KYC Verification – Part 1
KYC verification is the process used to confirm customers’ identity, check customer information, monitor transactions and assess risk. The KYC verification process includes a wide range of procedures for tasks such as verifying identification documents, capturing data, obtaining digital signatures, assessing risk, authenticating account access and preventing fraud.
What is the KYC Verification Process?
The KYC verification process includes several general procedures:
- Customer identification program (CIP): This part of the KYC verification process seeks to confirm the identity of account applicants by collecting identifying information.
- Customer due diligence (CDD): In this step, the information collected is used to assess the risk of financial crime posed by a customer based on a risk rating.
- Continuous monitoring: Here customer accounts and transactions are tracked on an ongoing basis to flag suspicious activity and periodically verify account information.
- Risk management: When a risk of identity theft or fraud is detected, the risk level needs to be assessed and appropriate steps taken to mitigate risk.
The implementation of these procedures, in turn, can be broken down into several distinct tasks:
- Identity verification
- Digital signature and non-repudiation
- Risk control
- User authentication
- Critical transaction monitoring
- Database streamlining
- Data capture
Let’s look at what each of these elements of KYC involves.
Identity Verification
This involves confirming that applicants are who they claim to be. It includes procedures such as:
- Performing tests to authenticate identification documents
- Using optical character recognition (OCR) to extract text data from scans
- Interpreting barcodes
- Comparing templates for biometric data such as fingerprints and facial recognition
- Performing tests to verify that a biometric user is a real person
- Comparing information with databases such as government data
Not all these procedures will be applicable in all situations. Which ones are used will depend on what type of data is being collected.
Digital Signature and Non-repudiation
This phase of KYC verification seeks to ensure that digital signatures will hold up legally if someone challenges (repudiates) their authenticity. This requires using technology such as digital certificates to provide evidence that a digital signature originated with the authentic signer.
Risk Control
The risk control process lets financial providers identify signs of potential criminal activity. Risk is quantified on a scale that measures the degree of threat posed. For example, an account with a consumer located in the United States normally would rank as a lower risk than a corporate account located with an offshore bank.
User Authentication
The authentication process makes it faster to confirm the identity of a user who already has been identified and provided with a biometric template. For example, instead of having to provide a password each time the user logs in, a picture of the user’s face might be used. Authentication tools ensure that this is done in a way that does not compromise security.
Critical Transaction Monitoring
This part of the KYC process facilitates secure transactions by following procedures to reduce fraud risk and detect suspicious activity. For example, users might be required to use two-factor authentication to complete a transaction, or transactions from users who have not signed in for a long time might require additional security steps.
Database Sharing
Once a user’s data has been entered into the database of a KYC provider, it is possible to streamline user identification and transaction authentication if the user gives permission to share their information with a service provider. Incode allows users who already have contributed their information to authorize sharing their information with a service provider to simplify and accelerate the onboarding process.
Data Capture
All the methods of KYC verification listed above depend on accurate data for their effectiveness. For example, a typo can thwart a name or address check, while a blurry picture can disrupt facial recognition. Data capture tools can help optimize data collection for accurate identification. For example, OCR scanning can help reduce the risk of manual data entry errors.
What Is Used for Proof of KYC Verification?
Identifying customers, doing due diligence and monitoring transactions depends on collecting information to allow verification. What type of information constitutes proof varies depending on a number of variables, starting with whether the customer is an individual or a business. For individuals, information for customer identification may involve items to verify identity or addresses, such as:
- Birth certificates
- Driver’s licenses
- Passports
- Voter identification cards
- Facial pictures
- Biometric identification
- Utility bills
- Credit card statements
For businesses, customer identification information may include items such as:
- Articles of incorporation, articles of organization or partnership agreements
- Business licenses
- Bank statements
- Financial statements
- Tax filings
Exactly which types of identification are required will vary.
What is the KYC Registration Process?
The KYC registration process breaks down into a few main steps:
- Collecting identifying information to determine which individual or company is seeking to open an account
- Asking the user to upload documentation to verify their claimed identity
- Checking the uploaded document for authenticity
If an application passes authenticity checks, the applicant may be accepted as a customer. Their account and transactions then can be monitored for ongoing protection.
To understand more about KYC, please read the following:
Chapter 1 – KYC Verification
Chapter 2 – KYC Compliance
Chapter 3 – KYC and AML Differences
Chapter 4 – KYC Checks
Chapter 5 – KYC Data Remediation
Chapter 6 – KYC for Banking and Finance
Chapter 7 – KYC Solutions