Mar 06, 2022It is perhaps more frequently associated with anti-money laundering measures and stacks of paperwork requested by banks, but KYC is, in fact, one of the cornerstones of a safe, streamlined digital economy. And while it is still mandatory only in a few sectors, as a concept and approach, KYC can help keep companies and legitimate customers safer in several others. Let's see why.
KYC: The Background
Short for "know your customer" (or "know your client," in some cases), KYC was first introduced in the 1990s as a requirement for financial institutions, in an effort to thwart money laundering schemes, as well as the funding of terrorism. The United States pioneered the concept by being the first to introduce KYC into law, tightening the measures significantly with the Patriot Act of 2001.
Legislation intended to stop money laundering is currently present in several countries, from the United Kingdom to India, having expanded to also include electronic KYC (eKYC) protocols. KYC falls under the umbrella of customer due diligence (CDD). While KYC is a form of customer verification at signup, in particular, CDD refers to all customer verification, even at later stages of the working relationship. The latter is a legal requirement for banking in some locales, though elsewhere it's more of a preference.
With time came the expansion of KYC requirements to beyond the financial sector. Depending on the locale, businesses that may have to carry out KYC checks include banks and building societies (see How Extensively Have Banks Used RFID to Identify VIP Customers?); credit unions and other lenders; fintech firms, including digital wallets; "buy now pay later" (BNPL) services; cryptocurrency wallets and exchanges; real estate agencies; iGaming and online gambling companies; CFD and trading platforms; and telecommunications, such as mobile networks. However, there can be benefits to applying the KYC principles and workflows for any business, even outside of this list. Let's look at how and why right away.
KYC: How It's Done
Verifying customers' identity through KYC means adhering to anti-money laundering (AML) and anti-terrorism legislation, for some businesses. It can also be useful in other sectors, to fulfill certification requirements. Yet, in the wider scheme of things, the main benefit of ensuring you find out who your user at signup is to your business. Verifying users' identity means less chance they are bad actors logging on to engage in fraud against you or your customers. Moreover, for those sectors in which there are no strict mandates for KYC, it does not have to be as intrusive for the customer as it is in banking, for example.
Due to the intensification of KYC and CDD requirements around the world, coupled with open banking and the rise of fintech, a range of KYC software and tools have been developed to provide assistance with the various aspects of the process. These make use of technologies such as machine learning, biometrics, liveness verification and digital footprint analysis to complete the process—which itself varies, based on the exact sector and purpose of the KYC check.
Examples include ensuring the customer is not on any sanctions lists, scanning and verifying the validity of identification documents, identifying their digital footprint and using this information to generate their online profile, complete with risk rating, and so forth.
Depending on the level of sophistication of the solution used for KYC purposes, it can also follow different paths, depending on each customer's risk rating. For example, someone who can be seen as a suspicious user due to their hardware configuration and location might automatically trigger hard KYC steps. This means they could be asked for scans of their identity documents or proof of address, or even to have a live video chat with a verification expert. On the contrary, a legitimate user will be led down a soft KYC path, being asked to do the bare minimum allowed in the organization's sector.
KYC Against Fraud
In 2022, it will probably be difficult for a non-specialist to keep track of the hundreds of different types of fraud threatening organizations of all sizes. However, it is important to point out that fraud threatens not just companies, but consumers and the economy at large, to the tune of $5 trillion a year, according to some estimates. In fact, certain types of fraud can be used in cyber warfare, aiming to destabilize or otherwise attack regimes.
Being able to stop fraudsters from successfully signing up for an account—with a digital wallet, e-shop, or online bookmaker, for example—means that these bad actors will be prevented from attempting fraud against the business in the first place. Such fraud may take up various guises itself, such as bonus abuse, refund fraud, and importantly, purchases with stolen credit cards.
To reduce the likelihood of criminal attempts of fraud against a business, there are several best practices to cover, with KYC being just part of this arsenal. However, being able to weed out a big portion of fraudsters at the signup stage allows us to alleviate some of the pressure on dealing with them later, when they are trying to complete a transaction or apply for a service.
Credit Card Abuse and KYC
KYC can help to stop fraud exacerbated through RFID skimming, for the more e-shops implement good security, the fewer fraudsters have a chance to use their stolen card details. Although the concept of criminals being able to steal credit card information through RFID-enabled skimming is largely exaggerated, there is no question that payment fraud is on the rise, and exponentially so. Global losses to it have increased threefold from 2011 to 2022, rising from $9.84 billion to $32.49 billion—and are expected to rise by another 25 percent by 2027, to $40.62, per Merchant Savvy.
Payment card details intercepted through various means are used by criminals to steal money, obtain goods, fund nefarious causes and generate opportunities for further, larger-scale fraud. In addition, before they are used in earnest, they are "tested" by attempting small payments. Despite such cards mostly belonging to consumers, the businesses where they are being tested or used can also incur huge losses.
Importantly, efficient KYC processes also help prevent chargeback requests. Initiated by consumers who believe—or claim to believe—that a charge made to their card should be reversed due to errors, fraud or bad service, chargebacks are a pain point for any business, and especially those that accept card-not-present (CNP) payments. If someone has their debit card stolen and that card is used to purchase items on your e-shop, for example, that debit card's owner will request a chargeback through their bank.
But a chargeback goes beyond just losing the value of the goods, for merchants. They also incur additional losses in administration fees; increased bank fees for businesses with frequent chargebacks; time and resources required to deal with the request; chargeback ratios—too many, and you could be blacklisted; reputational damage; and staff morale. Within this context, smart and adaptable KYC processes that have been adjusted per the merchant's circumstances and risk appetite is a powerful tool against chargebacks and other types of fraud, even when no KYC legislation applies. For many types of merchants, KYC is a potent way to be proactive in the face of fraud.
Gergo Varga has been fighting online fraud since 2009 at various companies—even co-founding his own anti-fraud startup. He's the author of the Fraud Prevention Guide for Dummies—SEON Special Edition. Gergo currently works as the senior content manager / evangelist at SEON, where he uses his industry knowledge to keep marketing sharp, communicating between the different departments to understand what's happening on the frontlines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.