How neobanks can integrate Identity Verification (IDV) into a broader security strategy

Today's customers expect a range of services from their digital bank, whether it's replacing debit cards and credit cards or reviewing the details of a checking account. With the shift away from traditional banking in a physical branch, customers can be more flexible with their choice of banking accounts and money management; neobanks may offer different overdraft fees, an optimized mobile app , and more convenient online banking. That said, a real challenge occurs when neobanks must verify, for instance, a million customers in a short space of time, with a risk to their banking licenses if bad actors gain access to a legitimate platform.

As such, identity verification (IDV) should form the central element of your customer identification programme (CIP). As well as ensuring you know who your customers are and what their financial background is, accurate customer identification will help you monitor their financial activities once they’ve opened an account. However, to be truly effective, Know Your Customer (KYC) processes need to be implemented as part of a wider security strategy. Here are some tips for how to integrate IDV into your broader approach to online security.

Take a risk-based approach

Having identified your customer, you need to calculate the level of risk they pose to your business. As a neobank, you are likely to want to employ customer due diligence (CDD) for most customers, with high net worth and politically exposed persons subjected to more stringent enhanced due diligence (EDD) processes. Ensuring your approach to each individual is appropriate and proportional will ensure you meet your compliance obligations, while avoiding unnecessary costs and keeping conversion rates healthy. Technology provides invaluable tools to facilitate the due diligence process, but human vigilance may also be needed to make decisions regarding potential threats.

Ensure ongoing monitoring

Measures to make sure you know your customer shouldn’t stop just because they’ve successfully passed your checks and opened an account. Ongoing screening and checking of customer transactions and data is vital to spot if their risk level changes or account activity becomes suspicious. By putting in place the right systems, you’ll receive alerts if anything unusual happens.

Have an appropriate reporting structure in place

To ensure your processes are easy to understand, follow and review, you need to put written policies in place and make them available to both staff members and regulators. These should include information about what security processes you use, what reports you create, how you comply with relevant regulations, how you retain records, how often policies are reviewed and whether they have been independently audited.

Communicate issues quickly and clearly

When an issue such as account takeover occurs, you need to communicate the problem to affected customers in a way that’s both empathetic and transparent. Having a clear protocol in place will help make sure communications inspire confidence and reassure customers that you are in control of the situation. If required for compliance, you should also keep regulators informed of steps being taken to resolve the issue.

Review and take preventative action

After a security incident has been addressed, you should conduct a thorough review of what happened and how effectively you responded as a business. This should help to assess how you can prevent the problem from happening again. Depending on the nature of the issue, this could involve improving internal security measures, for example, or explaining to affected customers how to better protect their data.