KYC is for onboarding. But after that, can businesses trust they’re interacting with their real customers?
The FTC reported that nationwide fraud losses topped $10B in 2023. Between forged signatures, forged documents and forged activity online, there’s fraud everywhere. Fraud is impacting your business on all fronts, and now companies are the ones responsible for preventing it.
Nearly every day, we’re hearing stories about how fraud is destroying people’s lives. It’s happening all over the country.
- A California couple lost $49K after they wired money to a fraudster pretending to be a Chase bank employee. Another elderly Utah man lost $10K due to the same type of telephone spoofing scam.
- Elder fraud is a nationwide concern, with seniors losing $1.6B in financial crimes in 2022.
- A Missouri man had his mail stolen because a fraudster went online and changed the forwarding address. Then he was able to cash paper checks from the mail and steal the person’s identity to open a credit card.
- A 92-year-old Dallas woman’s identity was stolen and her house was sold without her knowledge. Property deed fraud is happening nationwide – Here are similar stories from New York, Arizona and Michigan.
What do all these types of fraud have in common? These examples demonstrate that fraud is happening throughout the entire customer lifecycle. Many people think that if you go through rigorous onboarding to get a username/password that subsequently makes every interaction with that company secure. In reality, the liability and damages are even higher when someone forges a signature or fraudulently gains access to an existing account.
Secure every touch point with the customer across the customer lifecycle, not just at onboarding
Most people expect that customer identity is verified once, when an account is opened or a customer is onboarded. Every interaction after that is only secured with a username and password. This process falls short, however, because usernames and passwords are too easy to compromise. Hundreds of millions of passwords have been exposed due to widespread data breaches on the internet. And, two-factor authentication is no longer secure, because fraudsters pretend to be the bank and call customers for the six digit code that the bank just texted them.
A business receives instructions from their customers every single day. This happens either because their customer clicks a button or they sign documents. When a customer clicks a button in an online portal to withdraw or transfer funds, how does a company really know who is clicking the button? When a bank receives a digital or physical document (ie. POAs or other directives) that instruct them to move money or make account changes, how can they trust that these artifacts are real? When a county recording office receives a deed, how can they trust it wasn’t forged? It’s becoming harder to know what’s real and what’s fake. And, physical documents aren’t any safer.
In our digital world, a simple document with an eSignature does not ensure that the identity of the signer is verified. You need evidence that proves that the signature was completed by the desired signer. The Financial Crimes Enforcement Network found in 2021, US financial institutions reported 1.6 million cases of identity-related fraud activities, equivalent to $212 billion in losses.
Companies are now realizing that every single interaction with their customers needs to be secured. Bad actors aren’t just making fake accounts.
- They’re stealing the credentials of real customers.
- They’re impersonating those customers and signing documents.
- They’re logging into customer portals and wiring money.
- They’re authorizing all sorts of critical transactions online.
Up until now, most people have assumed online business was safe because most online companies require a username and password to do business. We now know, however, that that’s not enough. Imagine a world where every instruction could be cryptographically verified with an identity before every important transaction. Imagine if a business could confirm that a specific person authorized this wire transfer, signed this power of attorney form, authorized this sale, etc. It’s about more than knowing your customer. It’s about trusting your customer.
But, businesses aren’t doing verification before all of these important transactions in a customer’s lifecycle. It’s impossible to ask customers to show ID every time they want to use the bank’s platform - it’s just too much friction. Banks also can’t implement, operate and manage a full suite of fraud or risk tools for every single button on their website. This is why fraudsters are winning.
Fraud is rising and consumers are unprotected. So, regulators are stepping in and writing legislation that puts the liability for fraud on businesses. Now, it’s your problem to solve. What’s happening is that financial institutions are now getting sued when fraud happens on their platform.
It's possible to have certainty with every customer interaction
The inevitable next question is how can businesses reliably add identity assurance to every single interaction? It’s impossible to achieve this if a business uses one system to verify wire authorization, another system to sign documents and another system to submit a loan application. Businesses can achieve certainty, by having a single identity layer that’s bound to any interaction. Businesses need one system whether a customer needs to sign, notarize, authorize, click or verify their identity.
Any universal identity layer needs to provide the following services:
- It needs to be a platform that understands state laws and has those requirements built in.
- It’s a platform that can be used to sign or notarize documents, and even perform identity verification when there’s nothing to sign.
- A platform’s identity verification methods must be be audited and certified (i.e. NIST IAL2)
- You need a dynamic customer experience so that customers can step up to a trusted agent in real time (like a notary) when a person’s identity is in question
- You need real-time fraud monitoring that takes in data (like email address age, IP location, ID verification and more) to determine if a signature is being forged
- A platform needs to furnish documents, evidence and artifacts provides proof a person authorized or signed, and these artifacts need to be cryptographically secure so they can’t be tampered with.
- Most of all, you need a platform that saves identity so a consumer does not have to scan their ID every single time they need to interact with your company.
This is why we’ve built Proof – to bring trust to every transaction on the internet. This is just the tip of the iceberg as far as rising concerns about fraud. Over the coming weeks, we’ll share a series of blog posts of the innovation we’re delivering in fighting fraud. Stay tuned.
.png)
.jpg)
.jpg)
%25202.jpeg)
