Customers today expect to be able to open a new bank account online in a matter of minutes on their laptop or mobile. For online-only banks (also referred to as neobanks) that have increased in popularity in recent years, this has always been the case, while traditional banks have worked for years to digitalise their onboarding process. What was previously seen as a competitive advantage in terms of customer experience has now become a core requirement for financial institutions as a result of the COVID-19 pandemic. A mobile-first approach has become a necessity.
There are many solutions for document verification, facial recognition and liveness detection (to verify that it is a real person on the other end) that promise to digitalise the enrolment process in no time. But a fully digital onboarding process for financial services requires more than just identity proofing. First, it is essential to add Anti-Money-Laundering (AML) checks. Constantly stricter AML and CFT (Countering the Financing of Terrorism) regulations require politically exposed persons (PEP) and sanctions list verification and proper risk assessment policies to be set in place. This step is done after the document has been verified and the facial and liveness detection passed.
To minimise identity theft and lower false acceptance rate (FAR) during onboarding, it is essential to add risk management services to your KYC (Know Your Customer) process. This is often known as identity affirmation and adds supporting evidence to an identity claim – something that is often overlooked. Let’s dig deeper into what this means.
Enhanced onboarding with risk management
Risk management services can be used at different stages in the onboarding process. Since each financial institution has their own process flow it is important to adapt the usage of risk management and inject it where it makes most sense in each specific case. Above is just one example showing risk management used in the beginning of the process to help identify and abandon potentially high risk onboardings at an early stage.
What is Application fraud?
Scammers use stolen or synthetic identities to open new bank accounts.
They then max out their credit limits before disappearing into thin air, usually within a few months.
Application fraud is hard to catch because, unlike authenticating a returning user, this is the first interaction with the user. Thus, there is nothing to compare him or her to. But there are still several risk management techniques that can be used to uncover a suspicious situation surrounding user onboarding.
Device intelligence combines information about the software and hardware of the device used to create a unique device identifier, often called device fingerprint. In this way you can detect if the same device has been used to try to open multiple accounts for different identities. You also analyse application versions, check legitimacy of the operating system, and see whether the mobile is rooted or if cloaking tools are used.
Since this is the first time you are interacting with the user, you cannot simply compare customer behaviour with previous sessions. But you can still use behavioural analytics which analyse user habits at the service level to create a “good user” and “fraudulent user” profile for a specific application form. If unusual behaviour is spotted, the risk score can be increased.
Other parameters such as geo-localisation, hiding behind a TOR browser, BOT presence and more can also be used to various degrees to spot suspicious behaviour. The aim is to find the perfect balance where you block all fraudulent attempts, while making sure that the vast majority of legitimate users are not prevented from being onboarded, providing security along with an optimised customer experience.
Risk management techniques
Collecting all this information from several different sources and integrate them in your onboarding process can be difficult. For this purpose a Policy Manager is needed that can combine all incoming data into one global risk score and decide the next course of action, eg continue or abandon the onboarding. This risk management strategy reduces the risk of ID fraud, while ensuring that all genuine new customers have a smooth onboarding experience since additional checks are done in the background. Keeping this process frictionless is crucial since abandonment rate increases if it takes more than five minutes to open a new account on a mobile phone.
Taking a holistic view of your full digital onboarding process is critical – and a large part of that is incorporating a risk management solution. This solution works best when it is directly integrated with document verification, face recognition, liveness checks and AML screening in the same platform.