'Know your customer' is still too reliant on human judgment
As regulations change, each European Union country has its own Anti Money Laundering (AML) Authority regulations relating to identity verification, meaning alternative remote identity checks are possible in some markets.
Performing KYC has, traditionally, been a face-to-face affair. This process of identity verification, which enables banks to ensure that a customer’s payments and other transactions are accurately attributed to that individual, has historically required customers to take paper-based ID into a branch, where a bank representative will judge if they are indeed the same person that is pictured on their ID credentials.
Widely known as in-person KYC, this process is not only inconvenient for customers, it is also questionable from a security perspective. In-person KYC relies completely on the bank representative. Human error introduces opportunities for fraudsters to present tampered ID credentials, for example, or for criminal collusion to take place between the bank representative and the applicant.
As mobile adoption has grown, pressure has grown to find digital alternatives to in-person KYC, particularly as bank branch traffic declines.
The level of engagement that mobile apps can enable is incredible, so the race is on to develop a seamless digital customer experience, particularly when onboarding new customers. Effective remote KYC will provide a competitive advantage.
Videoconference KYC offers the chance to verify the applicant’s identity remotely, but remains dependent on the operator’s human capacity to match the person to their documentation, and also to identify when fraudulent activity is taking place.
While videoconference KYC undoubtedly makes the KYC verification process easier for the customer, it can make things harder for the issuer. The complexity of the process is increased because the operator has had no physical contact with the customer.
Each country has its own technical requirements for videoconference KYC. To maintain security controls are in place and tampering with the image quality will lead to rejection of the application and require the customer to visit a store.
Both face-to-face and videoconference KYC depend on a weak point in the verification process: the human validation of the applicant’s identity.
One mitigating step is to implement automatic biometric face recognition within videoconference KYC. This has serious potential. It can combat many of the model’s security frailties and enable banks to embrace this model as a steppingstone toward the delivery of a fully remote KYC solution.
This process utilizes automated controls for identity verification and provides the highest level of convenience for customers.
By replacing human judgment with other identity technologies, higher levels of verification accuracy can be achieved in a fraction of the time. The lack of regulation, however, coupled with regional variations in this area, is making the industry reluctant to engage, meaning that live implementations of secure, seamless and fully remote KYC remain scarce.
In all cases, the introduction of automated biometric verification technologies is the key to making KYC faster and more convenient for customers. For each model, technologies such as digital face and fingerprint recognition systems can provide additional security, either by replacing the operator’s judgment entirely or by confirming their judgment and alerting them to anomalies that may otherwise have gone undetected.
A face matching score can be used as a risk indicator during videoconference KYC, for example. If the matching score is low, the bank representative could ask the applicant to produce additional forms of ID. Conversely, if the score is high, the identity verification process could be streamlined. Furthermore, the validation will be completely transparent for the users, improving their overall service experience.
The sophistication of biometrics technology is increasing rapidly and is now widely accepted by customers, gradually removing the need to remember strong passwords.
From September 2017, TSB will be the first bank in Europe to use retina scan technology to allow customers to access online bank account details. This new technology could be seen as risky and consumers will inevitably be concerned about the safety.
Hacking the system is not impossible. Indeed in May, the Chaos Computer Club in Germany posted a video showing that it could fool the retina scanner using a photo and a contact lens. Clearly investment in friendly hacking must continue if consumers are to be kept safe, but nonetheless, it is proof that the technology is now becoming mainstream in preventing massive identity theft attacks.
New biometrics technologies are in constant development and, over time, will become increasingly accessible to the consumer.
Fingerprint scanners, for example, are evolving to map the whole hand, not just read the fingerprint. Comparatively, the finger is a small area, and when combined with the vein structure another layer of security can be established. Hackers recently proved they could hack the fingerprints displayed in celebrity photographs. Such a move would be far more difficult to recreate if the celebrity’s fingerprint had to be combined with their unique vein structure.
This type of payment authorization technology, known as naked payments, is already being trialed in Chicago where palm secure touchless readers use infrared to take a photo of the vein structure to enable consumers to pay for items such as their morning coffee or newspaper. This removes the need to carry cards and cash as well as your mobile phone.
There is little doubt that the deployment of biometric readers in bank branches would surely help combat in-person KYC fraud. However, it remains expensive and in many ways fails to answer the remote access needs of today’s digital customer.
If banks are already trusting remote biometric technology to authorize payments and account access, why should it not also be used as a form of fully remote KYC? Here, the customer’s biometric verification takes place on their device and requires no human validation. In this model, the possibility for human error is mitigated and the desired remote customer experience can be achieved. The complexity of this solution lies in the verification of the ID document itself.
To answer the needs of an increasingly digitized customer base, there must be a fully mobile and digitized service experience, one that includes a fully remote ID verification process.
This will not happen overnight, however. In the meantime, videoconference KYC can provide an interim solution which, despite being cumbersome to manage from the bank’s perspective, could reduce time-to-market.
Biometric verification technologies are key enablers of digital and remote KYC and can be used to replace or augment KYC processes that depend on human judgment.