

Understanding Digital Identity

Understanding Digital Identity

What is Digital Identity?

In the digital world, your identity is made up of your personal information as it exists on the web (in digital form). Your personal characteristics, such as your name, address, date of birth, bank details, email ID, biometrics and login credentials all make up your digital attributes. 

Similarly, digital activities such as likes, comments, buying patterns, search histories, forum posts, and cellphone apps make up your online preferences. These are stored and tracked to maintain a record of online activity related to your identity.  

In short, it is an amalgamation of all personal attributes and characteristics that link the physical existence of a person to his or her digital presence. In this respect, the term digital identity can refer to all types of online platforms and computer systems that contain information about individuals linked to their national or official identities. 

This is similar to the collection of data in the real world, based on which an individual is identified and allowed to take certain actions. Official identification documents, proof of address, driver’s licenses, and other personal documents are required for transactions such as account opening or buying a property. 

Verification of persons online entails matching these two forms of identities to onboard people for digital services and to confirm their presence online. Signing up for an online account, making a purchase in an e-store, accessing medical records and accepting remote jobs becomes possible with a single click and a verified digital identity. 

This is known as digital authentication and is linked to the act of validating one’s identity at the time of sign up. The use of biometric technologies such as fingerprint and retina scans, as well as facial recognition, are all part of the process of cross-checking identities to validate if an individual is really who they say they are.

Establishing Trust Online

As businesses and services make a move to the digital world, crimes related to identity have also shifted platforms. Cybercriminals are learning to intercept digital accounts and steal identity to make fraudulent transactions. In the recent past, businesses and individuals have lost large amounts in losses as bad actors find innovative ways to stay ahead of tech experts and regulators at organisations and carry out online crimes. 

Digital Identity information is exposed through phishing attempts, irresponsible use of login details, location sharing, public wi-fi networks, and exposure to social media malpractices. Opening up access to accounts and online services, an online identity serves as a virtual currency that is exposed to data breaches. Additionally, digital identities are also sold and used against individuals in what is known as the ‘dark web’. A well functioning online system, therefore, needs efficient processes for maintaining reliable digital identities and mitigating accompanying risks. 

With impending threats of money laundering and terrorist financing, regulatory compliance in the form of KYC, AML and KYB requirements will help companies maintain trustworthy business ties online. Compliance regulations rolled out by GDPR, AMLD6 or CCPA make it mandatory for companies to opt for reliable means of verification. Strict identity checks and screening processes that verify who an individual is, and authenticate his/her access to an online portal are therefore the cornerstones  of good business practice. 

Unlocking Access to Financial Services 

The advantage of establishing a digital identity network is perhaps most evident in the banking and financial institution sector. Low cost and high accuracy than traditional vetting processes, digital identities offer faster ways of complying with regulations and attributing trust to financial brokers.

KYC checks ensure that customers are genuine entities as far as their existence, personal characteristics and documentation is concerned. For AML and ongoing background checks, identities must be traceable and accessible by verification solutions. This is easily facilitated by digital identity frameworks that consolidate pieces of information based on their accuracy and validity. For banks, this saves huge amounts of money otherwise at risk of being lost due to compromised identities. 

As observed, account takeover fraud is one of the most popular forms of fraud in the banking sector, with large corporate losses noted due to fraudulent transactions. Using traditional methods of identification, therefore, puts institutions at a higher risk of loss than digital identities, which can be consolidated and secured through advanced technologies such as blockchain. 

As a useful proof of verification, digital identities also open up new avenues for people who have limited or no access to traditional means of identification in the real world. Close to 1 billion do not have an official identity. This has grave implications in the form of barriers to basic social services such as education, health and economic opportunities. In this respect, a consolidated digital identity has the potential to act as a safety cover for people with no access to formal financial services. 

Modern organisations are upgrading to digital infrastructures and investing rapidly in safer technologies. Digital identity verification is one of the many important areas of security that require effective solutions for safer experiences online. The eventual goal is to tie the digital identity to a real person and to ensure that people are who they say they are. 

Need for Identity Verification in Real Estate and Its Real-World Use Cases

Need for Identity Verification in Real Estate and Its Real-World Use Cases

The real estate industry is in dire need of identity verification processes. The reason being, the transfer, and flow of illegal money across the globe. Criminals are always on the search for opportunities that could contribute to their embezzle funds transfers. Money laundering and terrorist financing are made possible for criminals to conduct it through real estate. Fraudsters have found tricks to fool the real estate agency through which they have learned the ways to clean the ill-gotten gains before enjoying them.

Study shows that the real estate has reached to the crimes of worth $1.6 trillion annually. The lack of a monitoring system estimates this value to increase in the coming years. Here comes the need for identity verification. Identity verification of the property seller, property buyer and the entities that are offered with certificates for multiple purposes. There is a need to verify the person involved in dealing with real estate. This will reduce the chances of bad actors if they are screened through various verification parameters. This step is not as complicated as it seems. Online customer identity verification services are available which help you verify the identities in real-time providing a streamlined process.

In the past few years, the criminals have exploited the real-estate sector to launder their black money and to convert it into white money. Panama Leaks is one of the recent money laundering cases that jolted the regulatory authorities from their deep slumber regarding the need for regulatory scrutiny of the real-estate sector. 

How Real-estate is exploited?

Money launderers find the least regulated regions and then launder their money to buy real-estate. Later the criminals would conduct several buying and selling transactions and incorporate the black money within the sale proceeds of the real-estate. Real-estate is exploited in the integration phase of money laundering. 

Local Legislations and Real Estate

For the accurate and transparent transfers of property, local regulators are active. UK, Germany, Canada, Singapore, Australia states are all adopting efficient ways in real estate to streamline the process of customer verification. To avoid reputational damage to a company, now the organization that complies with local regimes is considered more reputable. 

The UK has given the time till 2021 to the real-estate owners to get registered with the concerned authority. So it’ll filter out the money launderers. The registers of real-estate owners will be shared with the public. So, businesses will have the ability to identify criminals among the legitimate sellers of real-estate. 

By implementing an Electronic Verification System (EVS), real estate agencies can deter the risks of fraud. It is important to screen the customers against electronic databases that contain the lists of exposed persons either they are money launderers, politically exposed or terrorists. These updated lists would help in verifying the identity in seconds. It is a smart way to protect your real estate business from criminals. 

Use Cases of Identity Verification In Real Estate

To strengthen the overall dynamic security measures, it is important to integrate digital identity verification services with the system. This verification system authenticates the customer based on several supporting shreds of evidence that could be official identity cards, bank accounts, and other documents. The following are some of the use-cases that are covered in real estate by identity verification.

Customer Due Diligence

 Identity verification is mandatory to perform Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) processes in the system to verify the customers against strict verification checks. This step serves the purpose when it comes to avoiding illicit funds transfers.

High-risk Transactions

Money launderers have smart tricks to transfer money across the world. It gets hard to track the path of money flow and to differentiate dirty and clean money. Real estate can verify each of its customers before proceeding with any transaction. The property documents should be verified to make sure that it is coming from an honest entity.

Updated Criminal Databases 

Identity verification API collaborates with the updated criminal records against which identities are verified. These criminal records include the list of politically exposed personalities, money launderers, cybercriminals, terrorists and similar entities. Against these sanction lists, each entity is screened to make sure that onboarding identity has not been a part of any criminal activity before or currently.

Compliance Requirements

Local regulators have proposed serious laws regarding identity verification of the customers. These laws came into effect as a result of criminal activities through real estate in various areas of the world. To avoid regulatory penalties, it is important to comply with the requirements of compliances strictly.

To wrap up, real-estate has a huge growth potential that will not tarnish with time but will enhance. The criminals are exploiting this sector for long. But now the regulatory authorities require this sector to practice customer due diligence on their buyers and sellers. It’ll reduce criminal exploitation of this sector. 

Digital identity verification and KYC screening of customers will help real-estate businesses to gain global risk cover against financial criminals.

Visa Mastercard Face FTC Inquiry Over Debit Card Transactions

Visa, Mastercard Face FTC Inquiry Over Debit Card Transactions

Visa Inc. and Mastercard Inc. are once again facing inquiries by the Federal Trade Commission over policies that prevent merchants from routing debit card transactions over substitute networks. 

As part of a preliminary inquiry, the FTC has been reaching out to large merchants and their trade groups over this issue. The issue at hand is whether Visa, Mastercard, and other large debit card issuers are restricting retailers from routing some mobile payments and tap-to-pay transactions over alternate networks like Pulse, NYCE and Star. 

A spokesman for Mastercard, Seth Eisen, said that the organization will cooperate with FTC’s request. On the other hand, representatives for Visa and FTC declined to comment. 

FTC investigators are focusing on transactions made with mobile wallets as those can automatically route to the global application identifiers which employ the networks of Visa and Mastercard. Another aspect of the investigation is to make sure that the country’s largest debit card issuers are restricting transactions that don’t demand a personal identification number from being directed over other networks. 

The FTC has also investigated issues with debit routing in the past. In 2016, Visa modified its rules after an FTC inquiry, explaining that the retailers would not be required to demand the cardholders to choose a network for their transactions. 

 

Cybercrimes Rise

Cybercrimes Rise 5 times in 4 years and Continue to Soar!

 A rapid stride in the tech world over the years has increased cybercrimes immensely. According to a report, cybercriminal activities have clamped up 5 times in 4 years.  Since the usage of the internet is increasing with every passing day this internet connectivity has clamped up the volume and pace of cybercriminal activities. It is a challenging task to keep the pace up with new technologies, security trends, and threat intelligence. 

In order to protect information and other assets, it is necessary to take precautionary steps to avoid falling prey to cyber-attacks which are of many types. For instance, identity theft in order to gain sensitive information that is typically protected, credit card fraud, Ransomware which is demanding a payment to decrypt the locked computer or software, phishing in which fraudulent emails to steal sensitive data. Cybercrime in recent times has taken a curious turn with the character assassination of individuals and multi-crore frauds by lurking its way through popular social media platforms.

Cybercrimes- Calling out a set of Perils:

The use of cybersecurity can help prevent cybercrimes, data breaches, and identity theft and can aid in risk management. The protection of internet-connected systems, including hardware, software, and data from cyber-attacks is referred to as cybersecurity. Cybersecurity is a technique of protecting computers, networks, programs and data from unauthorized access or attacks that are aimed for exploitation. Protection of the usability, reliability, integrity, and safety of the network comes under network security. 

At the global level, the U.S. is taking giant strides forward in terms of implementing cybersecurity. In 2017, two cybercrime major incidents brought down government networks that sent an alarming signal. The need to implement reliable and impenetrable cybersecurity systems received an added push. 

Trends in CyberSecurity:

 

In the wake of the growing sophistication of cyber adversaries, the unprecedented volume of attacks and increasingly lethal IT security threats, coupled with stricter regulatory mandates, there is a pressing need to cope up with IT security more than ever in this new year. Here are some cybersecurity trends at a glance:

 

  • Tracking Shadow IT Inventory

 

Software programs and applications which are not approved by enterprise IT but still running on user devices will be more liable to exploit shadow IT resources. As businesses increasingly embrace software as a service (SaaS), norms are becoming somewhat lenient as users enjoy greater freedoms with their own devices. But it should not be happening by putting cybersecurity at the stake. In digital transformation, businesses will need to take steps for security and constantly monitor user access rights and permissions for any possible regulations.

 

  • User Awareness

 

Businesses need to keep their eyes peeled for any potential risk that can come from their own users. This may include potential harm arising from a sophisticated phishing scam or a user’s lack of awareness in fulfilling a mandate, resulting in data loss, identity theft, etc. Users are always the weakest link in the security chain of business. So it’s crucial to give user awareness training for cybersecurity. 

Just by the employment of next-gen security measures will not help in doing what’s necessary. There are a variety of incidents where users violate the security code of conduct. For example, logging into unsecured public networks, using work devices for personal transactions, downloading unapproved applications, etc. This needs to change.

 

  • Targeted Phishing Attacks:

 

Unsuspected users continue to fall prey to phishing attacks which are the most pervasive IT security threats. A study conducted toward the end of 2018 suggests that online phishing attacks were up 297% over the last year and 2019 shall see this trend booming. Comprehensive security awareness programs should be adopted by businesses. This may include investing in phishing simulators that explain various emerging patterns. This should help users identify suspicious phishing emails, ensuring they do not end up handing over the keys to the castle.

 

  • Operationalizing GDPR

 

Businesses should think of GDPR to increase IT security. As GDPR makes it necessary to appoint a dedicated data protection officer (DPO), operationalizing this compliance will require understanding several aspects of the law, such as how information privacy is protected and anchored in. It will help to determine if the up to date intelligence on the data processed is available. 

 

  • Cloud security:

 

Cybercriminals take aim at the cloud. An increasing number of databases are being hosted in the cloud, which is where software and systems are designed specifically to be deployed over a network. As more and more businesses migrate to the cloud, a new role of cloud migration security specialist will be a key part of large IT teams. Cloud hygiene will only grow in importance over the next 12 months, particularly in avoiding devastating data breaches. Many management and identity verification tools can be used in this regard.

How Can We Fight Cyber Crimes?

 

Fighting cybercrimes is everyone’s business in one way or the other. Following are some ways to protect yourselves against cyber-attacks:

Use Internet Security System

 

Use software that can provide real-time protection against existing malware including ransomware and trojan viruses. It will help protect your data when you go online.

Use Strong Passwords

 

Do not just add easy to guess traditional passwords. Always use a strong password and keep on changing the passwords after some time. Do not repeat the same password for different sites. 

Keep Software Updated

 

Always keep an updated version of the software. Cybercriminals use known exploits frequently to gain access to your software. Keeping updated software will make it less likely that you’ll become a cybercriminal target.

Guide your Children

 

Teach children about the use of the internet. Make sure they are comfortable sharing with you if they experience any sort of online harassment, stalking, or cyberbullying.

Take Measure to Protect Identity Theft

 

You can save your identity from falling into the wrong hands. Know that identity theft can happen anywhere so always be very cautious. It occurs to obtain your personal data in a way that involves deception mostly for economic gain. You might be tricked into giving personal information over the internet or cybercriminal can steal your mail to access account information. So guard your personal information by using VPN over new Wi-Fi connection and keeping your travel plans off social media. Protect your children as identity thieves mostly target children. 

Keep up to Date on Data Breaches

 

Just over the last decade, there have been over  2,550 data breaches with millions of records being affected and the nature of the stolen information makes them considerably more serious than most. One should always stay up to date by such cases so that he can protect himself against such incidents. This will help you find out which type of data was targeted by criminals so that you can protect them. 

Manage Your Social Media Accounts

 

Keep your private information well secure and locked down on social media sites. Just a few data points will be enough for social engineer cybercriminals to get your personal information. It the less you share publicly the better it is. 

Always Use a VPN

 

Whenever you are using any WI-Fi network at a public place it is a good practice to use VPN whether in a library, hotel, cafe or airport.

Become a Victim? Know what to do

 

If you believe you have fallen prey to cybercrime, you need to inform local police and in some cases FBI even if the crime seems minor. Your report may assist the authorities in their investigation or may help to thwart criminals from taking advantage of people’s personal data in the future. If cybercriminals have stolen your identity following are some steps you can take:

  • Report the crime to FTC
  • Get your credit reports and place fraud alerts
  • Contact financial institutes or companies where the fraud occurred. 

As technology is advancing, it is important for every organization to identify the real problem i.e. lack awareness related to cyber intelligence and crime could potentially inflict a heavy loss. One should be aware of how to protect himself against these crimes and where to report if he gets trapped in. In a nutshell, cybercriminals are becoming more discrete and to identify the breach in security needs to be identified and dealt with high urgency to avoid identity theft and data breaches. 

EUs Sixth AntiMoney Laundering Directive AMLD6

EU’s Sixth Anti-Money Laundering Directive (AMLD6)

Summary: Sixth Anti-Money Laundering Directive (AMLD6) highlights a stringent framework to combat money laundering and terrorist financing. It extends the scope of criminal liabilities and entities with an updated list of predicate offenses. AMLD6 came up with tougher penalties and widens the criminal liability to legal persons. 

The European Commission affirmed action plans to tighten the reins on mounting money laundering and terrorist financing. On 26 June 2017, the 4th Anti-Money Laundering Directive (AMLD4) came into force contributing to the same idea of combating bad money flow. It stated the regulations for information exchange and its operation among financial institutions. After this, EU co-legislators identified the need for amendments in AMLD4 which were declared in AMLD5. These changes are expected to come into effect by the 10th of January 2020 and state sectors which need to strengthen the standard operations to deter the risks of money laundering. Also, it asserts that the sectors facilitating criminal activity will be subjected to harsh regulatory penalties. Recently, the EU Commission came up with Sixth Anti-Money Laundering Directive(AMLD6) published in the EU’s Official Journal. AMLD6 introduces a harmonized authoritarian framework for the elimination of money laundering. 

AMLD6 strengthens the existing norms of anti-money laundering. It establishes minimal criminal liability rules for money laundering by setting it’s clear definition and stating predicate offences, enforces minimal sanctions and extends criminal liability to legal professionals. It reinforces the framework with the police cooperation point of view. Furthermore, the Directive sets specific requirements regarding information records and requests, sensitive data processing, and restrictions to rights. 

AMLD6 – New Measures and Amendments

 

EU Commission proposed new measures to fight against terrorist financing and money laundering activities. Commission believes that existing models are neither comprehensive nor consistent. It suggests that definitions should be cleared at the national level and scope should be widened that covers the industries with a broader perspective. It further elaborates that criminal proceedings are innovative enough to exploit the parliamentary discrepancies. These weaknesses become the source of opportunities for money launderers to convert their ill-gotten gains to good money. 

The draft provided by EU legislation is obliged to send it to Parliament as well as Council. The trialogue of three bodies will reproduce an agreed document that would be accepted as a new EU law. Denmark will not be affected by this law due to its legal agreements and the UK government may be opted out of the adoption of AMLD6 notwithstanding Brexit agreement. The fundamental component of AMLD6 is the list of 22 predicate offences. AMLD6 defines these predicate offences explicitly which will definitely impose obligations on the firms. Companies would have to take in place monitoring systems to detect direct and indirect links facilitating predicate offences. 

Following are the key elements of AMLD6 that incorporate criminal legislation:

 

 

  • Harmonized list of Predicate Offences

 

The scope of 22 predicate offences has extended. Now it includes the emerging threats of environmental crimes and cybercrimes in the EU. Environmental crimes refer to those that set out in legal acts of the Union. Similarly, cybercrimes are declared as predicate offence that was not catered in the FATF recommendations. Tax crimes are also in the scope of AMLD6, the crimes that directly and directly committed due to tax commutation. To avoid the ruinous circumstances, firms should familiarize themselves with the expanse of 22 predicate offences. 

 

  • Aiding and Abetting, Inciting and Attempting

 

The money laundering scope is extended in AMLD6. Now, aiding and abetting, and inciting and attempting lies under the premises of money laundering perspectives. By including these entities that are called ‘enablers’, money laundering tracking can become easier. These entities are considered the facilitators of the money laundering process. Therefore, AMLD6 extends its boundaries for money launderers to combat the risks of embezzling funds transfer. 

 

Key Points of 6th AML Directive

 

 

  • Criminal liability extension to Legal Professionals

 

Recalling AMLD5 in which legal professionals were spotlighted to undergo client identity verification and keep accurate information about them. AMLD6 focuses on the evaluation of legal professionals. According to which, criminal liability is extended to legal professionals i.e. partnerships and companies. It is applicable to those who facilitate money laundering through their businesses directly or indirectly for the sake of their own benefit. Legal professionals would be answerable if Individuals who caught transferring illicit funds is not identified. 

In addition to this, the representatives, executives, supervisors, and decision-makers who lack proper individual authentication or supervision would be accountable for facilitating criminal activity.

 

  • Tougher Regulatory Penalties

 

One of the most important area covered in AMLD6. The Directive says that all Member States are supposed to set the imprisonment of at least four years to deter money laundering. The business that caught facilitating money laundering would be temporarily or permanently banned. Also, there would be the closure of business units and operations, exclusion from public funding access, halted grants and concessions through which predicate offence is committed. Wise companies are in the race of complying with the regulatory norms to avoid harsh fines and reputational loss of a company. 

The rising exposure to money laundering is alarming for industries and businesses. Any entity that facilitates money laundering or terrorist financing actions will be sentenced with heavy penalties. Companies are seeking innovative solutions to tackle money laundering and to perform efficient monitoring of bad money flow through Artificial Intelligence and Machine Learning techniques. 

Data Protection and Privacy

 

This initiative facilitates competent authorities to take in place stringent mechanisms through which personal and sensitive data is collected and processed. The fundamental rights of the subjects should not be compromised in any way. The directive focuses on data protection and privacy rights, the information collection should be minimal and should not include any financial information, for example, financial transactions or credit in bank accounts. Although a limited set of information includes personal data i.e. subject’s name, bank account number, date of birth, etc. Information on the total number of bank accounts of the subject is necessary for the purpose of investigation.

Sixth Anti-Money Laundering Directive (AMLD6) will be formally published and adopted in the EU’s Official Journal and at least after 26 months of coming into force, firms would have to comply with the directive. Member States have to follow the regulatory provisions and laws to take into account the associated predicate offences that could be promoted in the premises of legitimate business in any way.

Identity Verification Key to Eliminate BEC Fraud

Identity Verification – Key to Eliminate BEC Fraud

Fraud prevention and cybersecurity are the major concerns of the companies in the digital era. Norton predicted that cybercriminals will steal an estimated 33 billion records in 2023. And misuse of such information is a common practice. Fraud comes unannounced so the businesses need to adopt a proactive approach towards such events. Fraud prevention is a continuous process. For example, if you perform KYC and AML screening before onboarding your customers and do not practice it at the time of every transaction you are leaving a loophole for a Business Email Compromise (BEC) fraud. 

BEC fraud, also called CEO fraud is very common because most of the communication is online. The criminals do a lot of research before targeting an entity for BEC fraud. In this fraud, the criminals will send an email or make a call for urgent fund transfer to a company impersonating as one of their customers or merchants

BEC fraud is executed in a very friendly way. The criminals either manipulate the person with a friendly chat or by showing urgency in fulfillment of their fund transfer request. 

For example, 50 years old Evaldas Rimasauskas tricked Google and Facebook to wire more than $100 million to his bank accounts. 

The man researched a merchant of Facebook and Google namely, “Quanta Computer” and registered a firm with a similar name. Then he sent fake invoices and contracts to make the fraud appear more natural.  

He tricked the employees of both companies into wiring money to his bank accounts in Latvia and Cyprus. Then he transferred the funds to his bank accounts in Hong Kong, Hungary, Cyprus, Slovakia, Latvia, and Lithuania to hide the money trail. 

How is a BEC Fraud Executed?

 

A BEC fraud starts with a lot of research about entities (businesses that could be the soft targets for the fraud. The criminals collect information related to the merchants or customers of the company that has their payments pending. Once they have the information the criminals will make an email ID quite similar to that of your client’s email ID and contacts one of your employees. At times the criminals use the legitimate email ID of your customers because one of your customers might have been careless about securing their email credentials. 

This fraud could also be executed the other way round. The criminals might use your email credentials to contact your merchants and clients for fund transfer of pending payments. Your clients will make the payments and you will have to bear a financial loss if your legit email credentials are used for the execution of the fraud. 

The contact is mostly conducted through a casual email like asking about your last vacation or your health. Once they break the ice, they will send a friendly email regarding the change of their account details or for an urgent fund transfer.  

Not suspecting anything suspicious the employees often fulfill the request, quickly due to the urgency created by the criminal. 

Often the criminals send fake invoices as well with the official header or logo of one of your clients. Or they make calls impersonating as the CEO of your client company to make things look more natural. 

Also, in most of the email compromise frauds, the criminals ask for a wire transfer and leverage over the confidence that companies have in security protocols practiced in wire transfer fraud. 

Industries That Are Common Victims of BEC Fraud

Banks

 

Banks are the most common targets of BEC fraud as they are the financial intermediaries and serve a diverse clientele. Banks around the globe are struggling to retain their customers after the advent of fintech and are always in contact with their clients. Receiving wire transfer requests from customers is common for banks. When they receive any such email for urgent transfer from a credible client the employee often tries to fulfill the request at the earliest to retain happy customers. 

Real estate

 

Real estate is also a common victim. The criminals collect information regarding some ongoing real estate deals and contact the buyer as the legal representative of the seller and request a fast payment or clearance of dues. 

As the deal is in the closing phase the buyer does not suspect anything suspicious and makes the transaction. 

B2B Businesses

 

In this case, the criminals target the companies in a B2B relationship. The email ID of the CEO or legal representative of one of the companies is exploited in such cases. The criminals collect complete information regarding the previous email communication among the two companies and use it to send an email with a natural casual tone. 

How to Prevent BEC Fraud?

 

BEC fraud has caused huge losses to many businesses of all sizes and types, even the non-profit organizations have been the victims of this fraud. FBI’s Internet Crime Report (ICR) found that BEC fraud losses rose by 90.3% in 2018 and fraud complaints rose by 14.3%. 

Businesses of all types and sizes need to pay heed towards the prevention of BEC fraud. It not only cause financial loss but also affects the credibility of a company. Below are a few suggestions for preventing BEC fraud.

Identity verification of every request of wire transfer

 

Most of the businesses use online communication, but do not understand the significant risk lurking in the cyberspaces. Businesses need to develop and practice in-house fraud prevention measures to counter any BEC fraud attempt. 

Businesses should use verification methods to screen every such request. Ask the email sender to go through a real-time identity verification process every time a customer makes such a request. The verification could be performed through face recognition or 2-factor authentication. 

Online identity verification is a feasible solution as it shows quick results and does not cause any inconvenience for the end-user. Also, the visible security measures will show your commitment to the security of your merchants or customers. 

Train your employees

 

Employees of companies are the common victims of BEC frauds. The criminals choose a soft target that is easy to manipulate for wire transfer fraud or a phishing scam. 

So, the employees must be trained on a regular basis, regarding the latest trends in cybersecurity and the types of cybercrimes. This will help them to identify suspicious emails and fake fund transfer requests. 

The training could be based on the following pointers:

 

  1. Do not open any emails that are way too attractive, it might be a phishing email. 
  2. Beware of urgent payment requests from your merchants. 
  3. Tackling the account credential change request from your customers/merchants
  4. Very casual and friendly email from your merchants 
  5. Train them about the technical aspects of fraud prevention software used in your company

Report the concerned authorities 

 

As soon as you find a BEC fraud, report it to the concerned authorities. It will protect the company from such attacks in the future. Also, it is the corporate and legal responsibility of the businesses to report such fraud attempts for the benefit of the masses. 

Email security

 

Using email security filters help in analyzing and detecting any threats in the email messages. Also using the filters for detecting the newly registered domain names similar to your domain name helps in finding the potential risk before it could cause any harm. 

Such filters help in identifying and stopping spoofing emails from reaching the mailbox of the employees. 

To wrap up, BEC fraud is a planned crime and businesses need to be proactive to eliminate such frauds. Caution in sharing contact information and basic identity verification of the person making such fund transfer requests is necessary to eliminate the chances of becoming a victim of BEC fraud. In-depth verification of clients and merchants before making transactions helps in eliminating the risk at the very first stage. These minimal and easy steps might prevent a huge loss for your company.