More digital banking services mean more of an opportunity for identity theft. In the AML/KYC Tracker, Tom Curran, chief risk and compliance officer at Upgrade, explains how using data combined with biometric tech has helped reduce fraud at account opening in a secure, compliant way.
Financial institutions (FIs), digital banks and FinTechs are pressed to meet consumers’ growing demand for streamlined, interactive and trusted online banking services. As in-person onboarding procedures and account access give way to digital interactions, new security concerns have emerged — including greater risks for identity theft and online fraud.
“Technology innovation always brings new opportunities and risks,” said Tom Curran, chief risk and compliance officer at Upgrade, a San Francisco-based FinTech that offers affordable credit to mainstream consumers. “While the opportunities created by mobile banking and online lending are clear in terms of ease of use and access to affordable credit, there are new fraud risks, [such as] synthetic ID theft, that need to be addressed.”
In a recent interview with PYMNTS, Curran provided insights into the security challenges inherent in online banking innovation and how FIs and FinTechs are meeting the growing need to mitigate identity theft and online fraud while also complying with anti-money laundering (AML) and know your customer (KYC) regulatory requirements.
“Innovations [such as] [peer-to-peer (P2P)], real-time payments and digital wallets like Apple Pay, for example, have created new challenges,” Curran said. “With online fraudsters highly capable of covering their tracks, FinTechs and FIs need sophisticated real-time methods to identify [bad] actors within their environments.”
Adapting AML/KYC Practices to Meet Customer Growth
Upgrade has adapted its AML/KYC practices to address the increased security demands of its growing digital and mobile banking platform.
“Our fundamental approach to meeting our AML and KYC obligations has remained similar,” Curran said. “But as we’ve grown our customer base and product complexity, we’ve added additional layers of fraud detection and prevention.”
Curran said that since the company’s inception, Upgrade has leveraged credit underwriting data sources for fraud mitigation that are incorporated into its KYC process and can be relied upon as non-documentary sources to clear customer identification program (CIP) discrepancies.
By refining its custom rule sets, it has achieved efficiencies in leveraging internet protocol (IP) and device data, both in onboarding and in enhanced due diligence (EDD) reviews.
“There are situations where third-party fraud procedures are satisfied, but we are still interested in taking a closer look for KYC purposes,” Curran said. “We’ve also come to rely on data elements such as email address, phone number, IP and device data, which can provide insights throughout the customer lifecycle, not just at time of credit application.”
While FIs already adhere to AML/KYC requirements, best practices exist for companies to employ. Yet, the big question is how effective they are in meeting today’s online challenges. Curran said Upgrade has built a robust Bank Secrecy Act (BSA)/AML and sanctions program that mitigates its financial crime risks while helping enable its bank partners to meet their regulatory requirements.
“Our program utilizes a traditional BSA pillars approach while using innovative solutions where appropriate,” he said. “For example, we have a traditional automated transaction monitoring system with scenarios, rules and alerts, but we also use AI to identify anomalous behavior in larger patterns across our platform … and hone in on suspicious activity to investigate.”
The Benefits of Biometrics and Data-Centric AML/KYC
Upgrade employs data-centric AML/KYC methods and biometric technologies to strengthen its defenses against fraud more proactively.
“We make use of a wide data set [that includes] conventional CIP/KYC data, other ‘metadata’ IP and device data [and] biometric identifiers such as voice and speed/manner [when] adding customer info in the application process,” Curran said. “[This] has helped us be more proactive.”
Curran also acknowledged that perceived protection against security and fraud plays a critical role in the customer experience, as does having simple and easy transactions. That means online procedures to verify customers need to be secure, yet seamless.
“We take a risk-based approach in terms of adding friction to the customer experience, and generally attempt to build controls and processes behind the scenes wherever possible,” he said. “For example, while certain customer-facing requirements such as [multifactor authentication (MFA)] are table stakes for online access, having reasonable rules [for] cookie devices, where sensible, improves the overall customer experience.”
According to Curran, Upgrade leverages internal customer data, including pay history and declined/failed transaction data, to remove friction on customer transactions and applications — and, conversely, introduce friction where it anticipates fraud or account takeover risk is higher.
As with many digital banking providers, Upgrade must strike a balance between leveraging strong security to mitigate fraud and providing consumers with a frictionless online experience. Having the tools to manage this process is essential to maintaining customer trust and engagement.