Upload
masha-cilliers
View
18
Download
0
Embed Size (px)
Citation preview
Masha Cilliers, Founder and Principal Consultant, Payment Options Ltd
KYC & Authentication as a Fraud
Management Tool
Travel Fraud Symposium 21st February, London
Masha Cilliers, 20+ years in payments business: Visa, Microsoft, Cybersource, GlobalCollect and Datacash. As a consultant worked on various projects from payment providers, to retailers to
startups. Focus on international payment strategy, improving the ongoing payment processing and related services, project rollout and innovation
Definitions Regulatory requirements and implications Where does KYC and Authentication fit into the
Fraud and Risk management strategies Customer focus Technology available In-house or Outsourcing Reducing costs Additional tips and ongoing aspect of KYC
Will Cover:
KYC• Know your customer (KYC) is the process of a business, identifying and
verifying the identity of its clients. The term is also used to refer to the bank regulation which governs these activities. Know your customer processes are also employed by companies of all sizes for the purpose of ensuring their proposed agents, consultants, or distributors are not money launderers, terrorists etc
Authentication• Authentication (from Greek: αὐθεντικός authentikos, "real, genuine",
from αὐθέντης authentes, "author") is the act of confirming the truth of an attribute of a single piece of data. In contrast with identification which refers to the act of attesting to a person or thing's identity, authentication is the process of actually confirming that identity. It might involve confirming the identity of a person by validating their identity documents, verifying the authenticity of a website with a digital certificate
The difference: • KYC is the process which confirms identity and other attributes to
establish that the customer is ‘good’
Definitions
What is Authentication
Who you are
What you have
What you know
Legal and compliance requirement
To know customer/partner is not a fraudster
To know customer/partner is not an impersonator
To get to know the customer better?
Why Need KYC?
Banks
Lenders
Acquirers
Payment Processors
Money transfer companies
Emoney institutions
Retailers and Marketplaces
Industries and Companies Subject to KYC Requirements
Apply to a wider list of organisations• International and Local KYC law and legislation applies to the Banks, Issuers and
Acquirers but also to other companies which are involved in money movements (from money transfer to marketplaces)
Are needed for the Global Business• The 4th AMLD is clear on the global aspect of money laundering exposure and is
tougher on enforcement and dealing with breaches Anti terrorism • Financing of terrorism is the focus of regulation such as the Patriot Act in the USA
and apply to all organisations involved in money movementsNew Payment Companies• Payment Institution and Emoney provider regulation requires the licensed
institutions to have clear KYC processesPayment Schemes• Require Acquirers to KYC their merchants, Merchant aggregators and payment
facilitators to check their customersThe list goes on….
There is a Constantly Evolving List of Strict KYC Requirements which:
The compliance is patchy• 1 in 5 banks experienced enforcement by regulator• Financial institutions are spending over 10Bn in the
next two years to complyMany look at KYC as compliance only issue • And not as fraud and risk management issue
Lack of KYC has sever implications on profitability not only for banks but for acquirers and retailers• Last six years ID losses add up to $112Bn• US loasses went up 11% due to EMV implementation• 4Bn data records losses by companies since 2013
The Reality of Compliance
• Opening account• Address• Email• Card details
Customer onboarding
Where Does KYC Fit into the Fraud Management Strategy
• At onboarding you can leverage KYC technology to check the customer details and decide on customer flow
• When customer is making a purchase you can use KYC to deal with false positives or perceived risky transactions
• For repeat customer use KYC and/or authentication technology to ensure the customer is indeed repeat customer
• Ensuring the correct customer is using the service by leveraging the ID details
• If there are chargebacks you can use KYC data to fight them and also to blacklist all items of that data to avoid further fraud and chargebacks
Leveraging KYC Helps Improve Fraud ManagementCustomer
onboarding
Customer transacting
Fulfilment
Post Fulfilment
KYC
KYC as Part of Your Organisation
Meantime the customer is getting used to frictionless interface when they do their banking and shopping and lose patience when additional verification is requested
The customer also knows his/her rights regarding the payment methods and they get more blasé about their own security
Asking for a copy of the gas bill is not really an option…
Customer Focus
Battle to the consumer interface (Citibank exec quote
at the last conference)
While access to new technology is helping fraudsters access the banks’ and retailers’ systems the technology is offering benefits in managing Risk and KYC
The technology is there to help so that things can be done in the background rather than asking a customer a long list of questions and a few faxes…
There is a lot more information about the customers (and businesses) available online and the amount of data points is only likely to increase, so a lot more choices for the future
But this means a lot of work for integrating to different data points
Technology Enabling Frictionless Consumer Experience
Continuous and Predictive are the key words for the best customer experience
Electoral rolls,
address validation
tools
Social network validation,
media scrubbing,
email address, various other ID databases
Blacklists: AML,
Sanctions, Terrorist lists, Fraud/Acquire
r and Merchant lists
Passports and other
documents checked
remotely by downloading
the image
Device attributes such as IP address, Device ID
Mobile phone
number and
Operator registration
What Type of Checks Can Be Done:
Multiple Connections, Streamlining Processes
In-house• Some banks and financial organisations have built various
connections to ID databases, and that might drive their strategy to stay in-house
• It is possible to combine the in-house functionality with an aggregator who has access to the latest technology and sources
• It is hard to keep up with the innovation of Identity Validation and Authentication methods
Outsourcing• There is an increasing number of KYC providers ranging from local
ones to those being able to check 100ds of databases and documents (both old and new)
• It is important to have clear view of who is doing what and where the liability lies
• The choice of partner should reflect the exact requirements you are facing and also allow for the future developments
Doing it Alone or Outsourcing
Some of the KYC Providers
That means that the checks are appropriate for the context of risks
Extra checks add cost – most KYC providers will offer an usage based pricing whereby you are only charged for the actual tests performed and rules can be set up for when more in-depth analysis is required
The KYC checks should be part of the process with appropriate attention given to each step of the customer journey
KYC can be used to benefit sales, existing customer services, marketing and risk teams
The costs can be spread across these different teams
Reducing Costs by Doing What is Needed When it is Needed
Different teams need to work together: Compliance and Risk or Fraud Management and even Marketing and Sales (often loyalty is managed by the marketing team who may not be aware of onboarding risks and compliance issues)
Ensure that the customer understands why you are asking for additional information and how the information is treated
Select provider not based on the price but based on the relevance of the checks they provide first, then the price
KYC as a part of overall customer authentication and fraud management process and it should be ongoing – things change!
Additional Tips
Often organisations do good due diligence on the customer when they sign him up but then don’t follow up with regular checks (especially in card processing business)
Regular reviews are now expected and are part of the current KYC requirements
It can be done in the background or can be used as an additional point of engagement with the customer
Expect that the regulations will change over time so that the KYC process is based on a flexible model and it is easy to add/delete what is needed
Ongoing Aspect
What about knowing your partners and resellers? It is possible to do KYC on companies• When working in B2B ensure that company checks
are performed rather than just director KYC (e.g. often not all shareholders are visible)• There are not many KYC providers which can review
both individuals and the companies to the same extent, so if you customers come from both of these groups at least two providers may be needed
Tools for Business to Business KYC
The regulation surrounding KYC and customer due diligence is evolving and increasing number of organisations need to comply
This is opening the market in terms of the number of ID verification suppliers which is great for the choice and prices
KYC tools are increasingly being considered to compliment the existing risk and fraud management tools
Good process using various customer data points can mean great and frictionless experience for your customers
In-house or outsourcing should be built around good and dynamic internal processes
KYC must be viewed as an ongoing activity not a tick in the box and
It should also be part of the overall Risk and Fraud Management, Authentication and Compliance strategy
Summary
Questions?....
Masha Cilliers has 20+ years experience in payments from traditional card business to e- and m- commerce and the ever growing omni-channel propositionThe main focus is on Ecommerce Merchants (Retail, Digital and Travel), Payment Service Companies, Fraud Management Suppliers, KYC/ID validation services and of course Start-ups as well as Investors. Key areas of expertise are:
Payment Options Background
• Payment strategy and understanding the ecosystem• Launching new products and entering new markets• Assessing and selecting providers for all payment
and payment-related needs• Evaluating opportunities and markets• Alliances and partnerships as part of growth strategy
[email protected]@gmail.com
Skype mashacilliersTwitter @mashacilliers