KYC (Know Your Customer) is arguably the most crucial part of validating a customer’s identity while establishing a new financial relationship. Largely dictated by overarching FATF guidelines worldwide, KYC practices may vary by country based on unique identification sources and the maturity of digital infrastructure to automate operationally heavy processes. Nevertheless, the common objectives of KYC are to:
- Establish the identity of a customer and confirm that an applicant is indeed who they claim to be
- Assess money laundering risks associated with the customer
- Evaluate the nature of a customer’s financial dealings to determine their legitimacy
KYC violations could prove costly for an organization. Apart from the financial losses caused by identity theft and reputational damage, such violations attract hefty regulatory penalties.
Effectively addressing KYC requires the correlation of PII data gathered from disparate sources based on a common key—the customer’s phone number.
Challenges Posed by Fragmented Identity Data
Fragmentation of identity attributes across various identity data sources—both government and private—is the most significant barrier to foolproof KYC. Additionally, most legislative data sources store static and potentially stale data, resulting in false outcomes of KYC assessment. Due to the possibility of stale and inconsistent data across sources, organizations force customers into cumbersome authentication and verification practices. In the absence of a reliable single identity source in most countries, organizations face the difficult task of connecting to multiple sources.
Apart from creating massive operational overheads, this scenario also creates a negative customer experience.
While organizations that are not heavily regulated may adopt simpler KYC practices validating against single static data sources (known as 1+1 identity verification), those that have pronounced regulatory oversight (such as financial services and healthcare) require stronger identity validation against multiple authenticated, in-country data sources carrying a diverse set of identity attributes (known as 2+2 identity verification). In order to fulfill a 2+2 request, the company will have to check a minimum of 2 different identity sources.
With the accelerated migration to digital—specifically mobile—that has been observed in the past few years, the phone number has become a primary identification key for most public and private services. The phone number is also a key identity attribute in several legislated data sources. While legacy identity verification methods rely on traditional identifiers, modern methods call for using the phone number as a unique identifier due to its omnipresent nature and the richness of intelligence it provides by potentially connecting to a diverse set of data sources. With appropriate orchestration, this enhanced possibility also helps improve the accuracy of 2+2 verification methods. In addition, the correlation of phone number to PII data such as name, address, date of birth, and email address ensures phone number ownership, a critical first step to preventing identity takeover in the KYC compliance process.
Prove’s Identity Verify™ and eIDV products support phone number ownership verification and electronic identity verification for KYC, respectively, leveraging verified data sources. Designed to be consumed as simple APIs, Identity Verify matches the phone number to name, address, date of birth, and email address. In contrast, eIDV matches input PII data (not necessarily with a phone number) with the data stored in a verified database. eIDV provides the additional configurability to invoke a 2+2 verification depending on the scenario. Additionally, with the built-in capability to connect to multiple data sources, Identity Verify and eIDV APIs serve as a single gateway for identity verification, thereby simplifying the KYC process and making it highly secure and efficient.
Several countries are now actively working towards rationalizing identity sources, streamlining verification methods, and implementing digital identity frameworks to break the barriers of trust between transacting parties. However, privacy and protection of consumer data are valid concerns. By employing a zero-knowledge framework, Prove can answer clients’ questions of whether their customers are who they say they are with either a Y/N answer and a score without having to pass additional and unnecessary attributes that could compromise clients’ commitment to consumer data privacy.