KYC: How to Avoid Fraud in Fintech App

Despite the many positive experiences financial software can bring and the profits it can generate, the best way to eliminate its biggest downside has yet to be invented. People are ready to give financial institutions or branchless banks their money without visiting the official branch. On the other side, banks are ready to open an account for a person they have never seen before. The risk from both sides is enormous.

On September 10th, 2024, I, as a fintech expert and the CEO of DashDevs, a development agency, gave a speech on the importance of KYC at a Seamless Europe panel. At that conference, we confirmed the importance of Know-Your-Customer (KYC) and Anti-Money Laundering (AML) measures for combating digital fraud and identity theft.

There was a 39% surge in suspected digital fraud attempts from 2019 to 2022 and a 73% growth in identity fraud cases in 2023 compared to 2021. If fintech is the pinnacle of digital evolution in the financial market, then identity fraud is the toughest enemy this software has to face.

So, what exactly is KYC? How does KYC identity verification work? And what KYC requirements for corporates exist? In this article, I will answer these and other questions based on my experience in fintech and KYC solutions development.

What are AML KYC Procedures

Know Your Customer is the procedure by which a business verifies the identity of its customers.

The process allows financial institutions to assess the potential risks of criminal intentions for business activities. KYC screening focuses on limiting anyone identified as a politically exposed person (PEP), sanctioned people, cyber criminals, and fraudsters and preventing fraud.

KYC verification first verifies the customer’s identity. In other words, an organization that intends to provide services to a customer ensures that this person is who they claim to be before actually providing services.

Anti-money laundering, in turn, is a set of specific regulations that prevent the use of money obtained illegally.

To prevent fraudulent or illegal activity, companies might resort to certain measures aimed at verifying that their customers have criminal connections. AML obliges organizations to monitor the transactions, identify suspicious activity, and notify the authorities when suspicious transactions occur.

Both AML and KYC can help companies avoid digital fraud and establish a higher security level for the business. This is a pretty big deal since companies, on average, lose over 1.7% of their annual revenue to fraud every year.

Why are KYC and AML Important

KYC is vital to businesses as it protects them from partnering with unreliable customers or cyber criminals. By requesting KYC documents, checking their authenticity, and examining the customer’s history a company can protect itself from fraud and money loss.

KYC and AML measures play a crucial role in preventing various forms of financial crime, including money laundering and fraud, protecting financial institutions, ensuring transparency and trust, and supporting economic stability.

Transaction monitoring is a fundamental component of AML compliance strategies, where financial transactions are regularly assessed to identify any unusual activities. Launching a fintech app without KYC compliance is essentially just creating a not secure application that wouldn’t work as intended.

KYC and AML measures play a crucial role in preventing financial crimes, protecting financial institutions, ensuring transparency and trust, and supporting economic stability. Among the aims of this process are the following:

• Preventing financial crimes. KYC and AML help thwart money laundering, terrorist financing, and fraud, safeguarding the integrity of the financial system.
• Protecting financial institutions. By adhering to these standards, financial institutions mitigate reputational risk, financial losses, and regulatory penalties.
• Ensuring transparency and trust. KYC instills confidence in customers, while AML contributes to a more transparent and trustworthy financial market.
• Supporting economic stability. KYC and AML help combat corruption and illicit activities, fostering a more secure and stable economic environment.

To sum it all up, KYC and AML are essential tools for maintaining the integrity of the financial system, protecting consumers, and promoting a more secure and transparent economy.

KYC Authentication Process

The KYC authentication process must be rigorous to ensure the identification of the customers’ identity without any hiccups. It’s vital as this process can ensure the minimization of risks and financial losses for the business. Typically, it includes a few of the following steps and I will review them in this section.

#1 Data Collection

The process starts with gathering basic details of the customer such as name, address, date of birth, and contact information. Collecting copies of government-issued identification documents might also be required to ensure a fuller grasp of the customer’s identity. Sometimes, certain KYC standards also include proof of address, which requires documents that verify the user’s residential address. These documents might include utility bills or bank statements.

#2 Document Verification

Verification can be done manually by examining the submitted documents for authenticity and accuracy. It can also be automated with advanced technology.

Among them are:

• Optical character recognition
• Facial recognition
• Data validation
• Multifactor authentication.

There are other technologies that could help verify the data or documents, however, I believe that the above mentioned are both efficient and widely used.

#3 Customer Due Dilligence and Risk Assessment

The next step is screening, which refers to checking against watchlists and databases to identify potential risks or red flags associated with the individual or entity. This would help the business assign each customer a risk score based on various factors such as financial history, transaction patterns, and geographical location.

#4 Additional Verification and Ongoing Monitoring

This step is usually optional and added only when needed to enhance the KYC process’s security. It can be used in extremely sensitive applications, such as challenger banks. Some of the measures used at this step can include biometric verification (use of biometric data such as fingerprints) or third-party verification (collaborating with third-party identity verification services providers).

These measures help strengthen the authentication process, help individuals achieve extra security with their finances, and require businesses to adhere to more rigorous measures.

#5 Data Storage and Retention

The final step is building a secure data storage that can contain collected data and protect it from unauthorized access or breaches. It can be pampered with:

• role-based access control,
• multi-factor authentication,
• strong encryption algorithms.

However, regardless of the process, each country has specific KYC requirements. My experience with the US, MENA, UK, and Europe enabled me to figure out some of the most unique specifics native to each region.

KYC Requirements for Different Regions

While the core elements of KYC are generally similar across regions, there are specific differences that financial institutions must be aware of. I’ve gathered some examples of these differences in this section to help you become more familiar with regional KYC specifications.

United States

The USA PATRIOT Act imposes stringent KYC requirements, including customer identification, verification of identity, and recordkeeping. The region also has a bank secrecy act that requires financial institutions to report suspicious activity to the Financial Crimes Enforcement Network (FinCEN).

One key component of KYC in the US is customer due diligence (CDD), which involves enhanced due diligence for high-risk customers.

Middle East and North Africa (MENA)

Financial institutions in MENA regions must comply with Sharia law, which has specific requirements for interest-free banking and ethical business practices. Additionally, each country in the MENA region may have its own KYC regulations, which can vary significantly because of economic sanctions and other measures.

United Kingdom

The UK has strict money laundering regulations that require financial institutions to implement KYC procedures. These regulations include the FCA—Financial Conduct Authority—which oversees the financial services industry and sets KYC standards for the country. One more important regulation is AMLD6, which introduces new requirements for customer identification, verification, and recordkeeping.

It introduces the following standards for AML:

1. Enhanced customer due diligence,
2. Beneficial ownership information,
3. Suspicious activity reporting,
4. Data sharing,
5. Sanctions.

According to these regulations, you can build your application with integrated KYC compliance. However, in the next section, I will review the specific types of KYC procedures you need for your business.

European Union

The AMLD6 also applies to all EU member states and is accompanied by the General Data Protection Regulation (GPDR). However, the European Union is comprised of many different countries, so it’s important to educate yourself on your TA market specifically. For example, regulations for Nordic countries might be quite different from those for South Europe.

Types of KYC AML Procedures

Fraudsters often attack newborn financial institutions because they usually have some holes in the registration process that allow criminally minded individuals to create accounts and perform illegal activities. There is a list of measures that you can take to identify a person who is applying for the services of the bank that you are working with/for. This list of measures establishes the KYC service flow.

Identity Check

Identity check involves checking the photo of a real document, recognizing the data on it, and confirming that it belongs to the user. This step requires using:

• artificial intelligence (AI),
• machine learning (ML),
• computer vision,
• Optical Character Recognition (OCR),
• Natural Language Processing (NLP).

Liveness Check

There are several ways to conduct a liveness check: taking a photo or video or running a live stream.

A photo liveness check requires the user to submit a selfie. Additional requirements can include holding a piece of paper with the current date written on it.

A video liveness check asks the user to conduct a live video for anti-fraud detection. During this process, the end-user needs to do some random actions – move their head from side to side, move their eyes, and so on. The basic requirements involve being in a quiet place, having good lighting, and being the only person in the video.

A live-streaming check is the most expensive KYC/AML method for a business. It is sometimes the most inconvenient for the user but the best fraud prevention solution. During some registration steps, the software application asks the user to give access to the camera. The bank employee then video calls the user via the banking application.

Address Proof

This type of AML KYC procedure helps prove that the user belongs to the place that he/she had mentioned. This KYC review is considered one of the most powerful fraud detection techniques in fintech. Primarily, the user needs to send some actual bills (telephone/utility bills). Usually, this kind of check is used as an additional verification step. By the way, some financial institutions have a particular requirement for Commercial addresses. They don’t allow users to use such addresses.

How to Implement AML KYC Services Within Your Organization

After you identify AML KYC requirements, understand the customer data to be checked, and develop KYC documentation, it’s time to actually implement KYC AML.

We’ve crafted a process specifically designed for companies to be able to implement the most robust security measures and comply with region-specific KYC regulations. In this section, I will talk in more detail about the process we follow to guide you through comprehensive development by DashDevs.

Definition of the Requirements

Our team collaborates with the client to figure out their business requirements and exact needs. This step is crucial to determine the applications’ capabilities and what’s needed according to its specifications and can include:

• Identity verification
• Anti-money laundering checks
• Bio identification
• Enhanced due diligence
• Multi-factor authentication.

We carefully review each case to find the best-fitting features and ensure that every customer gets what their business needs.

Choosing the Right KYC Vendor

Together with our customers, we choose Know Your Customer software that meets their organization’s needs. Here are some technical things you should keep in mind when choosing a KYC app for your business:

• SDK for mobiles. They can provide your fintech app with a predefined KYC AML flow. You should research SDK capabilities and the value and features it can provide you with in terms of e-KYC.
• SDK customization opportunities. There are no changes that can be made in an SDK. However, nowadays, KYC vendors have begun allowing some small changes that make the application look consistent. For example, customization of the background colors, color/size of the buttons, and text labels can be applied.
• API for mobile and web applications. This API should allow for efficient data exchange between your app and the KYC service. Additionally, ask whether the API is scalable enough to accommodate future expansions of your fintech solution.

However, you can contact us for a private consultation to choose your vendor. We’ll guide you through the process of choosing, with the experience of over 500+ projects and hundreds of successful integrations behind us.

Integration of the KYC Solution

This is the main stage of the process where we conduct the technical integration of whichever solutions our customers choose. We integrate them by establishing a secure connection with the services provided by the vendor. As any software development company that provides AML KYC services, we ensure that crucial checks such as compliance and identity verification work as intended.

Further Integration Testing

I believe that texting the KYC integration is crucial, as this is the only way to ensure the app’s security, accuracy, and functionality. We ensure that the solution complies with relevant regulations and creates a stable verification process.

As a team, we create a seamless user experience for the customer’s end user. On certain occasions, our team might resort to penetration testing to check the limits of the customers’ app and ensure that it can perform under pressure.

Post-release Monitoring

Many companies with KYC AML services provide post-release monitoring. Our team also offers this service, and we’re ready to update the application according to recent regulations changes. I have experience working with applications from the EU, UK, US, and MENA, and I break the news to my partners and customers every time governmental regulations change.

Conclusion

Fraudsters are tricky. They are always trying to gain access to your system from different sides and trick your fraud prevention methods. They use different phone numbers, emails, documents, name spellings, and so on. So, you need to have a strong KYC AML check that verifies if the user who is trying to register has not been already blocked in your system.

Knowing your customers is essential if you want to run secure and reliable business operations. Given this, complying with KYC requirements for corporates and using a robust KYC solution allows you not only to protect yourself from fraud but also to maintain a good business reputation.

At DashDevs, we have 13 years of experience in developing fintech apps and KYC solutions. If you need expert advice on AML compliance and KYC integration, don’t hesitate to get in touch.