The smartphone as a mobile identity device
By Sarah Clark, senior vice president, global product management, Mitek
Digital transformation is disrupting the payments space.
Thanks to the prevalence of smartphones (77 percent of U.S. adults now own one), consumers not only have more payments options than ever before, they also have higher expectations for fast and frictionless transactions. From first enrollment to checkout and payment, consumers demand a seamless and extremely convenient experience. However, meeting these consumer expectations can be a challenge for payments companies, as they must comply with stringent anti-money laundering (AML) and know your customer (KYC) regulations requiring them to verify the identities of all their users.
Fortunately, new mobile technologies make it possible for payments companies to leverage consumers' smartphones as an identity device, enabling compliance with AML and KYC regulations while maintaining the superior user experience that consumers expect.
An increasingly strict regulatory environment
Over the past few years, AML and KYC regulations have become increasingly stringent, requiring obliged entities such as banks, prepaid card operators, digital currency processors, peer-to-peer payments platforms and others in the payments space to do more to help combat money laundering and terrorism financing.
At the same time, fines for non-compliance have continued to increase. In 2015, the payments platform and virtual currency provider, Ripple Labs, became the first company in the payments sector to be fined by the U.S. Department of Justice for neglecting AML measures. More recently, Western Union agreed to pay $586 million to settle criminal and civil charges that it willfully failed to maintain an effective AML program, aiding and abetting wire fraud. To avoid steep fines, payments companies must be sure they know who is opening an account and the level of risk that each person presents.
Adding further complication to the issue are the increases in synthetic identities and new account opening fraud in the market.
According to Javelin Strategy & Research, new account opening fraud increased 40 percent in 2016 to reach a record high. More than 1.8 million consumers that year had a new bank account or credit card opened under their name, without their knowledge. Due to numerous, large-scale data breaches like those that have recently occurred at Yahoo and Equifax, the problem is likely to increase.
Millions of consumers' personally identifiable information (PII) including birth dates, social security numbers, address and more are readily available to criminals who use them to create false identities and fraudulently open new accounts under others’ names. As a result, the methods most commonly used to verify new users' identities in the digital channel – methods that rely on PII and knowledge-based authentication (KBA) questions – are no longer effective.
Rethinking ID in the digital channel
Traditionally in the payments space, the most common way to verify a new customer’s identity was to have them visit a branch location to have their government-issued ID verified by an employee. But for mobile payments providers and others that operate entirely in the digital channel, the traditional method isn't an option, which is why they relied on PII and KBA questions in the first place. Fortunately, with advancements in computer vision, machine learning, biometrics and more, there are new solutions that make it easy for consumers to submit their identity documents and even biometric identifiers for verification through the digital channel.
With digital identity verification solutions, payments companies can have new users simply scan their government-issued ID using their smartphone camera.
Advanced machine learning algorithms are able to scan for security features to instantly determine if the document is authentic, and scan for traces if it has been tampered with or forged. Payments companies can even go a step further by having the consumer also use their smartphone camera to take a selfie. Using automated facial comparison technology, they can not only verify that the individual is a real person but also that the person submitting the selfie matches the person pictured on the ID.
Algorithms can even take into account potentially challenging ID photo quality and that the ID holder’s appearance may have changed since the ID photo was taken. This combination creates strong identity assurance through two factors of authentication: something the customer has (the ID) and something they are (biometric facial recognition). Payments companies can also leverage geolocation, carrier network data from users' mobile phones, and device reputation data for further identity assurance or to flag potential fraud.
These types of digital identity-proofing solutions are compliant with the latest AML and KYC regulations for payments. The European Union's 4.1AMLD regulation states: "Accurate identification and verification of data of natural and legal persons is essential for fighting money laundering or terrorist financing. Latest technical developments in the digitalization of transactions and payments enable a secure remote or electronic identification." Perhaps equally as important as compliance, these solutions provide a convenient and seamless experience for the user, allowing them to stay in the digital channel from start to finish.
As consumers increasingly conduct payments and other transactions entirely through the digital channel, businesses need to rethink how they approach identity verification. Fortunately, technologies like advanced mobile capture, computer vision, machine learning, biometrics and more, enable consumer's personal smartphones to be leveraged as an effective mobile identity device. This can provide assurance to companies in the payments sector that their customers are indeed who they claim to be.