Do you know your customer?
By that I mean - do you know, for sure, that they are an actual individual somewhere, and not just a synthetic identity created with data available online or gathered through data breaches?
In today’s mobile-first world, managing mobile identities efficiently is of utmost importance for your business to be able to gain user trust and minimize potential data breaches or fraud.
Check this out - over 5 billion people were connected to mobile services in 2017, and over 99% of transactions in Finland are carried out online! Moreover, online banking and e-commerce are only predicted to increase.
So is cybercrime. Add all that together and I think it’s clear that efficient mobile identity management needs to be a priority.
By now you might be wondering where KYC fits in?! Or before that, what KYC is?!
KYC or Know Your Customer refers to the process mostly used by financial institutions, but also other business, which entails verifying the identity of a client either before or during the time they start working with them.
It is the first step to efficiently manage mobile identities. When an identity has been verified, it’s the question of protecting it with seamless authentication solutions.
But how should we go about KYC when it didn’t do very well in the past?
Here’s what I think - after analyzing the current issues KYC faces, it seems clear that updating and standardizing these procedures, and then combining them with effective authentication solutions is the way to go.
Let me walk you through it.
Current KYC procedures are not good enough
KYC first came to be as a part of the Patriot Act with an anti-money laundering goal. It required banks to confirm the identities of potential customers and asses their risk factors before issuing them accounts.
However, these businesses faced challenges verifying these customers since the law didn’t standardize this process.
This means that every financial institution had to come up with its own procedures and requirements to verify a customers’ identity, all the while making sure that this process wasn’t too inconvenient or too costly (not counting the fines).
Want the results?
A 2017 Thomson Reuters survey showed that customer onboarding time has increased by 22% in 2016, and was expected to further increase by 18% in 2017.
We’ve been over how important convenience is to users, so it’s no surprise that 12% of companies said they had changed banks due to KYC issues.
So, we now have different institutions asking for different information which only increases user friction while they struggle with the compliance costs. Yet, KYC still isn’t effective in one of its main goals - the prevention of accounts issued to synthetic identities.
Modified KYC can help strengthen Mobile ID
Due to frequent data breaches, it has become incredibly easy for hackers to create synthetic identities that would successfully bypass KYC procedures and open accounts in other people’s names.
And that’s the biggest problem KYC today faces.
In 2016, more than 1.8 million consumers had a new bank account or credit card opened under their name and without their knowledge, an increase of 40% from 2015.
I say that’s unacceptable. Especially when there is so much that can be done to prevent it.
Instead of relying on information that can easily be found online, we need to first update this procedure to rely on some other type of information.
No more relying on names, birthdays, geographical location or similar information widely available.
Why not take advantage of the number of mobile devices around the world and rely on some type of mobile network operator data? Or even biometric data?
Using that type of information, in combination with the traditional information that’s used today just might work.
When we’ve updated and standardized the KYC procedures, there is less room for cybercrime. We are left with verified accounts that need to be protected.
KYC only is no longer enough
What does it matter if we solved the issue of synthetic identities if the accounts can still be easily hacked? That’s why after we’ve verified an identity, the next order of business is protecting it.
The best way to do this is to implement seamless and secure authentication solutions. There should be no compromise between security, privacy and user experience. You need all.
Inconvenient solutions can cost you customers, and so can weak security. Gain user trust by implementing solid security and privacy measures, and then win them over with the easiness of use.
Need a suggestion?
It’s my pleasure to say that IPification was created with all of these in mind.
Our solution leverages the power of mobile network operators by generating a unique mobile identity that includes various data provided by them - while still detecting any SIM card or device changes.
It’s the perfect ongoing authentication solution, but it can also be used in the first identity proofing instance. I’ll remind you that it would be beneficial for us to verify identities using information that is not readily available online, which is exactly the type of information IPification relies on.
And convenience-wise, how does no-user-action-required sound? The whole authentication process is done seamlessly in the background within a fraction of a second!
As such, these two complementary identity strategies are the way to go.
LATEST ON OUR BLOG
June 19, 2019IPification CEO at GSMA MWC Shanghai Identity Seminar