Ana Lucia Salazar, Senior Sales Manager, UK&I, EU

It was perhaps inevitable that as the world took a quantum leap forward in its digital transformation, cybercrime would be close behind. The rapidly expanding digital footprint of both individuals and organisations has given fraudsters greater opportunities to attack and profit from. One report suggests that 30 billion data records were stolen in 2020 – more than in the previous 15 years combined.

It’s not just records, either. Cyber-attacks looking to mimic individuals to gain access to personal information (predominantly financial) has risen – the IDnow Identity Fraud 2021 trend report found that between March and June 2020, there was a 231% increase in similarity fraud, a 180% increase in fake ID usage, and a 75% surge in social engineering.

Security in a contactless world

This is only going to increase. Even when businesses reopen again, there are numerous indicators that life is going to be a more remote, contactless experience – from more online transactions to the greater deployment of hybrid working, and even the preference for digital payments over cash. All of this requires more technology to function effectively, particularly collaboration tools.

Yet at the same time, this new environment requires a source of trust, one of them being making sure people are who they say they are. Whether starting a new job or applying for financial products, more transactions that once had to have in-person interactions are now fully virtual. Now more than ever, it is crucial for businesses to know that they are dealing with a real person.

At the same time, organisations are expected to keep delivering an outstanding customer experience. So, they have to ensure that their processes have the right balance that fulfills the evolving compliance and security requirements such as KYC (know your customer) and AML (anti-money laundering) checks, whilst still ensuring simple, easy to navigate transactions.

Online verification for instantaneous experiences

Due to the challenges cited above, companies have had to deploy innovative technologies which deliver complete protection without hampering that intuitive experience. A critical part of doing this is via online identity verification.

Consumers expect digital onboarding to be performed in real time, while still being safe, secure and easy to use. However,  because businesses are dealing with sensitive personal information, they have to deploy technology that guarantees the right level of security, that the systems are robust to prevent fraudsters  entering their systems and that they are quick and efficient, in a manner that can scale and supports, rather than undermines, the overall customer experience.

The KYC process aims to ensure that customers are genuine. It also assesses and monitors risks which are an integral part of preventing and identifying money laundering, terrorist financing and other criminal activities such as identity fraud. The digitisation of KYC procedures has revolutionised the way in which institutions verify and validate a customer’s ID and how they now leverage the use of biometric data to perform these checks within minutes, versus hours or days.

New technologies are meeting the requirements of both regulators and market players in the digital era. Yet this does not mean regulators do not need to keep pace with the rate of change themselves. A study found that “92% of organisations think they will feel a negative impact if regulators fail to evolve within three years,” highlighting fears that increased regulation equals diminishing opportunities for innovation.

It’s not hard to see why. Staying compliant with regulation is resource intensive – in finance alone, $270 billion per year is spent on compliance and regulation, about 10% of operating cost.

Facilitating innovation with better regulation

How can regulators help ensure the protection of consumers’ personal data? One area that needs improvement is standardisation of data collection. Toward this end, if the status quo is applied for information gathering- and compliance processes were automated, recorded and streamlined – it would eliminate duplicating effort across a variety of industries. If the same biometric data is deemed necessary to apply for a passport, open a bank account and verify an individual’s right to work in a specific country, the same information could be saved and shared in a secure and compliant manner as required. This type of change to the regulation process would reduce effort, as the example above demonstrated, and it would bring various digital verification tools into the mainstream.

In addition to biometrics, liveness checks should be utilised more widely. These checks could employ the use of biological identifiers, such as fingerprints and selfies and, when used in conjunction with a liveness detection programme, would ensure that the person is in fact a real human being, and stop any types of spoofing attacks – such as faux human body parts – to beat the system.  The identity verification processes should still have a human overview to complement the use of technology to ensure that it is both accurate and fair. In some instances, this is a regulatory requirement – the EU’s General Data Protection Regulation, for instance, notes that a decision to fail a person cannot be determined by a machine alone, but has to be supported by humans as well.

There’s also an opportunity for regulators to automate how they gather, analyse and approve company submissions, which significantly accelerates an onerous process. In an increasingly automated digital world, regulators must be up ahead of the proverbial curve, and the new regulations have to compliment the latest innovations in the market. Automated solutions and a certain “freedom of choice” when it comes to identity methods are the future as users demand increased flexibility and efficiency.

Regulators are already taking steps to support the innovation required. While the stereotypical regulatory body might be one that looks for opportunities to say no, the likes of the UK’s Financial Conduct Authority have recognised the need to innovate, both for themselves and the wider industry. In this instance, regulators are no longer the guardians of compliance; they are very much the facilitators of innovation, supporting businesses to offer a better experience to customers without risking security.

Beating sophisticated attackers with innovation

As the world goes ever more digital, the opportunities for bad actors are only going to increase. They will keep winning if businesses and individuals deploy analogue tactics to fight them. By incorporating sophisticated technology of online identity verification, companies can protect customers without compromising the user experience. Regulators recognise their role in helping businesses strike the right balance. In doing so, they are helping facilitate innovation without compromising data.