Finding an effective way of addressing the risks of digital interactions without compromising the customer experience has never been more timely or important.
Traditional Know Your Customer (KYC) checks based on static data are no longer enough to mitigate risk and establish the right level of trust.
Similarly, recent regulatory requirements for processing payments online underscore the need to adapt controls to a digital environment.
Quick, non-intrusive, multi-layered checks that use a combination of mobile, email and device data can help organisations build processes that balance a smooth customer experience with protecting all parties from fraud and financial crime.
Creating a friction-right customer experience
Whether applying for a loan through your website or changing address details on a smartphone app, every customer presents a different risk as part of the digital journey. That’s why it’s vital to implement checks and balances that aim to protect individuals and your business against fraud and financial crime — without jeopardising fast access to services.
In essence, your process needs to be “friction-right” — meaning putting in place the right level of KYC and anti-money laundering (AML) checks for customers to feel safe about transacting with your brand, but not so many they find the application or transaction burdensome.
Why traditional KYC checks need an upgrade
As the digital era continues to evolve, traditional KYC factors like addresses become less representative of an individual and can quickly become outdated.
The checks and controls used to understand risks and protect against fraud need to keep pace with how we live and work. The world is a global village, allowing us to move from one opportunity, city or country to the next.
We’ve already seen a shift in regulation introducing the digital-focused Strong Customer Authentication (SCA) requirements as part of PSD2 regulations for processing payments. The deadline for enforcement by UK business is 14 March 2020 for online banking,14 March 2021 for card issuers, payments firms and 14 September 2021 for online retailers.
One approach organisations have taken for applying SCA is to implement one-time passcodes (OTP). However, this can be costly to implement and comes with its own risks.
The use of email addresses for authentication can also create significant risk as they’re freely available to fraudsters and quick to set up. Vulnerable contact points like these could contribute to the increase of account takeover fraud (ATO) which reportedly represents 89% of digital fraud losses.
SIM-swap scams are another growing challenge the industry needs to address. The Government Communications Headquarters (GCHQ) has advised banks of the risk of verifying payments by SMS. However, layering other checks, such as mobile risk assessments or device intelligence checks, can help mitigate against such threats. SIM-swap scams have reportedly cost UK bank customers more than £9.1 million over the last five 5 years.
Using digital intelligence data to know who you’re really talking to
Being confident you have the right contact details for the individual you’re engaging with and they can be trusted is crucial. So, how we do know the applicant or customer really is who they say they are?
Email, mobile and device data can provide a deeper level of insight as part of a holistic check.
Confirming ownership of the phone or gaining a better understanding of the validity of an email address is a crucial first step, quickly followed by ensuring no critical risk factors are at play.
Ask whether your current KYC processes answer these questions:
- Is the phone switched on and available?
- Is the phone roaming outside the UK/Is the location different from where the device is being used to transact?
- Has a SIM swap recently taken place or is there a redirection on the phone?
- How recently was the email address set up?
- Is the email mailbox full?
- How often is the phone or email being used to make applications/transactions?
- Is anyone else linked to these contact details?
If there’s uncertainty around these questions, you could be exposing your business and customers to sophisticated fraudsters.
Device data and digital identity
Combining insights from a consumer’s email, mobile and device data can give you a more comprehensive understanding of their digital identity — in real time. This allows your business to input the right level of protection among good customers and deter criminal activity before any real impact occurs.
TransUnion’s Digital Intelligence suite of services is designed to help organisations address these challenges. Our recent enhancements to the trust suite solutions, including Mobile KYC, can help you:
- Protect against fraud
- Comply with regulations
- Meet customer needs throughout the lifecycle of customer engagements.