The world of Open Banking is now enabling users to manage their financial accounts and payments with greater fluidity, more convenience and at lower prices than ever before. However, newly simplified services, with greater speed and usability, bring with them the potential pitfall of online fraud, and can lead to the creation of havens for cybercriminals.
To combat such illicit digital activity, banks and third-party providers (TPPs) must employ innovative identity (ID) verification solutions to protect customers and partner companies. Creating such trust networks of “core ID” verified customer assets can help key players stay ahead of the curve, and out of harm’s way too.
For all their transformational perks, Account Information Services Providers and Payment Initiation Service Providers will be left vulnerable if not adequately protected by ID verification services to provide added security layers. In particular, these providers need to look to services that are purpose-built to protect against fraud, money laundering, and other cybercrimes.
Today’s increasingly digitalized world requires updated digital identity solutions. In fact, to prevent criminal activities, legally bound parties by Law 10/2018 of April 28 on the prevention of money laundering and financing of terrorism are required to implement measures of due diligence, including the formal identification of natural and legal persons, also known as KYC (Know Your Customer). This regulation requires that customers of certain types of services certify their identity using legally valid identification documents such as passports, driver’s licenses, or national ID cards.
However, with the growth of remote access to financial services and the fact that many organizations are removing the need for in-person ID verification, we’re seeing a resurgence in attempts to falsify IDs in order to access accounts and conduct fraud. To address these challenges, new technological solutions are aiming to provide customer-centric security layers that are, above all, hasslefree, cost-effective and fast to use. In addition, there’s a growing emphasis being placed on customer experience improvements, as companies seek to introduce security methods that are as frictionless as possible, whilst still maintaining high standards of authentication.
Thankfully, today’s ID verification technology makes secure Open Banking possible without the need to disrupt customer experience by requiring customers to jump through a myriad of ID “hoops” along the way. Let’s take a look at what’s available to leverage now.
What is identity (ID) verification?
In a nutshell, ID verification is the process by which banks, TPP, and other businesses verify a customer is who they claim to be so they can receive certain services that are subject to regulation. For the most part, identity verification applies to services that are financial in nature or are regulated for security reasons, such as setting up a mobile phone line. It is a security factor that has long been an important part of modern financial regulations, and which crystallized through Law 10/2010, on the prevention of money laundering and the financing of terrorism, demanding the presentation of various formal forms of identification to certify the client’s identity. The core purpose of KYC is to promote a strong anti-money laundering (AML) policy, as well as to ensure extra security for the customer.
In the digital age, ID verification will require technologically encrypted security layers that comply with the latest regulations. In the case of Europe, the PSD2’s Regulatory Technical Standards call for Strong Customer Authentication. This is a two-factor protocol that can include not just a credit/debit card number, password and/or three-digit security code, but also possible requirements to prove a customer’s ownership of a physical device, or even biometric identification, such as retinal or fingerprint scans.
What are the main advantages of identity verification?
A key advantage of identity verification is the ability to combat online fraud in an increasingly digitized financial landscape, to protect customers and keep them ahead of the curve by equipping them with the latest ID tech. The reality of the digital world is that malicious hackers are continuously vying for control; companies must invest to outpace them by installing preemptive security layers, which are connected to encrypted trust networks.
The need for additional security layers is increasingly obvious. The convenience of Open Banking has brought about great improvements to how we manage and move money, yet it has also created a veritable playground for malicious attackers to take advantage.
ID verification thus works to counter that phenomenon. When ID verification solutions are built into a digital trust network, customers can link their vital identifying data attributes by providing consent, which in turn creates a shareable system of credentials that’s adaptable to customer needs. If the power of that flexibility is matched with advanced encryption technology, then customers stand to benefit from reduced costs, avant-garde security measures and the convenience of remote banking.
A customer’s so-called “core ID,” which carries all vital ID data attributes, can be potentially expanded to create an enriched digital ID, with the trusted data required to enable onboarding too.
How can identity verification processes evaluate a user ID?
ID verification works via the creation and management of core digital IDs, which are graded during processing and given a “score.” Digital IDs to prove customer identity can be useful, though they can be limited too. To determine this, the digital ID can be given a Level of Assurance (LOA) as a result of a scoring process, which can help define the services unlocked. For instance, core digital IDs with LOA Level I can be seen as a ‘pass’. This means all vital ID attributes have been cleared by the authentication’s evaluation algorithms. LOA Level II means that “moderate risk” is assigned to the user login instance, warning of erroneous authentication, possibility due to human error. A step higher, a LOA Level III confirms a “substantial risk” that signals the system should request further ID proofing procedures that are dependent on authentication. The highest warning signal is a LOA Level IV, which denotes “substantial risk” that elevates the ID verification process to requiring face-to-face authentication.
This range of services depends on the ID verification provider. However, usually, when access to financial services requires temporarily sensitive pieces of information, a special due diligence operator will be tasked to assess them and provide access.
What exactly is required of the user during the ID verification process?
The implementation of ID verification will be dependent on a country’s regulatory body. In the case of the EU, this is dependent on national regulatory bodies — such as the Bank of Spain in Spain — following the PSD2’s Regulatory Technical Standards (RTS). Under the RTS, banks and TPPs must implement Strong Customer Authentication (SCA), which requires two of a possible three security factors to be provided in order to ensure a higher level of ID verification.
According to the EBA, there are three specific factors that SCA-compliant companies must adhere to: possession, knowledge, and inherence. “In this context, possession represents something the user owns, such as their phone; knowledge represents something they know, such as a password; and inherence represents something intrinsic, such as a retinal scan or fingerprint,” says Marc Nieto, CEO and co-founder of MPServices, a consultancy that specializes in fraud prevention and management for e-commerce companies.
What types of verification can be carried out?
The ID verification service provider is authorized to check public and proprietary private databases for any matches for the information provided. After carrying out these checks, an ID “score” is calculated, and the ID of the customer is either given the “verified” status or not, based on that score. Furthermore, knowledge-based authentication questions, which can ask users to provide answers to personal questions, can be provided to further ensure the security and integrity of the ID.
How can identity verification be applied?
Providers of ID verification services can be contracted by a variety of online businesses, including banks and TPPS, as well as e-commerce platforms, social networking sites, Internet forums, dating sites, shared economy businesses, telecom providers, online gaming services and more. All of these industries apply this technology with similar aims in mind, namely to authenticate the identity of users to conduct payments and/or account verification.
In various financial jurisdictions, since some form of ID verification is required for establishing bank accounts, many digital businesses are already familiar with this infrastructure, but their ability to interact with more advanced ID verification infrastructure will depend on the company and the jurisdiction. However, if companies, especially banks, fail to meet the diligence standards demanded under their jurisdiction’s regulations, this could result in heavy non-compliance fines.
How reliable is identity verification?
ID verification services are becoming more advanced by the day. For all operators in the Open Banking ecosystem, the evolution of technology has made the onboarding of ID verification service systems a smart, and vital, requisite.
However, the field is complicated and divergent requirements make the reliability of services harder to judge. For example, data requirements for property insurers versus personal loan providers can differ drastically. Ensuring that you are providing a reliable ID verification service for your customers therefore requires a high level of due diligence.
The good news is that, thanks to a wave of advanced ID verification providers, the most common issues in this arena can be resolved. This includes the challenge to introduce a seamless, pain-free onboarding and product portfolio management platform, reducing churn rates from customers experiencing new ID authentication, high operational costs and the risk of disintermediation through propositions from TPPs.
The key to secure Open Banking
Few can argue against the fact that ID verification is the key to establishing the exchange of trusted data between Open Banking ecosystem partners.
With truly competent ID verification enabled, customers can bid farewell to lengthy and frustrating onboarding processes, whilst enjoying higher security and greater ease-of-use when it comes to their accounts. The Unnax Identity Verification Engine offers just that: an end-to-end solution with powerful tools to automate anti-money laundering and customer onboarding processes. Equipped with tools like this innovative engine, collaboration between customers and institutions will only continue to grow, thanks to the peace-of-mind that only these expert security solutions can provide.