PYMNTS-MonitorEdge-May-2024

COVID Leaves Lasting Impact On Digital KYC And AML Efforts

In the digital-first economy, criminals have been acquiring and honing various areas of expertise, scamming customers, the payments firms operating the infrastructure, and of course, merchants. Money laundering, money mules and other attack vectors are seizing on novice consumers pivoting to the internet to get everyday life done (and even receive their stimulus payments).

The story that has been influenced by the pandemic is being followed closely by many companies. As Garient Evans, senior vice president of identity solutions at Trulioo, and Max von Both, senior vice president of compliance at Paysafe, told PYMNTS, the impact of COVID-19 on anti-money laundering (AML) and know your customer (KYC) procedures has been significant, requiring stakeholders to embrace new strategies, new tech and a new way of thinking about data.

Bad actors are consistently evolving their methods and exploiting current events to perpetrate a host of nefarious activities. For instance, numerous schemes have been uncovered by the Department of Justice in which pandemic stimulus funds were applied for and obtained with stolen or fake identities.

Evans points to perpetrators using the identities of prisoners (who are ineligible to receive stimulus funds) to obtain unemployment benefits which then need to be laundered.

The bad actors have also been cobbling together new ways to attack. As a result, they said, application programming interface (API)-driven solutions are effective for helping firms gather and glean insight from new sources of data to verify users and ensure they are legitimate customers. It’s a series of attacks, at all levels, that may stop high growth firms from remaining, well, high growth. Crypto, said Evans, is fast becoming a conduit toward funneling illicit proceeds.

“I was speaking with a crypto broker, who told me that their KYC vendor, the vendor that was helping them with know your customer and verification services, actually told them to slow down and stop transacting so much,” said Evans. “Or they were at risk of turning off the service because the transaction volume was so high.”

The Need For Data 

To combat the fraudsters and their ever-shifting schemes — while shoring up AML and KYC defenses — Von Both said, “We need more data. We need more data sources. We need to be able to make sure that we understand who the good customers are and can differentiate them from the bad.”

The executives told PYMNTS that as a tremendous amount of activity has moved to mobile means, those mobile devices create telemetry that is highly useful for authenticating the consumer and finding risk. But those efforts can work most effectively with new data streams.

As Evans noted, “we don’t live in a singular world anymore — where you can focus just on local data sources.” Any firm, he said, is going to need global coverage to gain access to those data sources. Pre-built offerings, he said, can help enterprises tap into those data sources to ensure payments (and payers) are authenticated and authorized efficiently in real time.

“To do that on your own, as an enterprise, is challenging — it’s difficult to pull all of that together,” he said. Simply put, he said, ascertaining identity is not an easy problem to solve — whether it be to onboard a new customer or to complete a purchase.

Robust data sources could help create context around a customer, von Both said, examining everything from the devices they are using, to where they are using the devices and whether they are tapping or swiping their way through transactions. All of that information, harnessed, can create a user “persona” that, as von Both put it, can go beyond and above identity verification, improving the overall customer experience.

The verification process, of course, might add some friction into the process, but von Both was quick to point out that there exist different kinds of friction — good friction and bad.

“If you contextualize the friction for the consumer, that means you ask him or her at the right moment for the right information and they will understand that,” he said. “They will be willing to give [the requested information or permissions] to you.”

To get there — to have information flowing in the background, with the flow of commerce slowed only when necessary — demands that enterprises and providers recommend that there is no “one size fits all” solution out there.

Evans and von Both said onboarding and customer verification experiences across different experiences could vary across geographies. In the U.K., for example, consumers are relatively more patient with the online commerce experience than might be seen elsewhere — data show that less than half of them will abandon the digital onboarding experience, where that tally is more than 60 percent in the U.S.

“Culturally, if we build a process that might be good in one environment, we have to be sensitive, especially for global players, that there’s some demographic differences that might require us to be flexible and make some changes,” said Evans.

Looking ahead, strong customer authentication (SCA) implementations may be bumpy, said von Both. But as merchants strive to gain a balance between friction and fraud, said Evans, “it’s important to embrace new technology. The SCA is there to fill a gap in terms of clarifying what good, strong authentication is going to be because the first set of rules were built 20 plus years ago.”

As von Both told PYMNTS, “Every small step we add in the process does help us to become more effective and efficient in fighting fraud and AML … We constantly need to rethink our defense strategy and constantly need to develop the tools. This is really paramount in this constant battle.”

PYMNTS-MonitorEdge-May-2024