Identity theft isn’t just a big problem, it’s a growing one – and it doesn’t respect borders.
One in five Europeans, for example, have already experienced identity theft fraud; while statistics indicate that one in 10 US adults will have been exposed to identity theft by 2030.
As a business, then, it’s your responsibility to do everything in your power to prevent your role in identity theft; and ensure you’re verifying the identity of every customer who crosses your business’s path. But with identity thieves getting smarter and the range of AI-enabled technology at their disposal following suit, accurate identity verification can be challenging.
That’s why below, we’re demystifying this complex topic. We’ll explain what identity theft is, and the vital role that proper KYC (Know Your Customer) strategies play in safeguarding both your business and customer base from the growing threat it poses.
Then, we’ll provide our top nine KYC strategies for combating identity verification – and explain how Checkout.com can help simplify the whole process.
Identity theft is a form of cybercrime in which a criminal illegally obtains and uses an individual’s personal information – such as their name, credit card number, or social security number – for financial gain.
Typically, criminals gain access to these details by purchasing them off the Dark Web, after the data has been exposed in a data breach. However, fraudsters can also farm them details directly through phishing and social engineering tactics, or by physically stealing personal documents. Masquerading as the legitimate person, the criminal can commit a wide range of fraudulent activities under the guise of that identity.
These acts could include:
Because this is all committed under the real person’s name, it’s them – not the attacker – left to deal with the repercussions. To repair their credit, clear the fraudulent charges against them, and restore their identity. The consequences of identity theft on the victim, then – on their financial stability, credit score, and overall reputation – are wide and long-ranging.
So it’s crucial to understand how you can protect your customers – and your business – against identity theft’s myriad ill effects. And here’s where KYC comes in.
KYC (Know Your Customer) is a set of procedures that require your business to ‘know’ your customers before you begin working with them.
And no, we don’t mean ‘getting to know’ them – and KYC isn’t about taking your newest customers out for a coffee and a chat.
Rather, KYC is about ensuring your prospective customers are who they say they are; verifying the identity of them, as an individual, or their legitimacy as a business. It’s about understanding the potential risk each new customer who’s purchasing from, or opening an account with, your business poses – and helping you mitigate that risk going forward.
To do this, KYC calls for strict identity verification protocols. You’ll need to request sufficient proof of your customer’s identity – such as government-issued ID and proof of address – and have the tools and processes in place to be able to authenticate these documents. (Quickly and efficiently, too, so as to not compromise the customer experience.)
KYC is an important part of remaining compliant with Anti-Money Laundering (AML) and counter-terrorism financing regulations. But it’s also about protecting your business from fraud – and safeguarding legitimate individuals from having their identities stolen. By accurately identifying your customers, you can prevent bad actors from opening accounts or gaining access to services under false, fraudulent pretenses.
Fortunately, there’s a wide range of strategies that can help you prevent identity theft from taking a toll on your business and customer base – and an even more comprehensive suite of technological tools to ensure their effectiveness.
Let’s take a closer look.
Verifying your customers’ documentation is an excellent way of confirming that they are who they say they are. By requesting that they upload their official documents – which could include their passport, driver’s license, or national identification card – you can ensure, at the very least, that they have all the documents they should have.
What’s more, you can also employ more advanced technology – such as optical character recognition (OCR) and machine learning algorithms – to detect forged documents, or ones that have been tampered with; thus adding an extra layer of security to your KYC setup.
That said, document verification only tells you that the individual attempting to apply for services with your business has access to those documents. They don’t, necessarily, guarantee that the person making the application is the person those documents pertain to.
So how can you be sure? Biometric verification helps.
Biometric verification is the process of authenticating a person’s identity by their unique, inherent characteristics. Unlike a person’s PIN or password, these attributes can’t be stolen – and they’re extremely difficult for fraudsters to replicate or fabricate.
Fingerprint scanning, facial verification, and voice recognition are all popular methods of biometric verification. (And, indeed, have found a wide range of mainstream applications: from unlocking smartphones to authenticating digital wallet payments.)
Biometric verification also goes hand in hand with document verification, as it can provide an opportunity to compare the individual’s unique physical characteristics (how they look, for example) with the documents they’ve submitted.
To this end, many identity verification solutions capture a live image or video of the person during the identification process. Then, by analyzing the person’s facial features and overall facial structure – often through AI – these systems are able to use this “likeness” of the individual to ensure a match with the images on their passport or driver’s license.
Verifying your customer’s address – usually through direct, paper-based correspondence with official entities like the government or IRS, or utility providers – ensures that they’re based where they say they are. This crucial part of the KYC process prevents identity thieves from supplying fake addresses, and helps your business establish genuine relationships.
When you employ electronic identity verification techniques, you cross-reference the details your new customer is supplying with public records: such as government databases, utility companies, credit bureaus, plus other reliable, trusted entities.
This is a fast, efficient way of verifying your customers during the KYC process, however – like all the techniques here – shouldn’t be relied on in isolation, but rather as one instrument in a comprehensive identity verification orchestra.
Just as the styles and strategies of identity thieves are always changing and evolving, so to must your approach to KYC – and, through this lens, identity verification can never be a ‘set and forget’ process.
KYC requires ongoing attention; it demands that you update your customers’ information and re-verify their identities at regular, specific intervals. By doing this – and combining your ongoing KYC efforts with fraud detection and machine learning tools and techniques – you can prevent identity theft in real-time; and make sure that any suspicious behavior triggers not only immediate investigation, but swift action, too.
Multi-factor authentication (MFA) is the process of requesting multiple forms of verification. It’s generally a combination of two factors from the following:
Together, these factors – knowledge, possession, and inherence – combine to provide a comprehensive level of identity verification, and help your business fulfill its KYC obligations.
Preventing identity theft with KYC is a responsibility that rests squarely on your business’s shoulders. However, your customers do still have a role to play to exercise due diligence in protecting their personal information.
That said, they’ll need regular reminders and education to do this – a responsibility which, once again, falls on you.
So take it upon your business to educate your customers about safeguarding their most sensitive information. Provide guidelines around how to create strong passwords, recognize phishing attempts, and understand what a social engineering scheme looks like. Explain that you’ll never request personal information via email, and that you’ll never encourage them to update their details with you via an unsolicited link in an email or text message.
Well-informed customers will naturally be more cautious about sharing their details online, which makes it more difficult for identity thieves to exploit them. This, of course, is good for your customers – but it also reduces the likelihood that your business will end up granting services, products, or accounts to criminals.
As new KYC identity theft technologies and best practices arise, so must your business take advantage of them. Frequent updates to your KYC processes ensure that they remain robust against emerging, increasingly sophisticated forms of identity theft.
Part and parcel of this is understanding what these threats are, of course – and here, Checkout.com’s guide to fraud detection and prevention will help keep you at the forefront of fraud-fighting knowledge and best practice.
Your KYC obligations aren’t only about stopping incoming identity theft – but preventing the leakage of your existing customer data to criminal third parties.
Remember, one of the ways in which identity theft happens in the first place is through data breaches: when hackers, targeting a business’s online systems and networks, gain wrongful access to customer records. With these records, they can continue the cycle of identity theft: perpetuating its harms by targeting other businesses – with your customers’ data.
To avoid this, ensure your business is following best practice when it comes to the secure storage and handling of customer data. Implement encryption and access controls, run regular security audits, and make sure your business is adhering to your relevant regional data protection regulations: such as CCPA in California, or GDPR in Europe.
And, while we explained earlier the importance of educating your customers around phishing and social engineering, you must also educate your team, too. This could involve training sessions, or simulated phishing exercises (in which you test your staff by deliberately sending them a ‘fake’ phishing email to observe how they deal with it). By doing this, you limit the role of human error in exposing your business’s systems to a data breach or outside attack.
As we’ve seen here, there are many KYC strategies your business can implement to prevent identity theft. As we also touched on, though, one is rarely enough – and the best way to keep your business one step ahead of the fraudsters is a synthesis of different identify verification strategies, all used in a dynamic, ever-shifting combination.
That’s why Checkout.com equips you with the full arsenal of approaches you need to protect your customers and business. Our Identity Verification (IDV) is a 24/7 solution to your identity verification needs, and will enable you to:
Our intelligent fraud-fighting identification verification tool can help you cut costs by up to 50%, while our video flows can boost your conversion rate by up to 30% compared to photos alone. What’s more, you can customize your business’s identity verification user flows to fit the look and feel of your brand – and personalize instructions to build trust with your customers.
Want to know more? Get in touch with our team of KYC and identity verification experts here at Checkout.com today, to tell us more about your business’s needs – no strings attached!