Anyone doing business across Europe as a regulated business knows that verifying someone’s identity online is quite tricky. At one stage in the process most companies ultimately ask the customer to upload a copy of a passport and a copy of the utility bill before being approved as real customers. A process demanding as much time for the potential customer as it does for the skilled KYC-staff sitting on the other side of the table manually checking each of the documents looking for signed of temptation or corruption before manually uploading everything into the companies back-end systems to prepare for a future audit. I think that we can all agree that this is a rather cumbersome routine especially in a fully digitalized world where signing up to a service is expected to never take more than 5 minutes.
So how can I create a better user-experience for you customers while still living up to the rather stiff KYC (know your customer) and AML (anti money laundry)-regulation?
My recommendation is to build automation. There are lots of tools out there allowing you to send in copies you received and have them automatically by a system or as a back-up manually checks by a clerk before being approved. Even utility bills can be automatically checked to verify the name and address even though it is a bit trickier as there are hundreds of different formats out there so geographical reach is harder to obtain.
When building automation, it is very important not to only reply on material from the customer. Rule number ONE is to always – if possible – use multiple sources of identity. Ideally scenario is to use a truly digital identity like BankID which is almost impossible to temper with. The great benefits with digital identities is that they return a 1 or a 0, e.g. a yes or a no. No ambiguity = great for automation. If no digital identities are present in the country one option is to use Banking API’s to get a verified identity proofing – with the new PSD2-baking APIs – you can use the banks as a reliance authentication of a person. The only thing the person needs to do is to log in to their bank. Interesting for some, and especially from the mobile users, but not for all.
Back to the scanned passport and utility bill. Verifying the passport or ID-card also referred to as proof of identity is the part of the verification process that is mostly suited for automation thanks to the high level of regulation and tight requirements of the documents issued. Use Zignsec’s Online ID-scan to allow the user to easily capture and upload their documents from either a desktop or a mobile. With our online ID-scan we will automatically read the content, verify the authenticity, and return the corresponding data in a structured machine-readable format back to your systems in less than 30 seconds. But important to remember, this step is not without challenges – a ID-document is advanced with many different check points (verify identity), but it is not built to be verified optically with a phone. Fake documents with good quality will pass any online verification step and can easily be bought online (check out http://chfake.com or https://www.fakeid.co.uk/). So, remember not to treat the copy of the ID as a holy grail because it isn’t.
So, now we have used the customer as a source to get a copy of the passport how do we add another source to the equation? Verification of the utility bill also referred to as Proof of address is the hardest piece to automate efficiently and therefore makes a good candidate to solve in a different way. Zignsec’s Register checks are a simple and yet super user-friendly solution for proof of address by entirely skipping the collection of utility bill and rely on local registers for the verification. A nice and very efficient solution when it comes to catch fraudsters. Creating a fake utility bill cost less than €10 but to add yourself to a register is much harder. The challenge for this way of solving the problem comes with the complexity of connecting and maintaining multiple different registers but Zignsec solves that part for you when we use our register checks to verify name, address, and date of birth.
Use the complementary Zignsec fuzzy match algorithm to compare the results from the different sources with a fair level of fuzziness. Inform the customer of the results and directly update your back-end with the KYC (know your customer) information and the references you need in this case verification of identity, address, and date of birth. Now you both have a slicker process making the it quicker and easier for the customer and more secure and less time consuming for you as merchant.