Identity verification is a vital tool for neobanks to ensure compliance and minimize risk, but for maximum benefit it should be implemented as part of a carefully structured security approach.
Today's customers expect a range of services from their digital bank, whether it's replacing debit cards and credit cards or reviewing the details of a checking account. With the shift away from traditional banking in a physical branch, customers can be more flexible with their choice of banking accounts and money management; neobanks may offer different overdraft fees, an optimized mobile app , and more convenient online banking. That said, a real challenge occurs when neobanks must verify, for instance, a million customers in a short space of time, with a risk to their banking licenses if bad actors gain access to a legitimate platform.
As such, identity verification (IDV) should form the central element of your customer identification programme (CIP). As well as ensuring you know who your customers are and what their financial background is, accurate customer identification will help you monitor their financial activities once they’ve opened an account. However, to be truly effective, Know Your Customer (KYC) processes need to be implemented as part of a wider security strategy. Here are some tips for how to integrate IDV into your broader approach to online security.
Having identified your customer, you need to calculate the level of risk they pose to your business. As a neobank, you are likely to want to employ customer due diligence (CDD) for most customers, with high net worth and politically exposed persons subjected to more stringent enhanced due diligence (EDD) processes. Ensuring your approach to each individual is appropriate and proportional will ensure you meet your compliance obligations, while avoiding unnecessary costs and keeping conversion rates healthy. Technology provides invaluable tools to facilitate the due diligence process, but human vigilance may also be needed to make decisions regarding potential threats.
Measures to make sure you know your customer shouldn’t stop just because they’ve successfully passed your checks and opened an account. Ongoing screening and checking of customer transactions and data is vital to spot if their risk level changes or account activity becomes suspicious. By putting in place the right systems, you’ll receive alerts if anything unusual happens.
A 98% check automation rate gets customers through in about 6 seconds.
Real-time end user feedback and fewer steps gets 95% of users through on the first try.
An unmatched 10K+, and growing, government-issued IDs are covered.
Up to 30% more customer conversions with superior accuracy and user experience.
Veriff’s data-driven fraud detection is consistent, auditable, and reliably detects fraudulent forms of identification.
Veriff’s POA can grow with your company’s needs and keep up with times of increased user demand.
To ensure your processes are easy to understand, follow and review, you need to put written policies in place and make them available to both staff members and regulators. These should include information about what security processes you use, what reports you create, how you comply with relevant regulations, how you retain records, how often policies are reviewed and whether they have been independently audited.
When an issue such as account takeover occurs, you need to communicate the problem to affected customers in a way that’s both empathetic and transparent. Having a clear protocol in place will help make sure communications inspire confidence and reassure customers that you are in control of the situation. If required for compliance, you should also keep regulators informed of steps being taken to resolve the issue.
After a security incident has been addressed, you should conduct a thorough review of what happened and how effectively you responded as a business. This should help to assess how you can prevent the problem from happening again. Depending on the nature of the issue, this could involve improving internal security measures, for example, or explaining to affected customers how to better protect their data.