When it comes to fraud prevention in today’s ever-evolving global, digital economy, we argue that an AML risk assessment, along with traditional KYC compliance checks, should be considered just the starting point… and not the finish line.
Article at a glance:
- AML risk assessment and KYC checks alone are insufficient in today’s digital economy, requiring a comprehensive, layered approach to digital identity verification.
- Deterministic data, such as static identity elements, has limitations in revealing true identity, necessitating the integration of probabilistic data and identity insights.
- Leveraging person and device insights, along with probabilistic data, adds value to KYC processes, enables better risk assessment and enhances fraud prevention.
Indeed, we recommend a comprehensive, layered approach to digital identity verification. This is because, while AML checks and the KYC process are good entry points to confirm certain static identity elements (such as name, birthday, address and national ID number) all match, they don’t actually reveal the true identity behind the applicant. This is especially true as more and more financial transactions take place online, where impersonating a digital identity is much easier than in face-to-face interactions. Just look at the prolific surge in synthetic identity theft!
A deterministic approach to identity verification
To truly understand the limitations of AML checks, it is first necessary to explain the limitations of a deterministic data approach to identity verification. Deterministic data is also referred to as first-party data and is information that is known to be true – such as a date of birth. Ultimately, anyone who has applied for a credit card has gone through some kind of deterministic identity verification (yes, usually a KYC check). For example, the static identity element that is a national identity number will deterministically tie an individual’s identity to their credit history. A deterministic approach to identity verification can be as simple as a KYC check and AML check and then, in turn, grow more cumbersome depending on how much friction an institution chooses to implement. Of course, with every level of step-up authentication requested (such as an ID upload or a credit check), clients are likely to drop off.
Therefore, to complement (and scale) this deterministic AML risk assessment and KYC check, financial institutions should invest in flexible, dynamic data that, instead of returning static information, offers a graph built on linkages between dynamic data elements. In other words? Go for the probabilistic approach.
A probabilistic approach to identity verification
Probabilistic data is comprised of individual pieces of information gathered, such as an IP address, and compiled to puzzle together a conclusion about an individual’s identity. In other words, probabilistic data is based on probabilistic behavioral data that can be compiled and linked and analyzed to better determine an individual is who they say they are.
Leveraging probabilistic data pre-KYC. E.g.: When a new user opens a bank app, the first thing they may enter are their identity information – name, mobile, email, etc. A probabilistic name check will verify if a client’s name matches the address, email and phone number inputted.
Meanwhile, a phone check will verify if a phone number and its associated country code is valid and if it matches the name and address provided. However, it’s important to remember that while two-factor authentication (where the institution texts a customer a code) is an important tool for verifying that a client owns the phone number they are starting an account with and whether that individual has access to the phone number, it’s impossible to tell whether or not that person is actually who they’re claiming to be. Therefore, third party name-to-phone linkage data is invaluable in this instance to confirm or deny the connection.
Next, an email check verifies if an email is not only valid but also active, including the first-seen dates and if the registered email name matches the names provided, along with IP address information. This is because it’s impossible to know whether a client owns a specific email address simply by sending a confirmation email to their account. By going further and verifying how long ago an email was registered and whether it’s registered to the name provided, a financial institution can have greater confidence knowing the email account wasn’t just created on the fly by a fraudster.
Leveraging person and device insights to complement KYC processes
Let’s consider a real-life scenario: A college student gets contacted by a fraudster with an offer to instantly receive $500. All the student must do is to open a bank account online and share credentials with the fraudster. The fraudster could then use the account credentials for money laundering. Would a traditional KYC be able to capture such a mule account. In all probability – no. Because the identity information of the student (also happens to be the victim) is genuine. However, real-time data based on person and device insights could help determine that the device id from which the account was opened and the device from which the account is being accessed are different, perhaps even the location. A strong red-flag for an issuer to introduce friction, perhaps even request a visit to the nearest branch. This is a simple, yet effective illustration of how person and device insights can add value to the account lifecycle.
Financial institutions are beholden to the deterministic AML risk assessment and KYC checks, but that should not limit the questions posed to verify a digital identity. Seeking probabilistic answers to questions such as “can I trust this email?” “was this device used for fraudulent activities in the past?” complements deterministic knowledge with true due diligence, providing a risk assessment that enables financial institutions to refocus on the user experience across the customer lifecycle, while remaining compliant and preventing fraud.
Indeed, by going beyond the deterministic limitations of an AML check and incorporating a probabilistic approach, leveraging these additional layers of digital identity verification, financial institutions can be more confident in the identities of their clients.
We are helping financial institutions bridge the gap between deterministic and probabilistic risk by improving the KYC and AML check by first ensuring the client is who they say they are. We do this by providing a risk score of each new client before they are put through the AML check and other regulatory assessment workflow. This not only helps prevent synthetic identity fraud, but it also enables a streamlined, optimized customer experience while reducing the costs associated with manual review.
To learn more about complementing your AML risk assessment with a probabilistic approach – starting with our risk signals – get in touch today.