KYC: How to Avoid Fraud in Fintech App

Nowadays, people can run the world via their mobile phones. We can communicate with friends, perform task management, perform financial operations, order or buy things, etc. Nearly every aspect of our lives is becoming easier and more convenient. However, it is also more susceptible to new types of attacks and fraud.

From this perspective, the unstoppable growth of the digital banking system inspires me the most. People are ready to give financial institutions or branchless banks their money without visiting the official branch. On the other side, banks are ready to open an account for a person they have never seen before. The risk from both sides is enormous. However, billions of customers use the services of neo-banks and trust them with their funds, so banks should use KYC AML, which stands for Know Your Customers and Anti-Money Laundering systems.

By the way, not only the banking sector is undergoing the digitalization of its products. Investment, insurance, credit, and loan/leasing companies are optimizing the process of registration and execution of their services for their users too. For these organizations, KYC AML solutions also play a crucial role.

So, what exactly is AML KYC? How does KYC identity verification work? And what KYC requirements for corporates exist? 

In this article, I will answer these and other questions based on my experience in fintech and KYC solutions development.

What are KYC and AML

First of all, we need to clear up KYC and AML terms that are usually used together:

1. Know Your Customer (KYC) is the procedure by which a business verifies the identity of its customers. During this process, financial institutions assess the potential risks of criminal intentions for business activities. The main purpose of KYC screening is to block anyone identified as a politically exposed person (PEP), sanctioned people, cybercriminals, and fraudsters and prevent fraud. 
2. Anti-Money Laundering (AML) is a set of regulations that prevent the use of money obtained illegally. Such illegal ways include drug trafficking, financing of terrorists, and the proliferation of weapons. There are lists of people who have been proven to be connected to the activity described above. That’s why companies should establish rigorous checks to ensure their potential customers or partners are not connected with criminals. Financial organizations have to monitor the transaction, identify suspicious activity, and notify the authorities when suspicious transactions occur.

Why KYC Is Important

KYC verification means confirmation of the customer’s identity. In other words, an organization that intends to provide services to a customer ensures that this person is who they claim to be before actually providing services. 

KYC is important because it helps protect companies from partnering with unreliable customers or cybercriminals. By requesting KYC documents, checking their authenticity, and examining the customer’s history of interaction with financial institutions, a company can protect itself from fraud and money loss.

In general, KYC for fintech, banks, and other financial organizations guarantees:

• Reduced risk of data leakage
• Fewer risk of cash theft
• More secure and transparent financial transactions
• Compliance with industry standards
• Strong company reputation

What Are KYC Documents?

KYC documents are documents that provide crucial information to verify customers’ identities. 

KYC documents typically include:

• Government-issued IDs: passports, driver’s licenses, national ID cards
• Proof of address documents: utility bills, bank statements, driver licenses, insurance statements, credit card statements, etc.

The Know Your Customer form is a key element in the KYC AML process. It serves as the official document where customers provide their personal information and submit their supporting documents for verification. 

The KYC compliance form contains such fields as full name, date of birth, address, and contact information. Financial institutions use information from KYC forms to conduct thorough background checks and ensure compliance with regulatory requirements.

A valid KYC document is critical for financial organizations to authenticate customers’ identities and mitigate the risk of fraudulent activities. By reviewing KYC documents and KYC forms and cross-referencing them with reliable databases, companies can ensure they partner with honest and dependable customers. This helps them eliminate risks associated with money laundering and other illicit activities.

Types of KYC AML Procedures

Fraudsters often attack newborn financial institutions because they usually have some holes in the registration process that allow criminally minded individuals to create accounts and perform illegal activities. There is a list of measures that you can take to identify a person who is applying for the services of the bank that you are working with/for. This list of measures establishes the KYC service flow.

So, here are digital KYC procedures usually applied by financial organizations:

1. Identity check involves checking the photo of a real document, recognizing the data on it, and confirming that it belongs to the user. This step requires using artificial intelligence (AI), machine learning (ML), computer vision, Optical Character Recognition (OCR), and Natural Language Processing (NLP).
2. A liveness check is another way to prove the customer’s identity and strengthen the fraud strategy. There can be a few ways to conduct a liveness check: take a photo or video or run live-streaming. A photo liveness check requires the user to submit a selfie. There can be additional requirements, such as holding a piece of paper in their hand with the current date written on it. A video liveness check asks the user to conduct a live video for anti-fraud detection. During this process, the end-user needs to do some random actions - say the custom expression, move his/her head from side to side, move their eyes, and so on. The basic requirements involve being in a quiet place, having good lighting, and being the only person in the video. A live-streaming check is the most expensive KYC/AML method for a business. It is sometimes the most inconvenient for the user but the best fraud prevention solution. During some steps of the registration, the software application asks the user to give access to the camera. The bank employee makes a video call to the user via the banking application. Bank officers ask basic questions to prove that the person really is the individual that they are claiming to be. Usually, people don’t expect such a video call, and they are not prepared.
3. Address proof helps prove that the user belongs to the place that he/she had mentioned. This KYC review is considered one of the most powerful fraud detection techniques in fintech. Primarily, the user needs to send some actual bills (telephone/utility bill). Usually, this kind of check is used as an additional verification step. By the way, some financial institutions have a particular requirement for Commercial addresses. They don’t allow users to use such addresses.

How to Identify KYC Data

Fraud prevention is crucial for any business operating in the financial industry. In terms of this, I think the first question you may ask yourself is, what exactly should I check to know my customer? 

I prepared a comprehensive know-your-customer checklist to help you get started:

1. What documents are you going to accept? Basically, you need to define the goal of the user identification process and choose KYC documents accordingly. Sometimes, the market’s regulatory system within which your product is located will give you guidance (e.i. Passport Driving License or National ID only).
2. What is critical to check? Some common elements for KYC AML checks include verifying the authenticity of the provided documents, conducting identity verification through biometric data, screening customers against global sanctions lists, and assessing the risk level associated with each customer based on their transaction history and geographic location. 
3. What countries do you plan to operate in? This question is critical for the Product vision and the KYC platform selection. Every jurisdiction has different requirements and particular lists of documents that need to be submitted.
4. Do you want to be able to change different settings for the KYC form identity check in different countries? KYC AML check is used in many financial institutions that work with different markets. For example, some countries only have customer fraud detection for an identity and a photo check. But for the high-risk countries, they set up video liveness checks and proof of address.
5. What are the non-functional requirements for the KYC AML check? One of the most usual KYC requirements for banks is to check the position of the device at the moment of verification. It can help you detect if someone tries to impersonate real users.
6. Is the product going to work only with individual users? The processes of KYC and KYB (Know Your Business) are different. One service provider can design a fraud detection system for a bank that works only with KYC and another — only with KYB.
7. Are you going to have only mobile solutions, or are you going to have web apps for the product with the same stack of functionality? You need to remember that not all PC/laptops have a webcam (or a good webcam) for liveness checks. The user can’t easily change their position. From another perspective, some KYC solutions only have mobile SDK, which can’t be used for web applications.

How to Implement AML KYC Services Within Your Organization

After you identify AML KYC requirements, understand the customer data to be checked, and develop KYC documentation, it’s time to actually put KYC AML in action. 

At this step, you don’t need to reinvent the wheel. There are numerous KYC companies on the market. Your task is to choose Know Your Customer software that meets your organization’s needs.

Here are some technical things you should keep in mind when choosing a KYC app for your business:

1. SDK for mobiles. They can provide your fintech app with a predefined KYC AML flow. You should find out more about SDK capabilities and the value and features it can provide you with in terms of e-KYC.
2.  SDK customization opportunities. You may be really disappointed when realizing that nothing can be changed in the SDK. However, nowadays, KYC vendors have begun allowing some small changes that make the application look consistent. For example, customization of the background colors, color/size of the buttons, and text labels can be applied. Pay additional attention to the provider advertisement. You may have a “Powered by …” label in your app.
3. API for mobile and web applications. This API should allow for efficient data exchange between your app and the KYC service. Additionally, ask whether the API is scalable enough to accommodate future expansions of your fintech solution.
4. A chance to use API and the SDK of the same vendor within a single mobile app. This is another tricky question for the KYC provider. You may receive the NO answer and decide whether this works for you.
5. Supported devices for an SDK. The devices most used by your target audience vary depending on the region. You need to check that the SDK has no limitations for the list of devices.
6. Number of development environments used by KYC AML vendor. Usually, it is better to have at least two: a test environment and a production environment. A lot of providers have only one environment - production. It means that you are paying for every test check of your QA team. Believe me. Sometimes they can be really active.
7. SDK and API documentation for a production environment. a well-prepared documentation empowers a smooth fintech software development process. Some of the requirements might not be so obvious for the developers, and it will make their heads spin.
8. Responses available in the KYC form. The most common approach is to have a few kinds of answers – Positive, Negative, False Positive, and False Negative. However, some providers may give you a Yes/No answer. By the way, it would be great if your KYC solution could send you the reason for the failure in the server-side response too.
9. Ability to change the fuzziness level for the verification checks? Fuzziness is a coefficient used to compare the names. It may be from 0 to 1. Basically, it defines whether Alexander and Aleksandr are the same names.
10. KYC crypto. It’s crucial to consider the inclusion of KYC crypto features if your operations involve cryptocurrency transactions. KYC for crypto is a check conducted by cryptocurrency exchanges to verify customer identity and perform due diligence to understand their financial risks. 

We have listed the best KYC providers in another article by DashDevs. Take a look.

Conclusion

Fraudsters are tricky. They are always trying to gain access to your system from different sides and trick your fraud prevention methods. They use different phone numbers, emails, documents, name spellings, and so on. So, you need to have a strong KYC AML check that verifies if the user who is trying to register has not been already blocked in your system.

Knowing your customers is essential if you want to run secure and reliable business operations. Given this, complying with KYC requirements for corporates and using a robust KYC solution allows you not only to protect yourself from fraud but also to maintain a good business reputation.

At DashDevs, we have 13 years of experience in developing fintech apps and KYC solutions. If you need expert advice on AML compliance and KYC integration, don’t hesitate to get in touch.