Thought Leadership
8 minutes

More than ever, it's crucial to keep your customers safe from threats and ensure they have a smooth payment experience. This is where Know-your-customer (KYC) and Strong Customer Authentication (SCA) come into play. 

We'll explore how these two processes can help you design a smooth customer experience and keep payments safe. Additionally, we’ll describe 3DS2 and tell you the difference between the K-Y terminologies (KYC, KYB, and KYT), and why they matter!

What is KYC?

What is KYC?: Verifying Customer Identity

KYC is a technology that is used to verify the identity of each customer before onboarding or accepting payments from them. This verification process helps prevent various fraudulent activities such as identity theft, money laundering, and ensures that all transactions are legitimate. For B2B businesses, financial institutions, and even some federal banks, it is mandatory to collect necessary identification documents like passports or address proofs to verify their customers' identities. 

This process, also known as Customer Identification Program (CIP), is a critical component of financial regulatory compliance. Like KYC, CIP involves collecting and verifying information about a customer's identity, such as their name, date of birth, address, and other identifying information. 

In addition, financial institutions also need to establish a Customer Acceptance Policy (CAP), which confirms the identity of a potential customer before agreeing to conduct business with them. Together, CAP and KYC form the foundation of a comprehensive customer due diligence program, helping to reduce the risk of financial crimes and ensure compliance with regulatory requirements.

In Europe, KYC holds particular significance as it is required to comply with the Anti-Money Laundering Directive (AMLD). By adhering to KYC protocols, businesses can safeguard themselves against fraudulent activities and maintain a secure and legitimate business environment.

What is SCA?

What is SCA?: Keeping Online Payments Safer

SCA, or Strong Customer Authentication, is a security measure that safeguards customers from fraudulent activities by employing two or more authentication factors in the process. As per the revised Payment Services Directive (PSD2), Strong Customer Authentication is a regulation that must be followed by all businesses operating in Europe. SCA is applicable to all customer-initiated online payments within Europe, as well as online card payments in the European Economic Area. To offer added layers of protection and liability guarantees, the latest version of 3DS2 has been introduced.

How KYC & SCA work together

How KYC & SCA Can Enhance Customer Experience 

KYC (Know Your Customer) and SCA (Strong Customer Authentication) play a significant role in keeping customers safe during online transactions. KYC helps businesses verify the identity of each customer before onboarding them or accepting payments from them. 

By collecting the necessary information to verify that the customer is genuine - such as a full form of ID, such as a passport, driving license, or address proof documents - businesses can prevent fraud, identity theft, money laundering, and other suspicious activities.

Both KYC and SCA help establish the true identity of transacting parties and customers, which helps businesses process payments faster and with more security. Additionally, businesses can design smoother and faster checkouts since they already have their customers' details. 

By knowing and understanding their customers' preferences, businesses can ensure hassle-free payments, leading to a better customer experience, repeat customers, and enhanced brand loyalty.

The Merging of KYC, KYT, and KYB

In the Anti-Money Laundering or Countering the Financing of Terrorism (AML/CFT) space, the merger of Know Your Customer (KYC), Know Your Transaction (KYT) and Know Your Business (KYB) is an emerging trend. 

KYC is the process of identifying and verifying the identity of customers, KYT is the process of monitoring and analyzing customer transactions for suspicious activities, and KYB is the process of verifying the identity of business entities. 

By merging these processes, businesses can create a more comprehensive and efficient AML/CFT program that covers the entire customer journey. This can help reduce the risk of financial crimes, improve compliance, and enhance customer trust.

Other popular KY-terminology can include, "Know your supplier" (KYS), also referred to as Know your Vendor. This is a program that is being followed by many businesses, to ensure that the quality and quantity of products purchased from suppliers are in line with their requirements.

What is 3DS2

3DS2: Basics, Benefits, and More

3D Secure 2.0 (3DS2) is an authentication protocol that provides several benefits to both merchants and customers. For merchants, 3DS2 helps reduce the risk of fraud and chargebacks, thus improving revenue and profitability. It also helps merchants comply with regulatory requirements, such as PSD2 (due to strong customer authentication). 

For customers, 3DS2 provides a frictionless and user-friendly authentication experience, reducing cart abandonment rates and improving customer satisfaction. Additionally, 3DS2 supports biometric authentication, providing an added layer of security and convenience.

When a cardholder makes a purchase, the merchant's 3D secure service provider sends an authentication request to the card issuer, who assesses the risk level of the transaction and may request additional verification from the customer. Authentication can be frictionless through the use of biometrics.

The protocol uses a three-domain model, including the acquirer domain, issuer domain, and interoperability domain, to verify the authenticity of the transaction. Merchants can activate 3DS2 by working with a service provider to integrate the protocol. 

The benefits of 3DS2 include increased authorization rates, enhanced customer experience, faster transaction times, and regulatory compliance. In Europe, 3DS2 is required for compliance with SCA regulations, and similar mandates have been adopted in Brazil and Australia. 

2023 Trends in KYC and SCA

In today's digital age, designing a smooth and secure customer experience (CX) is crucial for businesses, and incorporating Know Your Customer (KYC) and Strong Customer Authentication (SCA) can play a significant role in enhancing CX. As we move into 2023, several trends are emerging in the KYC space, such as e-KYC, AML, digital KYC, and forensic checks, leveraging biometric information, distributed ledgers, and AI. 

Biometric Authentication

One of the most significant trends is the use of biometric authentication, such as facial recognition and voice recognition, to enhance KYC processes. This provides an added layer of security and convenience, allowing for a smoother authentication process. 

Biometric Authentication

Artificial intelligence

The use of artificial intelligence (AI) and machine learning to automate KYC processes and reduce the need for manual intervention is gaining traction. This can help businesses save time and resources while improving the accuracy and efficiency of KYC processes. 

AI algorithms will continue to be used in forensic checks to authenticate uploaded documents during the digital onboarding process. These trends aim to enhance consumer identification and verification, mitigate fraud risk, prevent money laundering, and validate the authenticity of uploaded documents.

Additionally, current client screening tools have high false positives, but advanced ML/AI algorithms can analyze large amounts of data more accurately and detect fraud more effectively. However, it is necessary to have parameters to ensure that AI techniques operate within a contained and understandable framework.

Blockchain Technology

Another trend is the use of blockchain technology to create a shared KYC repository that can be accessed by multiple parties, thus reducing duplication and improving efficiency. This can also enhance security and privacy, as blockchain technology is known for its secure and tamper-proof nature.

eKYC

eKYC refers to the digitalization of KYC procedures, which enables remote, paperless verification of a customer's identity. It stands for Electronic Know Your Customer and is a cost-effective and less bureaucratic approach to traditional KYC processes.

Document-Free Verification

Document-free verification will become more widely adopted, allowing users to confirm their identity through a quick face authentication check. 

Stricter Global Requirements

Regulatory requirements will become even stricter worldwide, with more countries implementing the Travel Rule and stricter data protection measures. This means companies should prepare for increased scrutiny and ensure they are in compliance with regulatory requirements. 

For example, the expansion of KYC due diligence to include ESG factors. Regulatory organizations such as FATF are scrutinizing ESG violations more closely, and companies with poor ESG scores risk damaging their reputation. To address this, companies should incorporate ESG factors into their KYC practices by adapting existing questionnaires and business practices.

KYC Crypto regulations will also change, with similar regulations to Switzerland's new rule requiring identity verification for transactions over 1005 USD expected to be introduced in other countries.

KYC Crypto regulations

Verification Orchestration

Companies will need to personalize their KYC processes to different types of customers based on their characteristics. This can be achieved through verification orchestration, which allows companies to create user verification workflows tailored to specific risk scenarios.

Digital Identity in Daily Services

As we head into 2023, we can expect to see a further increase in the use of digital identity in daily services. To confirm identity, there will be a shift towards using passive biometry, which means an "always-on" mode of confirmed identity rather than a one-time face recognition check. Additionally, digital KYC verification, such as video-based and non-assisted modes, will gain greater acceptance for digital onboarding

Web 3.0

In addition, there will be further developments in Web 3.0 and related verification solutions. This will lead to the emergence of a new form of digital identity, and companies will need to develop new products to implement.

These changes present an opportunity for forward-thinking banks that can anticipate these shifts and take proactive steps to ensure compliance while providing a seamless CX. 

However, advanced fraud techniques are expected to continue in 2023, and companies must be prepared with robust anti-fraud measures that can detect and prevent these sophisticated fraudulent activities.

KYC as a Profit Center with Automated CLM

We predict that in 2023 we will continue to see the transformation of KYC from a cost center to a profit center. By providing better KYC experiences to attract and retain customers, fintech companies can turn KYC into a competitive advantage. Automated Contract Lifecycle Management tools (CLM) enable companies to gain a complete picture of their customers and offer the right products at the right time, ultimately providing more value to the customer.

Automated Contract Lifecycle Management tools (CLM)

Lessons Learned from KYC Failures

Danske Bank Estonia and Santander UK Plc are recent examples of financial institutions that faced significant penalties due to inadequate KYC measures and ineffective AML control frameworks.

In 2022, Danske Bank allowed high-risk customers to transfer large sums of money with little oversight, exposing the bank to financial and reputational damages. 

The same year, Santander UK failed to establish and maintain an effective risk-based AML control framework and failed to monitor transactions, allowing a money service business to operate through one of its accounts, resulting in a penalty of £108 million. These examples highlight the importance of ongoing KYC and transaction monitoring in reducing the risk of financial crimes and regulatory penalties.

In the past five years, similar KYC fails resulted in extremely high fines for banks such as BitMex, Commerzbank AG, Deutsche Bank AG, Skandinaviska Enskilda Banken, Goldman Sachs, and Westpac.

Ensure the highest level of KYC Compliance

To plan a strategy for KYC compliance, we recommend following a KYC Due Diligence checklist, such as the following: 

  1. Identify the customer and verify their true identity, which involves a strong customer identification procedure through collecting necessary information, checking if the customer is a politically exposed person or listed on the Sanctions List, and validating the ownership of the identity document with an image of the document and the customer.
  2. Assess customer requirements and risks, evaluate the possibility of the customer committing crimes such as money laundering or terrorist financing, estimate the risk of possible reputational damage, and obtain information on the reasoning and intended nature of the business relationship.
  3. Identify the beneficial owner and verify their identity.
  4. Perform ongoing monitoring and record-keeping, as it is crucial to investigate existing customers' activity and monitor it consistently, just as it is during the customer onboarding process.

KYC Checklist

 

Conclusion

As the trends in KYC compliance continue to evolve, companies should take a holistic approach and leverage new technologies to stay ahead of the curve. This presents an opportunity for forward-thinking banks that can anticipate these changes and take proactive steps to address them. 

By creating a next-generation KYC program with careful strategy and sustained effort, companies can achieve significant benefits such as reduced costs, risks, and fines, improved customer and employee experiences, and added revenue.

1. 3D Secure & 3D Secure 2.0 (3DS2): What You Must Know [2023] Pay
2. KYC, KYB, KYT: Know your K-Y terminology Alloy
3. Establishing Trust Anchors: The Link Between SCA and KYC Okay
4. KYC and withdrawing of the collected funds Digitevent
5. What is eKYC and why it is the future of Know Your Customer? ElectronicID
6. Establishing Trust Anchors: The Link Between SCA and KYC The Payments Association
7. SCA, Strong Customer Authentication: its role and how to implement it ElectronicID