Action Fraud, the UK’s national reporting center for fraud and cybercrime, reveals a staggering sum of £146 million that has been lost due to fraudsters’ activities in the crypto sphere since the beginning of 2021. Fraud will only grow with the crypto market, which means you need to think about knowing your customers (KYC) within a wider risk management, fraud detection, and prevention exercise.
Identity verification that was once a single-point KYC solution at user onboarding is now expanding to handle users’ digital identities in the broader sense. Identity verification providers can help you ensure that an individual is who they say they are when they sign up and when they access the service again. If you are in a crypto or FinTech company that is setting up KYC processes, take the opportunity to go beyond verifying your user at onboarding to include authentication and other higher-risk transactions. Doing so helps your company leapfrog past institutional finance and use digital identity to meet compliance, security, and customer experience demands. Find out how below.
How using one-off KYC enables fraud
Crypto companies today need to address KYC not only from a regulatory perspective, but also from a fraud perspective. Fraud can take place in many forms: creating accounts with stolen PII, using fake identities, as well as account take overs (ATOs). This means that companies in crypto need to think about ways to prevent fraud at different points, from user onboarding to user authentication. The impact of failing to identify a user can include everything from inconvenience and brand damage to financial loss and agency liability.
Identity verification solutions have increased security and accuracy year on year, with features such as liveness detection systems powered by machine learning. This enables you increase assurance that someone is who they say they are when they sign up. But what about after? You do not really know who is logging in when there is only a name and password. This means that bad actors can get user credentials, whether through phishing attacks or targeted platform hacks that amount to $146-610 million in lost funds. Older online identity verification approaches only secured accounts at opening and left accounts vulnerable at the authentication stage.
Using identity verification with biometrics as a one-time compliance checklist item is missing the full potential of modern identity verification: that it is also a security solution for reducing fraud and strengthening identity access management in a user-centric way.
Introducing identity verification to match transaction risk levels
A new way of handling digital identities — through identity verification from onboarding and throughout future authentications — helps your company and customers secure legitimate accounts. Customers can use their biometrics, such as scanning their face, to prove their identity upon login or, more importantly, transaction authorizations.
If you are handling crypto, digital assets, or any other financial transactions, you are enabling transactions that can have high real-world impact. In other words, your users can be losing a lot of money if their accounts are not secured. To prevent that, it’s necessary to apply the appropriate level of identity and authentication assurance levels throughout your product. To do this, it is safer to verify a client every time he or she performs transactions rather than assume that someone who has login credentials is the same person who initially registered in your system. A user who is who they claim to be will be able to quickly do a face scan face scan and proceed, while a fraudster or bot will not be able to pass. This will help to reduce the damage in case a user’s account is compromised.
Do not remove friction. Use smart friction.
Reducing friction is wise from the perspective of improving the conversion rate. The less troublesome is the process of verification, the higher are the chances that your customers get to using your product. With the tools available today, you do not need to resort to 2FA or text-based secret answers that are just as easy for machines to crack as they are for humans to remember.
In contrast, the standard online identity verification performed today with a photo of a physical ID document and a video selfie following instructions, is easy for a human to pass and difficult for a machine or fraudster to fake. However, identity verification does not need to just be added step at user onboarding; it can be a replacement step. For example, when a user takes a photo of their ID document, machine learning algorithms run in parallel to check for authenticity and perform data extraction. The data extraction saves your user from filling a form manually, thereby saving them time in the overall onboarding process. In contrast, a fraudster who has submitted a photo copy will be caught by another algorithm checking for the document’s security features.
Fraud detection and prevention require ongoing identity verification
Identity verification does not replace, but instead compliments, other fraud detection and prevention initiatives. It does so by providing assurance that your user is who they claim to be. Below are four areas where identity verification tools can be added to other fraud prevention efforts:
- Choosing an identity verification provider that uses video selfies rather than still images to benefit from liveness detection.
- Setting up automatic case handling, such as requesting a document update or new identity verification from the user when their ID document expires.
- Linking ongoing monitoring to your company’s notifications so that flagged individuals, such as someone who comes up on a sanctions list, can be addressed immediately and you are not unwittingly serving the wrong types of people.
- Setting up customized identity verification workflows with addition checks, such as proof of address, based on conditions, such as a user’s country. Solutions like Passbase enable multiple verification flows that help your company handle identity verification globally based on localized market requirements.
Because of the growing sophistication of fraud, detection requires closing even the smallest gaps that bad actors can exploit. This means that fraud teams can only make use of identity verification solutions that are not cookie-cutter solutions, but flexible and able to easily integrate into the company’s processes.
Protecting customers’ digital identities protects the business
Ultimately, the goal of fraud prevention is not only to prevent bad actors from exploiting your services, but also to protect your customers. Below are four ways to do so:
Removing your customer’s PII and finding a KYC solutions partner
By not having personal information such as your customer’s ID documents in your servers, you are removing the goldmine that fraudsters are looking for as well as the resources needed to secure that data. Instead, by using an identity verification provider, you can focus on the main thing you are looking for: reasonable assurance that your customer is who they claim to be. To find the right one, make sure you can test how it integrates into your system.
Do not trust. Verify.
Given the convenience of biometric solutions like using your face to unlock a smartphone, consumers have grown accustomed to this type of action. Using biometric authentication saves a user from entering their password again and verifies for you that the person logging in actually is the same user that signed up.
Use tools that help you do your job more effectively
In order for identity verification to serve fraud purposes, it needs to be user-friendly for internal teams to use. For example, Passbase’s Identity Auditor gives teams a visual overview of a customer, such as their supporting documents and access locations to detect suspicious geographies.
Ensure that the KYC solution fits your operations
A KYC solution is only as effective as it can fit into your product and business. This means that no matter which solutions seem best on paper, the best one is the one that can integrate into your tech stack and easy to integrate into your other work tools, such as Slack.
As online transactions continue to grow, your company can differentiate itself as a market leader through its management of users’ digital identities. Find the right solutions partner that can help you think holistically about verifying your users’ identities. Test providers to see how their verification flows feel for your end users, and how the information is shown or passed to your systems for your team to sift through. Ultimately, effective fraud prevention is about creating a robust and effective system that enables your customers to quickly prove who they are, while invisibly screening out the bad actors behind the scenes.
Passbase provides a convenient way for crypto businesses to perform KYC checks through identity verification. You can integrate Passbase into your platform via the Passbase API or with SDKs for iOS, Android, and web.