In a world where individuals can create many digital and synthetic identities, strong online identity verification and authentication services and know your customer (KYC) processes are becoming exponentially more important to organizations. When implemented correctly, these tools drastically reduce fraud rates.
To talk more about the importance of identity verification and KYC, PaymentsJournal sat down with Dean Nicolls, VP of Global Marketing at Jumio, and Tim Sloane, VP of Payments Innovation at Mercator Advisory Group.
Protecting the Ecosystems of Businesses with Online Identity Verification
PaymentsJournal Protecting the Ecosystems of Businesses with Online Identity Verification
Quickly Connecting Online and Real World Identities is a Must
In today’s digital world, it is important to be able to quickly and accurately connect a person’s online and real-world identities. Traditionally, fraudsters would enter another person’s credentials, such as their name, address, and Social Security number, to perform functions like opening a bank account. Of course, it was not legitimate because they were not who they claimed to be.
But modern fraudsters have evolved alongside rapid digital transformation, and no longer exclusively steal a person’s identity as a whole. They can also cherry-pick what they want in order to create a synthetic identity, adding a new layer of complexity in preventing identity fraud. Even more alarmingly, cybercriminals have taken advantage of the rise of e-commerce amid the COVID-19 pandemic to commit more fraud.
A Government ID with a Corroborating Selfie: A Better Way to Verify Identity
Jumio’s groundbreaking end-to-end identity verification solutions require users to provide a copy of a government issued ID – a passport, driver’s license, or ID card – as well as a selfie taken with a webcam or smartphone. This is a seamless way to ensure that their identity is legitimate and authentic and that the person in possession of the ID who they claim to be.
Further, informed artificial intelligence (AI) is leveraged to automate as much of the process as possible. This includes performing 20 different kinds of checks against the ID to make sure it’s legitimate and matching the selfie with the ID in less than 30 seconds.
An extra layer of verification is liveness detection, which determines that the individual is actually physically present and not simply holding a picture or using a video to circumvent the selfie requirement. By layering in liveness detection, companies can have a much higher level of assurance that the person is not attempting to commit fraud.
Assuring Data Security during Customer Verification
Of course, some customers may be wary of the security implications of taking a photograph of their government ID and sending it with a selfie. But the level of data security that Jumio has while managing and storing data is high because of key trust assurances already in place:
- Data Encryption. “All the data is encrypted in transit and at rest, meaning that as soon as the picture is taken and sent over the internet, it is encrypted in transit, when it is stored, and as it’s evaluated,” explained Nicolls.
- PCI DSS Compliance. The Payment Card Industry Data Security Standard (PCI DSS) is generally thought of in terms of vendors that handle credit card information, which are required to be PCI DSS compliant by being vetted by a third party that audits operations. Jumio’s entire operations are audited by a third party to meet encryption standards for data protection, making it one of few compliant providers.
Further, already existing forms of authentication are insecure in comparison. For example, commonly used knowledge-based security questions, which ask about things like a mother’s maiden name or the make and model of a consumer’s first vehicle, are no longer effective due to data breaches — a lot of the answers to these “secret” questions have already leaked onto the dark web.
So even if customers are giving up some perceived privacy by providing a picture of their ID and a selfie, it is in their own best interest to do so to prevent fraudsters from entering accounts that would otherwise be poorly protected by weak forms of authentication.
KYC is Key to Strong Authentication
Know your customer (KYC) processes were introduced nearly two decades ago, but have just recently begun to shift largely online. KYC and eKYC (electronic/online KYC) processes are used to verify the identities of customers, perform due diligence, and determine risks individuals present in terms of illegal activity and potential financial crime.
COVID-19 has accelerated traditional banks’ shift away from reviews where individuals manually check IDs, especially as many branches have closed indefinitely and thus cannot onboard new customers in person. Those that had strong eKYC processes in place prior to the pandemic are in a better position to seamlessly onboard new customers.
“eKYC is allowing a much faster, more automated, and more secure and reliable method of knowing your customer than the way it’s been done in the past,” said Nicolls.
The Takeaway: Strong Online Identity Verification is Not Optional
Websites in a breadth of industries, from payments, to online dating, to gambling, want to have higher levels of assurance and digital trust. An end-to-end identity verification solution makes that possible. Companies can measure the quality of service of an authentication service by answering two key questions:
- How well does it let good actors in?
- How well does it keep fraudulent actors out?
With strong authentication services in place, companies can make sure their ecosystems aren’t polluted with fraudulent accounts created by bad actors – while ensuring customers have a smooth and simple onboarding process. In other words, the solution needs to be loved by users and loathed by fraudsters.
For more information on eKYC compliance, complete the form below to download Jumio’s new guide.