Do You Know Your Customers? Identity Verification in Financial Services

Do you know who your customers are? This sounds like a trick question, but it isn’t. Although organizations are required to have Know Your Customer (KYC) and Anti-Money Laundering (AML) checks baked into their interactions with customers, the degree of certainty around a customer’s identity isn’t always as high as it should be. Identity theft is a pervasive problem, and it leads to many challenges for banks, lenders, insurance carriers, and other financial institutions. Reported instances of fraudsters using stolen identity information to open new bank accounts under a victim's name grew by 32% in 2022 in the U.S. according to the FTC to over 110,000 cases – in each of these situations, the bank’s KYC/AML process failed. Meanwhile, in the UK, instances of credit card ID theft, where a criminal either opens a new card using a stolen identity or takes over a genuine account in good standing, were up 101% YoY midway through 2022 according to UK Finance, with a reported gross loss of £21.4m in the first half of 2022.

These financial crimes are costly to consumers and financial institutions alike. For financial services organizations, a failure to verify their customers’ identity in situations such as these carries a reputational cost, too – so it’s important to get it right. 

The financial costs of fraud are easier to quantify than the reputational costs, and unfortunately, they are quite significant. Financial services organizations spend over $4 resolving each $1 of fraud, with the actual amount varying slightly depending on the type of organization. Banks spend the most, with mortgage firms close behind, but regardless of the specific organization, the cost is significant enough that stopping fraud before loss occurs is imperative.

At Ping, we’ve written previously about an integrated approach to fraud prevention, as well as ATO fraud in financial services and how to prevent losses due to scams and social engineering. Fraud prevention is an architecture and not a product, and different types of fraud require different approaches. That said, identity proofing can be a powerful tool in a financial institution’s toolkit, helping defend against new account fraud, application fraud, card ID theft, and account takeover.

By implementing high-quality digital identity verification tools, an organization can protect itself and its customers while delivering a smooth customer experience that ensures users feel both happy and protected.

Leveraging identity verification throughout the customer journey allows financial services organizations to manage financial risk, identity risk, and compliance risk. While implementing a KYC process as part of customer onboarding is the obvious first step and ensures regulatory compliance, identity proofing brings value at various customer relationship stages.

Account Opening

When a new customer initiates their very first interaction with a financial institution, checking their identity is typically a part of the customer onboarding process. Checking a new customer’s stated identity against an official document such as a state-issued ID or passport should include not only matching the name and face on the document but also verifying the validity of that document. This greatly decreases the likelihood of a fraudster opening an account with a stolen or synthetic identity, and gives the financial institution confidence in the new customer’s intentions.

Borrowing Money

When a customer wants to borrow a significant sum of money, checking their identity should be a prerequisite for the release of funds. In some cases, the financial institution may be seeing the customer for the first time – for example, if the customer is applying for a mortgage through a lender that isn’t their main financial institution. In other cases, the customer may be well-known to the lender, but the request for funds could still be fraudulent if the account has been taken over. Whether verifying the customer’s identity for the first time, as in the case of account opening, or re-verifying an existing customer’s identity again before allowing them to access significant funds, identity proofing at this point in the customer journey can greatly reduce misappropriation of funds.

Wire Transfers

There are a variety of reasons that a customer may suddenly choose to make a large transfer, but checking their identity before sending the money through is frequently a good idea. Many financial institutions already step up authentication and require MFA before allowing large transfers, but re-verifying the user’s identity at this point can be a better way to shut down fraudsters. While this doesn’t protect against every type of fraud (see our breakdown of scams and social engineering for additional tips), identity proofing is a very effective way to stop fraudulent transfers that have been initiated as part of an account takeover.

In-Person Check Cashing

Many use cases center around purely digital interactions, but digital identity proofing can be very effective in stopping certain types of fraud that occur in bank branches every day. Whether the individual who comes to cash a check is an existing customer or not, utilizing an identity proofing tool to verify the legitimacy of that person’s ID document can mitigate the majority of in-person check fraud. In fact, Ping's estimate based on existing customer solution performance is that identity verification can reduce this sort of fraud by over 90% if implemented correctly.

Service and Support

Customers may require support for a broad range of reasons, and identity verification can help ensure that the employee offering the support doesn’t accidentally aid a fraudster in committing a financial crime. For things such as password resets, call center services, account closures, and disputes, it is imperative to know that the identity of the person requesting support matches the identity of the customer who owns the account. This protects customers against account takeover and stops fraudsters before they can do lasting harm.

Promoting Customers’ Financial Well-Being

This broad category of activities includes things such as opening college savings accounts, opening, renewing, or updating wealth plans and investments, and interacting with affiliate programs. In certain situations which the financial services organization considers sufficiently high risk, verifying the customer’s identity before proceeding can help protect both the customer and the financial institution.

Given the amount of risk it can mitigate, identity proofing is a must for financial institutions. That said, not all solutions are created equal. A good identity verification solution should allow you to quickly, reliably, and confidently ascertain two things: that the real-world identity exists, and that the person undergoing the proofing is the actual owner of that identity. The verification process should not be cumbersome for the customer – ideally, it should be carried out in real time and be just as easy as presenting an ID document to a teller in person.

Biometrics such as voice or facial recognition are a key part of identity proofing, but it is important to ensure that the tool in question has been tested for racial bias and can accurately match individuals of all skin tones, as some of the solutions on the market do this poorly. When it comes to identity documents, the solution should be able to verify the validity of the user’s government-issued ID, whether it is physical, like a passport, or digital, like a mobile driver’s license. Finally, a good identity verification tool should be able to match the face of the user to the face on the document – without bias – and perform a liveness check to decrease the likelihood of fraud. This liveness check prevents spoofing by confirming that the individual is alive and physically present at the time of the verification.

When organizations implement these tools, they must think about the appropriate moments in the customer lifecycle to incorporate the identity verification process. When interacting with financial services organizations, most customers will typically expect to verify their identity at least once, but even if the process is easy, it should not happen too frequently. ID proofing is a valuable component of the larger fraud prevention and risk management process, and it works best when it is integrated with other tools for fraud detection, authentication, and authorization. This integrated approach allows the financial organization to challenge users when it’s needed without overwhelming them with unnecessary security steps. Getting the balance right may take some trial and error, but the results are worth it.

Want to learn more about this topic and Ping’s approach to identity verification? Check out our webinar, Know Your Customers: the Power of Digital Identity for Financial Services, for a deeper dive.