Table of contents
- How to Make Automated KYC Part of Your Cybersecurity Policy
- Ways in which automated KYC can pair with your cybersecurity policy
- How Including KYC measures in Verification Process can help?
- Automated KYC = cybersecurity
- How Idmerit can help?
Cyber threats have become part of everyday life for individuals, governments and organizations. Traditionally, cybersecurity was limited to antiviruses and firewalls. In recent years, we’ve witnessed the advent of cloud protection, ransomware and malware protection and even identity protection to keep you anonymous online. As cybersecurity increased, so did cyber threats. With the cyber threats outpacing protection, it has become clear that cybersecurity could no longer be limited to firewalls and antiviruses.
Knowledge-Based Authentication (KBA) reached its limits in the finance industry. Internet usage meant more personal information was available online, and cybercriminals now had easy access to KBA answers. The pandemic made matters exceedingly complicated when millions of businesses started or moved online. Now individuals weren’t the only victims. Entire corporations and small businesses were under attack from cyber threats. However, cybercriminals weren’t the only problem. When financial transactions went digital, so did money laundering. And when it was discovered that a bank in Germany was involved in the Panama Papers Scandal, anti-money laundering policies were overhauled for a more global approach. Know Your Customer (KYC) and Know Your Business (KYC) became the staple requirement for customer onboarding in financial institutions.
How to Make Automated KYC Part of Your Cybersecurity Policy
Combining KYC with cybersecurity was not initially the goal when the finance industry and government agencies took action against money laundering. For banks and other financial institutions, the KYC verification process ensured that customers cleared all the essential customer due to diligence security checks during customer onboarding.
But in PwC’s 2020 Global Economic Crime and Fraud Survey, findings showed the number one and two types of fraud in most industries were customer fraud and cybersecurity, respectively. This survey indicates that the KYC verification process failed somewhere during customer onboarding. Despite companies beginning to invest in more robust cybersecurity measures, the onboarding process remained virtually, pun intended, untouched. Companies were treating threats as one-off instances and only treating significant threats rather than a proactive approach to all potential leaks.
New KYC verification solutions must be implemented across the board for industries at risk, such as healthcare e-commerce. Basic customer due diligence needs to broaden its scope to include industry employees and customers of businesses. Customers and employees are the primary sources of risk, whether voluntarily or involuntarily. Implementing security measures at key touchpoints in the onboarding process can significantly improve your KYC verification process.
By pairing cybersecurity with automated KYC systems, you protect your system, employees, customers and all stakeholders from potential bad actors within the system. Customers are vital to the survival of your business, and their security should always be a priority, but customers also don’t want lengthy ID validation processes. Sadly, the result of protecting customer relations is ignoring Know Your Customer’s Customer (KYCC) when dealing with business entities.
Enhanced due diligence was implemented to restructure the finance industry identity verification system and improve KYC verification solutions. It included AML/KYC verification that went in-depth for ID validation but lacked a comprehensive e-KYC policy. This incomplete policy was due to enhanced due diligence targeting only at-risk customers while still ignoring employees and KYCC.
Due diligence should not be restricted to just customers but should apply to all entities that access your system. Spending millions on cybersecurity and KYC won’t reduce cyber threats if your KYC verification process demotivates customers, ignores KYB and KYCC, and settles for basic ID card verification. Cybersecurity investments should involve faster and seamless automated KYC integrated with AML compliance and cybersecurity checks.
Here are a couple of ways automated KYC can pair with your cybersecurity policy:
Increase Cybersecurity and KYC Knowledge and Awareness
In PwC’s 2020 Global Economic Crime and Fraud Survey, lack of knowledge and awareness of the sources of fraud was the main perpetrators behind individuals, businesses, and industries taking the wrong approach with cybersecurity. Statistical and other research sites showed a common thread of mismatched assumptions and poor cybersecurity execution. Lack of up-to-date available data was not the problem as government agencies and research institutions constantly monitored the cybersecurity threat indexes. The problem was that businesses preferred to leave cybersecurity to in-house IT teams who 37% of the time, according to the PwC Survey, are the perpetrators themselves. Failed employee onboarding practices could increase that number, and when 34% of that number are in managerial positions, your entire IT team could end up working against you.
Banks made great strides in this direction when they campaigned for PIN protection. Still, customers interpreted it as credit cards being vulnerable, whereas, in reality, their personally identifiable information was at risk. Create an education campaign to enlighten the customer on why you need to validate IDs, what will happen in the KYC verification process, and how this identity verification system is protected against internal and external threats.
Businesses should use available industry data and go deeper into employee and supply chain risks by asking more prudent questions during the onboarding process. Consulting with outside security experts on building, onboarding, and monitoring their in-house cybersecurity teams would create an added layer of protection.
Improve Data and Documentation Management
Phishing using Business Email Compromise (BEC), ransomware, and false documentation has surged during the pandemic. CEOs and other key decision-makers were the major targets of these attacks. Though the pandemic has created opportunities for cybercriminals to thrive, part of the blame can rest on business owners and managers. Many businesses did not think digital transformation would necessitate added digital security measures or e-KYC education for staff.
Businesses assumed the pandemic wouldn’t last long. They also did not see these systems as a necessary expense or financially viable investment. Old habits of minimum due diligence coupled with blind trust and lackluster document screening allowed CEOs, CFOs, and other key signatories to be blackmailed and conned out of 42 billion dollars in the US alone.
Businesses are tasked with building the adaptability to react prudently when under cyberattack, create a strong defense against future cyber threats yet develop an automated KYC process that can assess employee, suppliers, and customer onboarding risks. In tackling all those strategic areas and securing the data and documentation associated with the onboarding process, businesses, banks, and even large corporations tend to lose control of one or two of these areas.
Documentation and data security generally suffer as the process is either archaic technology or by hand. Introducing artificial intelligence (AI) and machine learning technology allows businesses the flexibility of quick access and updates with the security risk assessment and identity verification API to analyze documentation in real-time. AI and machine learning give your KYC verification software the ability to problem solve, adjust and automate customer onboarding.
Invest in Biometrics Screening for Mobile ID Verification
Increases in mobile users seem to have slipped unnoticed by some industries. Mobile ID verification is almost unheard of outside the finance industry and usually entails only verifying your phone number. The actual use of smart devices as part of any identity verification system is practically non-existent. Cellphones and other smart devices come with many security features that make stealing them not worth the jail time. Attacks to a cell phone can only happen as with any other secure digital device, with the owners’ permission. This invitation to attack is often done by opening random emails, visiting shady sites, or unwittingly providing personal information. With such a huge gap, it is no surprise hackers choose to attack mobile services providers or weak mobile developers.
Companies like Verizon and Apple believe that they are too large to experience a breach. But since we know and Apple and statistics have proven that breaches can come from internal sources, businesses ought to defend against mobile access and KYC verification process loopholes. Android phones have built-in security keys to protect the owner’s information and device. Most smart devices have biometric scans for fingerprint, facial characteristics, and voice for mobile ID verification. Companies use biometrics for restricted area access. Interlacing biometric restricted area access protocols into AML/KYC verification for corporate mobile users can save CEOs billions from cybersecurity attacks.
Social media platforms collect vast amounts of demographic and behavioral data on their users. Any online database can be used to fact-check a customer’s identity and documentation. By adding this step as part of your company’s automated KYC process, your company will be decreasing the opportunities for fraud and cleaning up your onboarding process.
Behavior Monitoring in KYC Staff Training
Years ago, the role of KYC professionals was not clearly defined and constantly changed. From being entry-level and making simple data inputs and physical checks to risk assessment and evaluator to the key decision-maker. KYC staff was unclear on their next evolution and how their role impacted its cybersecurity mandate.
In the beginning, KYC staff were required only to identify customers who were at risk during onboarding. Even the most stringent HR policies did not consider employee onboarding, supply chain, or support services onboarding. Several years, a few scandals, and 42 billion dollars later, it is apparent KYC staff training would need to hit next-level status and have a massive technological backup to achieve some semblance of onboarding success. KYC staff cannot be asked to identify fraudsters without the relevant cybersecurity training or technical support. Every year your KYC staff doesn’t get efficient KYC verification process retraining. They are being outclassed and outmaneuvered by evolving cyber threats. You create an internal problem that you don’t screen and monitor your KYC team every year.
Training KYC staff and verification system updates cannot be a budget opt-out in challenging economic times. As we’ve seen in the pandemic, it is in these tenuous moments that cybercriminals are most active. And it is in this high-risk era that you should reach out for expert consultation on automated customer onboarding best practices, behavior monitoring, and KYC verification software.
Keep an Eye on B2B Operations
Know Your Business (KYB) is as vital as KYC, and Know Your Customer’s Customer (KYCC) is equally important when dealing with small to medium enterprises. When engaging with established corporations, businesses and banks, assume everyone is doing their part for AML/KYC verification. For businesses, your onboarding process should be stricter than onboarding a customer. Whereas a customer will always be a single entity, companies can evolve into their entity or multiple entities held in trust by a single person or corporation. A business’s weak onboarding process can affect bank signatory access, and their cybersecurity issues can immediately become yours.
How Including KYC measures in Verification Process can help?
Include KYCC measures in your KYB verification process by reviewing their data protection, cybersecurity practices, and onboarding process. Learn more about critical decision-makers, silent partners, suppliers, and investors. Remind your new B2B client of the risks of non-AML compliance on both ends and educate them on new cybersecurity threats as part of ongoing customer relations. Help your new B2B customer protect their investment through KYCC policies while building a lasting partnership against bad actors.
Automated KYC = Cybersecurity
When one speaks about cybersecurity products or protection, KYC isn’t what comes to mind. Reactive measures like firewall protection and antiviruses are what one thinks of when discussing cybersecurity. Nevertheless, automated KYC has proven to be a proactive means of tackling cyber threats.
As with all processes, for automated KYC verification to be successful, strict implementation enhanced due diligence and data management are needed. KYB and KYCC can’t be on the back burner of any KYC verification solutions. Neither should corporate leaders use mobile ID verification solutions or other technological advancements. KYC staff training should be treated with the same importance as B2B customer onboarding and include the supply and distribution chain.
There is a lot of work to include automated KYC as part of customer onboarding best practices. Companies need solid identity verification systems, and many need to update outdated hardware. The pandemic has shifted the security paradigm, increasing cyber threats while decreasing economic activity in some industries. Customers need data protection and education on the KYC verification process. And through it all, your KYC team will need to be on top of the latest trends and threats.
How Idmerit can help?
For even large established corporations, that is a daunting task. Corporations have tried in-house KYC verification solutions but lacked the human resources, interest, budget, or infrastructure to upkeep the process. Even the banks on their own cannot handle all the KYC requirements without outside assistance. IDMERIT’s IDMkyX platform of services gets your business AML compliant using automated KYC practices.