Identity verification is a critical strategy in fighting financial crime, including money laundering, fraud and terrorist financing. It also helps companies meet regulatory requirements and avoid costly fines.
A successful identity verification program requires agile, scalable and 흥신소 customizable solutions that can be used for watchlist screening, identity confirmation and more. This is where identity verification services like Unit21 come in.
Know Your Customer (KYC) Program
Know Your Customer (KYC) is a set of procedures financial institutions follow to identify and verify their customers. It is a key element of anti-money laundering (AML) regulations and a necessary part of any business that handles money or other valuable assets. KYC standards help prevent financial fraud, identity theft, and terrorism financing.
The KYC process is comprised of three components: the Customer Identification Program (CIP), customer due diligence (CDD), and enhanced due diligence (EDD). CIP collects basic information about an individual or corporation, while CDD reveals more about their background. This data is analyzed to detect red flags like connections with designated persons and relationships with narcotics traffickers or gangs, and then verified against state lists.
In addition to ensuring compliance with AML laws, an effective KYC policy helps businesses deliver a frictionless onboarding experience. This can be especially important in mobile banking, where it can lead to a 15% revenue increase for banks. Watch how Public seamlessly onboards new users to invest in stocks, ETFs, crypto and more. The platform uses biometrics to verify identities, helping ensure that it is connecting with real people and not fraudsters.
Customer Identification Program (CIP)
The Customer Identification Program is a series of protocols a company is required to follow in order to verify the identity of customers. This process is essential to preventing money laundering and the financing of terrorism. However, it can be a burden for businesses that must verify the identities of every individual or business they interact with.
In order to comply with CIP regulations, the bank must provide customers adequate notice that they will be asked to verify their identities. This notice can be delivered through a variety of methods, including posting it on the bank’s website, providing it to new customers before opening an account, or sending it by mail.
The CIP rules also require that the bank rely on non-documentary methods for verification of identity. These methods can include contacting the customer; independently verifying the customer’s identity by comparing information they provide with data obtained from sources such as consumer reporting agencies and public databases; or obtaining a credit report on the customer. In addition, the bank must screen for politically exposed persons (PEPs) and adverse media.
Knowledge-Based Authentication (KBA)
KBA adds an extra layer of security to a transaction, helping prevent fraudulent account takeover and identity theft. This type of verification uses knowledge questions that a legitimate user would be able to answer. It can be combined with multi-factor authentication (MFA) and biometrics to provide an even greater level of protection for sensitive information.
Static KBA uses pre-set questions that users choose during the signup process, such as what their middle school was called or what color their car was in 2012. Dynamic KBA generates its own questions in real time based on data that a business has aggregated, including personal and financial information, credit history, and transaction histories.
Dynamic KBA is more secure than static, but can be vulnerable to guessing, phishing, and social engineering attacks because the answers to these questions are often public knowledge or easily inferred from the victim’s social media profiles. Additionally, these types of questions can be frustrating for the user, especially if they are about their family or pets that have died or are sick. This may cause the user to abandon their transaction.
One-Time Password (OTP) Verification
A one-time password (OTP) is an identity verification method that sends a password or access code to a customer’s mobile device. This code can be used only once to log into an account or system, and it will expire in a short timeframe.
Using OTP verification reduces risk for customers and employees by adding an extra layer of security to the login process. This is especially important when handling sensitive data such as financial information, health records, and passport applications.
OTPs can be delivered via SMS, which allows businesses to leverage the reach and familiarity of a trusted channel. They can also be generated with an algorithm that makes them more difficult to guess, and they are valid for a short period of time to prevent attackers from stealing them or using them repeatedly.
OTPs are the perfect solution for organizations that want to offer their users a seamless and secure authentication experience. By combining something they “have,” like their mobile device, with something they know, such as a username and password, companies can drastically reduce the threat of fraud or session hijacking.
Database Verification
The database verification process compares information submitted by a user with data stored in authoritative databases. It can also use a number of different tools and technologies to verify identity, including facial verification and biometrics. It can be used to verify government ID documents or even selfies, reducing the need for businesses to store copies of customers’ personal documentation.
It can also help reduce synthetic fraud, which occurs when bad actors combine real information with fake data to create a record in an authoritative database, making it more difficult to detect. This is why it’s important to utilize a diverse mix of identity verification methods.
Issuing database verification is one example of this, as it allows a business to verify if an individual’s name and date of birth are in an authoritative database. While this can significantly decrease the likelihood of fraud, it is not foolproof. It’s therefore best used in conjunction with other methods, such as a photo-matching tool and liveness detection. A combination of these methods can significantly increase accuracy and ensure that the right information is being verified, helping to avoid fraudulent transactions.