Fraud Prevention Blog

Oct 5, 2013 - The Bank of the Future — BSA and AML Compliance

Posted by Sean Trundy on Fri, Oct 04, 2013 @ 03:23 PM

This article was originally published on CBinsight.com

The Best Way to really "Know Your Customer"

Identity AuthenticationIf you are involved in bank operations management, then you already know that your bank is required to authenticate customer ID documents. Still many banks don’t do this well, and are exposed to compliance-related fines.

What if … You could enhance compliance and position your bank to attract new customers?

Here’s how you can do this:

  1. Authenticate a customer’s ID documents to ensure that the documents are genuine and the customer is who they claim.
  2. Create a biometric credential that allows positive authentication of that person

Customers feel safer knowing their accounts and identities are protected, and your bank stands apart from all the laggards. Plus, you fully meet compliance regulations and save money by preventing fraud.

Identify Theft is Increasing. Dramatically!

The tools that criminals utilize are becoming ever more sophisticated, and the technologies commonly used to identify customers and protect their valuable assets are outdated and easily compromised. Corporate networks being hacked, fraudulent cards presented by imposters, duplicate card data “skimming” devices, hidden cameras recording customer keystrokes and mag strip information being hijacked via Wi-Fi — It’s all happening and growing. Now is the time to enhance customer protection. Magnetic stripe cards, PIN codes, passwords and Social Security number crosschecks are not enough.

Customer confidence in the ability of banks and credit unions to protect their personal data is reaching all-time lows, and frustration is mounting as financial institutions continue losing ground in the battle to safeguard their customers’ identities and the assets they are charged to protect.  The amount of financial fraud losses realized globally in 2012 exceeded $200 billion, and a quarter of this – more than $50 billion annually - occurred in the United States. The financial services industry has struggled to keep-up with the rapidly changing and adapting world of Identity Fraud, and as a result has suffered a disproportionate amount of the losses.

Recent financial legislation, such as the amended Bank Secrecy Act, has placed strenuous compliance requirements on financial institutions to conduct identity authentication and to “know your customers”.   Yet, providers of financial products continue to offer increasingly convenient services and access capabilities such as mobile payments and online banking. Convenience and service are positive, but the need to protect customer identity grows. Equally concerning is the difficulty and complexity of setting-up programs to maintain compliance with legislative requirements to conduct customer authentication. 

Typical financial institution customer-identity practices involve a “confirmation” of identity by scrutinizing application data provided by applicants and correlating the data against third party databases. While this process is designed to protect the institution from fraud, in reality it creates multiple vulnerabilities that expose the institution to loss.

Sophisticated identity theft rings – often affiliated with multinational organized crime families - have modernized the industry and adopted the latest in technology to advance their capacity to collect genuine identity data, produce high-quality counterfeit documentation, and distribute their fully-assembled identity packages around the world. Apparently, “big data” is for criminals, too.

Many perpetrators of identity theft often know the person they are purporting to be, allowing them to reconstruct employment histories, mother’s maiden name and other security questions used to validate identification.  Factor-in the involvement of globally organized crime rings, and the capacity to construct fake identities capable of passing the standard “confirmation” process has become commonplace.

Best practices dictate not only that data provided on applications be verified, but that the identification documents presented by the customer be “authenticated” as genuine.

Document authentication and identity verification can be conducted at the point-of-transaction. Authentication of the document itself requires sophisticated electronic and optical forensic techniques. Optical analysis can verify the presence of expected security features and proper behavior of the document when subjected to various non-destructive tests. Embedded data acquired from chips, digital watermarks, barcodes, magnetic/optical stripes and printed text is verified and crosschecked to verify integrity and consistency. Security technologies such as digital watermarks are very effective in detecting common ID tampering techniques such as photo substitution.

Biometric IdentityAfter authentication of the Identity Document has been conducted, it is now possible to create a verifiable credential that will allow your organization to definitively identify the individual who originally presented the authenticated ID document.  This “personal credentialing” is conducted via biometric data capture.  By credentialing your customers using biometric signatures, you can ensure that you “know your customer” every time they conduct a transaction in your facilities.

Here’s the best part. The technology is affordable today. The cost to implement these solutions may be recovered quickly through savings provided from fraud prevention.

Compliance To The Bank Secrecy Act

Topics: regulatory compliance, red flag rules, anti-money laundering, ID Verification

Discussions