KYC: How we avoid fraud at JO1N

Photo credit: Tingey Law Firm on Unsplash

Almost every aspect of our everyday lives is becoming more convenient as everything has shifted to digital nowadays.

Previously, there were only banks or FX shops to deal with finance-related operations, which at times would include extremely long waiting time. Now, giving our personal data for the sake of convenience and time saved. For example, there is no need to go and sign documents in person, visit bank branches and have an appointment to get credit. Both parties bear risks, however, modern technologies help to streamline these processes.

The government doesn’t require any specific KYC checks or a proper flow for user verification. Still, this is in the best interest of JO1N to avoid any fraudulent activities. Given there is a limited number of vendors suitable for our business needs, we had a strict selection process by choosing a few different kinds of providers. So, to eliminate various regulatory and operational risks, JO1N required two solid partners that would take over (1) KYC and (2) credit reference data aspects of our business.

Before we delve into the most interesting part of the article it is good to define the terms:

  1. Know Your Customer/Consumer (KYC) is the procedure of a business verifying the identity of its clients. Basically, during this process, financial institutions are assessing potential risks of criminal intentions for the business relationship. 
  2. Anti-Money Laundering (AML) fights against money laundering that is used in illegal arms and drug trafficking, financing terrorists, and in the proliferation of weapons of mass destruction. 
  3. Credit reference/scoring companies create and keep hold of your credit reports. They gather information about your credit history, and put this into a credit report and calculate a score for you based on this information. There are types of credit scores available: traditional which is obtained from open sources and Open Banking, which requires customers providing consent to access live banking data information.

Few reliable credit reference data providers allow obtaining data identity verification products that allow consumers to demonstrate their employment, income and job security. Through a single API call, JO1N can instantly verify the stated income of a prospective customer. By taking the stated yearly or monthly income, either in a gross or net format, those providers can instantly match its validity from the customer bank account in seconds. This feature allows lenders to be truly confident of an applicant’s stated income, thus decreasing the level of fraud for both parties. In a similar fashion to verifying income, we are also able to verify personal information on a consumer so lenders can be sure who they are dealing with. By taking the name, address and date of birth inputted by a consumer, our providers can then pull the consumer’s account number and sort code from Open Banking and through its partnership with traditional credit reference agencies check that the bank account being pulled matches the name, address and date of birth held at the credit reference agency. This ensures lenders can be certain who they are dealing with in 100% digital journeys.

JO1N’s integration with such vendors is an integral step in acquiring the tools we need to continue to provide flexible financial products to customers. Real-time Open Banking insights are crucial in providing fairer credit for all by securely sharing buyers’ financial information with their selected provider, thus promoting fair competition and responsible lending practices. There are enormous marketing and profiling opportunities available from this kind of information. Bank data allows us to treat our customers individually, according to their circumstances, and to ensure a better experience for everyone. Internal research shows that open banking information wins in 76% of cases when the parent company has open banking data. 

Fraudsters never sleep and will attack all companies. When operations go down at a start-up company, we might be left scrambling to deal with a wide range of costly consequences: lost productivity, brand damage, data loss, SLA pay-outs that allow criminally minded individuals to create accounts and perform illegal activities. The good news, some companies are willing to help and offer services to eliminate that kind of risks.

Possible checks of KYC:

  1. Identity check uses the photo of the real document recognizes data on it and checks if it is authentic and that it belongs to the user. 
  2. A liveness check is another way to prove identity. On some steps of the onboarding, customers are asked to provide a photo or video evidence of themselves. During this process, the end-user needs to do some random actions – say the custom expression, move his/her head from side to side, move their eyes, and so on. The basic requirements are being in a quiet place, good lighting, and being the only person in the video. 
  3. Proof of address helps prove that the user belongs to the place that she/he had mentioned. Usually, the user needs to send some actual bills (utility bill).

Here’s a list of the key points within vendor selection that we took into account when choosing the right ones:

  1. What documents are you going to accept your checks? 
  2. What KYC and credit data are critical to check or required by law? 
  3. What countries do you plan to operate in? 
  4. Do you want to be able to change different settings for the identity check in different countries? 
  5. What are the non-functional requirements for the check?
  6. Is the product going to work only with individual users? 
  7. Are you going to have only mobile solutions or you are going to have web apps for the product with the same stack of functionality?
  8. How does the provider check the identity and credit data of the user on their end?
  9. What countries is the KYC vendor working in? 
  10. Does the provider do KYC and AML using their resources or do they have partners? 
  11. If you develop a mobile application, does the vendor provide SDK for mobiles? 
  12. How customizable is the SDK? 
  13. Does the provider have an API for mobile and web applications? 
  14. Can the API and the SDK of the same vendor be used together for the mobile application?
  15. How many developments environments do your vendor have and are they free? 
  16. Does the vendor have full SDK and API documentation of a production environment?

Closing points

If you select the regtech and credit vendors, and you think that you’re good to go … surprise mother flowers! If you are using a few providers, you need to orchestrate them and sync. Kafka would be your best tool for streamlining the requests. But remember, now you have another issue: compliance and support teams.

Fraudsters are intelligent, always trying to outsmart the system. They use different numbers, documents emails, names and other tools. KYC and credit rating vendors are just the beginning of our journey to the exciting world of Fintech. Hope this article can serve you as a good base of knowledge on the security of the services you use.

JO1N us and be safe about your data ‍