Identity verification: risk, compliance and value
July 2019 | TALKINGPOINT | BANKING & FINANCE
Financier Worldwide Magazine
July 2019 Issue
FW speaks with Henry Thomas, Darnell Walker, Gus Tomlinson, David Thomas and Adam Hancox at GBG Plc, about the risk, compliance and value issues surrounding identity verification.
FW: Could you outline why the financial services (FS) industry needs robust, effective identity verification technology more than ever?
H. Thomas: Financial services (FS) websites have the highest abandonment rate of any sector, at 83.6 percent. Disruptors in the FS sector have set the bar for onboarding experiences, so incumbents cannot rely on the same old compliance and fraud processes anymore. Instead, they should embrace new technologies and focus on experience, which is key in consumers’ decision making. Faster, slicker and more engaging experiences with robust fraud and compliance checks are what is needed to minimise abandonment.
Walker: Regulation has been the traditional driver for FS firms adopting identity verification systems, but as markets get more competitive, businesses are looking to differentiate themselves from the competition. Maximising onboarding rates is becoming as important as the need to comply with regulations, and avoid fines.
Tomlinson: Traditionally, the data used to verify an identity was an online version of offline checks, credit and government. Although at one time effective, today the increasing sophistication of fraud, means any company onboarding identities online must layer their identity checks. As a result of stolen identity data, the number of synthetic identities that have been created means that companies must use technology that supports multiple data sets, verifying not only static data but dynamic, digital and behavioural data, making sure that they are confident that they are dealing with the true identity.
D. Thomas: Customers are not satisfied with in-person registration these days. They make a decision about whether or not to take your product or service in seconds – and financial services needs to facilitate those decisions with instant, compliant verification. Too often, a lack of third-party data means customers have to present traditional identity documents to staff in-store. These workers have a tough enough job without the added responsibility of spotting fake documents – they need accurate document fraud detection systems with robust software. FinTechs are providing better experiences and traditional firms need the smoothest, most accurate solutions to remain competitive.
Hancox: Fraud is not going away. In fact, it is getting more sophisticated. Trends in macro-digitalisation are presenting greater opportunities for fraudsters too, as will the spread of open application program interfaces (APIs) and initiatives like Open Banking. More than ever, financial institutions need a trusted market expert with a deep understanding of their business challenges and opportunities to partner with them now and into the future.
FW: To what extent do identity verification processes need to prioritise convenience, speed and instant gratification for end users?
H. Thomas: The FS market has changed dramatically. Today’s market is driven by millennials who are less brand loyal, far more willing to switch providers and have high expectations when it comes to onboarding. Newer FinTechs and financial institutions have been transforming expectations within the FS market by offering engaging, app-driven, low-friction experiences with instant results – for example, reducing the process of opening a bank account to a matter of minutes. The numbers speak for themselves: 38 percent of millennials abandoned mobile banking activities due to a long, poorly designed process.
Walker: People expect speed and convenience because they get it in other sectors, like retail. They do not make a distinction between sectors, and so financial services must meet their high expectations. This means minimising data capture and making the experience as effortless as possible. Of course, as a business you want to offer this, but you also want to meet your regulatory requirements and achieve good match rates. This requires good data sets and clever user experience (UX) decisions. For example, in riskier markets where customers still expect instant access, companies can allow users to open an account instantly, but limit the features they can access to allow time for verification.
Tomlinson: Identity verification must be practically instant for onboarding, or else the risk of abandonment increases. There are four categories of data when it comes to verification. First, data a user knows, such as date of birth and phone number. Second, data they have within reach, such as a driving licence. Third, data they need to find, such as a mortgage statement. Finally, data on their behaviour and activity, such as biometrics. When you combine them with excellent UX, you create a fantastic UX and beat fraud.
D. Thomas: Today’s customers want to align their choice with their action. If they have decided upon a specific service, they want to consume it immediately. The inconvenience of having to visit a branch is simply no longer acceptable. These days we can order a product online and have it delivered in hours. Customers expect the same from their financial providers. They have no understanding or appreciation of compliance needs, so they expect to transact immediately.
Hancox: Consumer-grade experiences – such as beautiful UX and design, flexible APIs, high availability and instant response time – are no longer the exclusive domain of business-to-consumer (B2C) and technology disruptor brands. Users of all products and technology now expect great UX. Therefore, the drivers of brand loyalty are evolving. The challenge and opportunity is to seamlessly blend together the need for trust, security and accuracy with speed and convenience.
FW: How are more demanding government regulations presenting challenges for identity verification? What are some of the major principles, provisions and requirements that have been introduced in recent years?
H. Thomas: Government regulations are continually changing and updating, becoming more stringent all the time and covering more and more sectors. Through efforts to comply with these regulations, FS providers run the risk of introducing friction to their onboarding journeys and seriously impacting their registration rates as journey abandonment surges. However, viewed through another lens, with well-thought-out UX planning and leveraging of the right technology, service providers have the opportunity to delight customers with engaging, low-friction onboarding experiences that still comply with all required legislation.
Walker: GDPR has forced many data aggregators to change the way they collect data and handle historic data. For those in the business of identity verification, it has reinforced the need for thorough due diligence on data suppliers to make sure the information has been gathered and processed lawfully. Changes to anti-money laundering (AML) regulations require annual screening or ongoing monitoring of individuals. Technology can be used to automate this process without impacting the customer experience.
Tomlinson: Government and industry regulations are starting to reflect the online world. They are expecting you to combine different data sets to provide assurance on an identity. This often leads to poor experiences where companies implement bad processes. But the right technology and user journey can provide security to the customer and protection to the organisation. The introduction of the General Data Protection Regulation (GDPR) has impacted the data industry, but all we have seen is a positive impact. Compliant data sourcing makes it easier for customers and consumers to trust service providers.
D. Thomas: The EU’s Fifth Anti-Money Laundering Directive (5AMLD) builds on the foundations of its predecessor, 4AMLD, and affects identity verification in a few ways. Firms will have to carry out Know Your Customer (KYC) checks on more customers. For example, customer due diligence (CDD) checks will need to be carried out on customers who apply for prepaid cards or mobile wallets when funds exceed €150. Payment service providers will also have to verify the identities of customers who make remote payments. If the customer is outside of the EU, enhanced CDD will be required – particularly in countries where AML laws are less strict than the UK’s. Cryptocurrencies, estate agents, free ports and art dealers all have new or enhanced CDD thresholds. AML regulations protect individuals and businesses, however adding AML checks into customer onboarding journeys can add friction. High-quality data and document checks are key to balancing customer experience and compliance obligations. There is a more thorough understanding by regulators of the need to ensure not only the eligibility of the customer to transact, but also that no misrepresentation of that customer has taken place.
Hancox: Open Banking will drive innovation by allowing third parties to make peer-to-peer transactions via open APIs. These APIs will allow users to share their financial data with third parties, which makes Open Banking a viable additional layer of identity verification, although it comes with the need for strong customer authentication (SCA). At minimum, this involves two-factor authentication. SCA can cause friction, so it is crucial that businesses think carefully about what they implement, and how they do it. Ultimately, it is all about striking the right balance between security and convenience. Get it wrong and you lose money – either through fraud or abandonment. Get it right, however, and you maximise your potential and minimise your risk. Finally, it is not always a ‘one-size-fits-all approach’. Different channels and markets require different approaches to the balance between the security and convenience continuum.
FW: How hard is it to strike a balance between achieving regulatory compliance and ensuring a positive user experience (UX)? What are some of the common pitfalls to avoid?
H. Thomas: Compliance and UX are not at odds with each other. You strike a balance with the right UX implementation. Your user interface (UI) must work hard to prevent customers from making mistakes that could result in a failed identity verification. Guide your users as much as you can, use clear labels for your input fields, use micro copy to provide hints to the right data, and add more information links to provide detailed insight into the data you are looking for. By prompting your users for the best, most accurate data, you maximise the likelihood of achieving good identity matches first time, avoiding the need for delays and speeding up that customer’s time to onboard.
Walker: Regulation can be open to interpretation, which means some businesses are erring on the side of caution and going beyond their regulatory requirements to avoid risking fines. This means they could be adding unnecessary friction to their customer experience. Different businesses have different levels of risk aversion too. For example, FinTechs cannot leverage their brand names, so they focus on UX and the resulting word of mouth, potentially at the expense of compliance. On the other hand, you have incumbents with strong brand recognition that are not so reliant on customer experience – but even they are starting to spin up ‘new’ brands that pose as cool challengers focused on giving customers new experiences.
Tomlinson: Choosing a reputable data supplier with GDPR-compliant collection and processing is essential. If you operate across borders, it is also important to optimise forms so that you can optimise matches with reference databases.
D. Thomas: There seems to be a perception that regulatory compliance somehow prevents a genuinely positive experience in the financial space. But this is not necessarily the case. There is a sense of credibility that comes from a professional and regimented approach to onboarding in a compliant manner, and this is, more often than not, understood by the client. That said, getting that process right the first time, and avoiding unnecessary steps or repetition, is absolutely crucial. Consent is key. Making a customer acutely aware that its document data will be matched against third-party databases and obtaining express permission will allow checks to take place in the background. This creates a near zero-footprint UX, which some consider to be the best UX possible.
Hancox: To get the balance right you should choose an identity verification supplier with a proven track record that provides a variety of identity layer data sets and technologies you can customise to your needs – including your customer profiles, your organisation’s attitude to risk and your regulatory requirements.
FW: In your opinion, what are the key components of an optimal identity verification and customer onboarding process?
H. Thomas: There are many things that go together to make an optimal onboarding process. Ultimately, you are trying to achieve an onboarding journey that is as quick and frictionless as possible, while maintaining the trust of your customer. Ensure you ask for only the data you actually require to perform your checks. Customers are becoming more protective of their data, and less willing to hand it over without reason. Communication is key. Keep the user informed about why you are collecting their data, and why you have a legitimate need to perform the checks. Put your process in a logical order, consider what information your user will probably know, what information they will have close to hand, and what information they will probably need to go away to find. Prioritise the first, and try to avoid the last if at all possible. Use progress bars or step indicators to demonstrate the length of the process, and give the user light at the end of the tunnel. Your customer is giving up their time to complete your onboarding journey, so keep them informed about how long it will take. Finally, try to offer instant decisions where you can, but for those times where this is simply not possible, make sure to keep your user informed about why there has to be a delay, and how long they will likely be waiting.
Walker: Regardless of your offering, you need a fast onboarding process in line with your business requirements and taking into account your organisation’s attitude to risk. What checks your process includes will depend on your offering. In some instances, silent background document checks may be the optimal journey where documents lead to high abandonment rates. And alternatively, tech-savvy millennials may prefer to capture an image of their ID rather than type. Whatever the case, the best approach is to test your chosen process with customers and refine it over time.
Tomlinson: A smooth onboarding process happens when a company achieves the right level of friction. In FS, customers often like to have the peace of mind that they are signing up with a trusted and reliable bank, but at the same time it needs to be seamless and quick. It is advisable to combine the collection of data and processing of checks that are obvious, with a number of behind the scenes checks that not only provide a yes or no, but confidence in the validity of the identity.
D. Thomas: Onboarding often requires the capture of many fields. This is time-consuming and prone to error. Using the ‘camera as a keyboard’ can drastically reduce the amount of time capturing often repeated fields. When scanning documents, there should seldom be a need to ask the user what document they are scanning or whether the image is in focus, since solid AI can make that determination for them seamlessly. Communication, both textual and visual, needs to be concise, imperative and informative. Users are drawn to the next step, meaning the call-to-action should be unequivocal.
Hancox: Technology is the future, but there is still a place for humans in the onboarding experience. Machine learning (ML) improves decisioning. Augmented intelligence in UIs can recommend the best setup and rules for businesses’ needs and flexible templates or journeys, to help customers create seamless omnichannel experiences. Alongside the technology, digital experts use data to drive better insight into the conversion funnel and digital tooling to continuously improve the conversion funnel through conversion rate optimisation (CRO) techniques.
FW: Why is it so important for FS firms to invest in new technologies? What kinds of technologies should be considered?
H. Thomas: As methods of fraud and other financial crime increase in sophistication and complexity, it is increasingly important for financial service providers to keep up with the latest in anti-fraud technologies. It is also important to adapt your technologies and tools to the environment in which they are being used. For example, consider a bank that offers an app-based onboarding journey. Liveness checks that involve speaking aloud while looking at your phone might not be appropriate if the user is in a public place, so giving the option of further database checks instead might help to avoid drop off in your onboarding journey.
Walker: There is a danger of standing still while others innovate. You can see this happening in traditional financial services, where there is a risk of losing market share to FinTechs harnessing technology to offer better customer experiences. When developing your customer experiences, reduce your risk by testing new approaches on a single product or service before rolling out successful changes across your portfolio.
Tomlinson: Data is constantly evolving and changing, and so too is fraudsters’ ability to steal or fake this data. To be confident in your processes, you need to layer data checks and approach your process with a holistic view.
D. Thomas: There are two distinct groups that will interact with financial firms’ software and attempt to onboard themselves: legitimate customers and fraudsters. Both invest in the newest consumer technology and expect their chosen financial institution to do the same. Subconsciously, users feel more confident using a responsive system that performs at their speed, rather than lagging behind and preventing the user from transacting. With technological investment comes the ability to leverage the best technological solutions the industry has to offer. Staying ahead of the tech curve allows financial institutions to take advantage of enhanced biometric reading capabilities, such as iris, fingerprint and vocal authentication.
Hancox: Technologies are important, but choosing a supplier with a strong roadmap and R&D team is the most important thing. You want a team that continually researches and tests new technologies, but also has a proven reputation in identity verification. This will help you stay a step ahead of fraudsters.
FW: Going forward, what advice would you offer to FS firms on ensuring that they can adapt their products and processes to new regulations and advancing technologies? In today’s market, how much does staying competitive rely on being agile?
H. Thomas: The advancement of online services, for everything from doing laundry to buying a house, has created a modern market with high expectations when it comes to smooth, frictionless and instant onboarding experiences. It is also a market that is increasingly educated about its ability to shop around. What this means is that every company, particularly service companies, have to be tech companies in some shape or form, having to run just to stand still. That means moving fast, experimenting, and most importantly, keeping the customer at the centre of your experience. Firms should treat their digital journeys as first-class citizens, leverage the best in class technologies, and think outside the box to turn their customers’ journeys around from being long, disconnected and dull, to experiences that genuinely delight their users.
Walker: Being agile is critical, because with low barriers to entry and the ability to outsource functions more easily than ever before, there is little to stop a one-man band from growing rapidly and becoming a threat. Staying ahead of regulatory changes is not just about avoiding fines, it also stops you from falling behind your competition. Look to other sectors and see how they are onboarding customers. Understand that consumers do not differentiate between sectors and expect an FS company’s experience to be as good as a retailer’s.
Tomlinson: Invest in a technology that is flexible. When regulations and fraud change, you need to be able to update your solutions to mirror this. Layer checks and use triggers in workflows to increase the friction when necessary. Ensure you choose a supplier that does not rely on a single source or technology for identity verification. One solution will never be able to keep you compliant with all regulations or verify the identity of every one of your customers.
D. Thomas: Some financial institutions are reluctant to change. Adopting a more agile approach will make a company more proactive and less reactive. Take the advice made available to you by those that have become or are quickly becoming industry leaders. They have likely come across most of the challenges you face and will be collaboratively involved in crafting a solution for you. Adopt a customer-centric and customer-first approach. The rest will follow. Build your solution around these guiding principles and your customers will reward you with their loyalty.
Hancox: Legacy systems are hard to update and can be a big risk to your business as more agile companies enter the market. Build in agility by investing in flexible technologies. Regulation is an evolving landscape and your identity verification solution and supplier checks needs to evolve with it. Focus on integrations and partners. We no longer need to solve every business issue ourselves and can work with strategic partners. Develop a relationship with a partner you can trust to handle the regulation, communicate with you any changes and integrate seamlessly.
Henry Thomas leads the User Experience (UX) Team to optimise GBG solutions for the best experience for its clients and for their customer base using GBG’s technology to minimise friction and maximise onboarding rates. He can be contacted on +44 (0)1905 888 624 or by email: firstname.lastname@example.org.
Darnell Walker specialises in helping global mid-market and corporate sized compliance-driven organisations with the requirement for electronic ID verification for age, identity and anti-money laundering purposes. He also helps clients in regulated and non-regulated markets to improve and refine their onboarding processes. He can be contacted on +44 (0)7508 179 938 or by email: email@example.com.
Gus Tomlinson focuses on today and tomorrow, helping drive business decisions that support GBG’s vision to be the global leader in identity data intelligence, specialising in location, identity and fraud. She can be contacted on +44 (0)7740 759 236 or by email: firstname.lastname@example.org.
David Thomas is the Product Owner for IDscan Biometrics at GBG and a self-confessed ‘identity geek’. His goal is to optimise GBG solutions to meet the growing demand for verifying people in the online world. He has been a part of the tech industry for over a decade now and is continuously inspired to create and apply solutions to ‘real world problems’ using smart tech. He can be contacted on +44 (0) 7415 857092 or by email: email@example.com.
Adam Hancox has responsibility for GBG’s product portfolio, product marketing functions and the UX function in an industry that is rapidly growing. He focuses on delivering joined-up propositions for customers with increasing quality and pace, with the innovative use of the latest technologies. He can be contacted on +44 (0)7956 069 088 or by email: firstname.lastname@example.org.
© Financier Worldwide