Customers today expect to be able to open a new bank account online in a matter of minutes on their laptop or mobile. For online-only banks (also referred to as neobanks) that have increased in popularity in recent years, this has always been the case, while traditional banks have worked for years to digitalise their onboarding process. What was previously seen as a competitive advantage in terms of customer experience has now become a core requirement for financial institutions as a result of the COVID-19 pandemic. A mobile-first approach has become a necessity.
There are many solutions for document verification using facial recognition and liveness detection (to verify that it is a real person on the other end) that promise to digitalise the enrolment process. But a fully digital onboarding process for financial services requires more than just identity proofing. First, it is essential to add anti-money laundering (AML) checks. Stricter AML and CFT (Countering the Financing of Terrorism) regulations require politically exposed persons (PEP) to be verified against sanctions list as well as proper risk assessment policies to be set in place. This step is done after the document has been verified and the facial and liveness detection has passed.
To minimise identity theft and lower false acceptance rate (FAR) during onboarding, it is essential to add risk management services to your KYC (Know Your Customer) process. This is often known as identity affirmation and adds supporting evidence to an identity claim – something that is often overlooked. Let’s dig deeper into what this means.
Enhanced onboarding with risk management
Risk management services can be used at different stages in the onboarding process. Since each financial institution has its own process flow it is important to adapt the usage of risk management and inject it where it makes the most sense in each specific case. Illustrated above is just one example showing how risk management is used in the beginning of the process to help identify and abandon potentially high risk onboardings at an early stage.
What is Application fraud?
Scammers use stolen or fake identities to open new bank accounts.
They then max out their credit limits before disappearing into thin air, usually within a few months.
Application fraud is hard to catch because, unlike authenticating a returning user, this is the first interaction with the user. Thus, there is nothing to compare them against. But there are still several risk management techniques that can be used to uncover a suspicious situation around user onboarding.
Device profiling combines information about the software and hardware of the device used to create a unique device identifier, often called device fingerprint. This way you can detect if the same device has been used to try to open multiple accounts for different identities. You can also analyse application versions, check legitimacy of the operating system, and see whether the mobile is rooted or if cloaking tools are used.
Since this is the first time you are interacting with the user, you cannot simply compare customer behaviour with previous sessions. But you can still use behavioural analytics in the form of population profiling, which compares the new user’s behaviour against statistical averages for normal and fraudulent behaviour from those who have been through the same journey. If unusual behaviour is spotted, the risk score can be increased.
Other parameters such as geo-localisation, hiding behind a TOR browser, and BOT presence, can also be used to various degrees to spot suspicious behaviour. The aim is to find the perfect balance where you block all fraudulent attempts, while making sure that the vast majority of legitimate users are not prevented from being onboarded, providing security along with an optimised customer experience.
Collecting all this information from several different sources and integrating it into your onboarding process can be difficult. For this purpose, a policy manager is needed that can combine all incoming data into one global risk score and decide the next course of action, e.g. whether to continue or abandon the onboarding. This risk management strategy reduces the risk of ID fraud, while ensuring that all genuine new customers have a smooth onboarding experience since the additional checks are done in the background. Keeping this process frictionless is crucial since abandonment rate increases if it takes more than five minutes to open a new account on a mobile phone.
Taking a holistic view of your full digital onboarding process is critical – and a large part of that is incorporating a risk management solution. This solution works best when it is directly integrated with document verification, face recognition, liveness checks and AML screening in the same platform.