By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

Cybersecurity: KYC and its Procedures

LinkedIn Logo
X (Twitter) Logo

Cybersecurity: KYC and its Procedures

Whether you open a newspaper, look at the news, read a newsletter, open a new account here or there, make online purchases – I repeatedly notice: Every information transfer and offer which we have become accustomed to over the course of time is available to the same—or even greater—extent, and growing exponentially. Furthermore, things happen very quickly – as processes adapt to requirements. Whilst children of the 90s went through a bank account opening process via post that lasted several weeks – like the generations before them – it is normal for millennials to open a new account between two bus stops on the way to school. All by smartphone, of course. Whether this sounds exciting to some or insanely boring to others – what we often forget is that we effectively move about online in public! This space is by no means without laws – even if it often feels like that. But how should companies comply with regulations and still provide the short-term processes required by their customers? The KYC (“Know Your Customer”) area need be considered more closely, because everything depends on it.

KYC - a brief inventory

"Know your customer" describes—in the broadest sense—an identity check, the principle of verifying the identity of customers before transacting with them. Thus, a KYC process can ultimately be understood as a superordinate term that includes various due diligence and compliance checks. While these processes remain optional in some business areas and companies, regulated sectors—such as the financial industry—are legally obliged to integrate the KYC principle into their onboarding process, especially regarding online applications. This is not surprising – the world has changed, customers no longer come to the branch and present their original passport, everything happens online, and 90% is checked by computer systems. The deeper meaning behind it all: fraud prevention!

In addition to KYC, “AML” is another industry buzzword. AML stands for "Anti Money Laundering" and looks at means of preventing money laundering. This includes criminal activities such as the funding of terrorism, trading in illegal goods or any kind of corruption. KYC and AML processes thus protect us all. In short, it ensures that  there is a sufficient amount of data to determine whether an online transaction is legal or not. However, to accomplish this without endangering the protection of private data is an almost impossible balancing act. This is exactly why I advocate intelligent digital identities! It protects the privacy of the individual as much as possible, but in the event of fraud, detailed data can be disclosed to the authorities. Investigation processes are shortened and the clearance rate increased. The basis of a secure digital identity are innovative KYC processes – so I would like to introduce you to the most modern processes for online personal verification here in this blog.

Overview of the KYC procedure

Let’s now take a closer look at a few selected KYC procedures. First of all we should mention in advance that there are always consumers who consider legitimation checking procedures to be a nuisance. However, they should consider themselves lucky that we have these options available. Online identity theft has become a serious problem, but we can counter it with secure KYC procedures. So let's delve a little more into the matter, because apart from the more well-known video identification, there are numerous other possibilities. Some of these are listed below:

1.    Sanction checks

In the course of this process, possible matches between a user profile and the database of politically exposed persons (PEP) are compared at multiple speeds. In addition, an automatic check is carried out to determine whether organizations and / or persons have already been connected to fraud and therefore represent an increased risk of fraud.

2.    Modern review of official documents

As a rule, various cross-checks are used to check the authenticity of identification documents (e.g. ID cards or passports). This enables cross-references to different sources to be created automatically and personal data (such as from microchips, barcodes, photos, etc.) to be evaluated.

3.    Biometric face analysis

Technological progress in the field of facial recognition has created one of the most forgery-proof methods of personal identification – and this on the basis of images and videos: Recordings of faces can now be evaluated using over 20 data points in 2D images and over 100 data points in 3D images.

4.    Address validation

Identification and verification of address data are often carried out in a multi-layered test procedure: First, the personal address is determined, extracted and checked on an identification document. This address is then verified: It is compared with the data of an official document that the respective person also transmits – e.g. a current electricity bill or a bank statement.

5.    Site verification

It is now relatively easy to determine if the specified locations or addresses are genuine – almost everybody can be found online. This often involves checking the corresponding IP addresses with which a connection was established. In this way, it can be recognized directly during the online application whether the actual geo-location of a person corresponds to their specified address data. If this is not the case—or if users use a browser that manipulates their IP address—a warning appears.

Forensic Data Analysis

A forensic data analysis checks if the submitted documents are authentic. This examination is applied at several levels for each type of document or paper: metadata reviews, checking for the use of image and clone stamping tools, and examining texture, visual noise, or contrast. As a result, attempts at fraud and forgery by photo editing software or digital distortions are recognized and successfully averted.

Conclusion

As you can see, there are many different ways to prevent fraud when it comes to KYC – and these are continually evolving. At the same time, security standards are improving, and are based not only on regulatory requirements, but also on consumer usage behavior. Thus, these are by no means annoying ordinances through regulations, but rather a real opportunity to positively shape the digital age! Protection against cybercrime is of central importance, and it is therefore absolutely necessary to initiate an educational transfer of information in order to construct KYC procedures even more effectively. We all expect maximum comfort and demand unrestricted freedom online without endangering the protection of our identity. For this it is immensely important that we do not come into contact with fraudsters on the Internet due to inadequate KYC test procedures. Here, too, the blockchain will certainly draw more and more into focus in the future: the creation and protection of digital identities must be our goal – for the benefit of a secure digital world in which the privacy of everyone is optimally protected!