KYC & AML – The 3 Main Considerations for 2021
Melissa UK Team | eIDV, Fraud Prevention, Identity Verification, Uncategorized
The continuing rise in digitalisation has led to businesses embracing digital operations. Online businesses saw an even bigger uplift during the pandemic as they enabled consumers to shop for their favourite brands, relatives to transfer money overseas and provided channels for consumers to communicate.
The growth in online activity has meant an increase in fraud. This will shape how we undertake ‘know your customer’ (KYC) activity and how much emphasis organisations will take to make sure the person on the other side the screen is really who they say there are.
Online identity verification is now becoming a widely utilised tool to accommodate digitalisation, with its market expecting to grow upwards towards 7.8 billion USD in 2021 and almost 19 billion USD by 2027.
As we enter 2021, we will see even more enterprises make the sudden shift to implement identity verification practices and move away from those traditional authentication methods such as passwords and security questions to stronger forms of identity verification.
Let’s take a look at some other considerations for 2021.
- New forms of fraudulent attack
The surge in conducting business online has driven fraudsters to develop new techniques. Businesses are set to be vulnerable for exploitation in 2021 with identity fraud firing upwards due to the acceleration of COVID-19. Statista states that attacks are set to increase by over 80% in 2021 with new means of fraudulent threats listed below.
Credential Stuffing – This is when usernames and passwords are stolen by automation methods and used to gain access to users accounts and private information. This threat has landed billions of login credentials into the hands of hackers, resulting in serious data breaches, spam, phishing, and account takeovers. This particular threat is common and has been around for several years, but fraudsters always seem to find new ways to obtain one’s information.
Replay Attacks – This attack is during the verification process when organisations are verifying and onboarding new customers. Fraudsters will make a few alternations to any one document before it is submitted multiple times in a session. This creates a bypass in one’s verification methods. This bypassing technique is usually practised across entities where online verification may be required and the same document, or documents, with minor alternations can be used.
Synthetic Identity Fraud – A relatively new form of identity theft where someone steals parts of real information and combines it with their own fake information, and in the process forms a whole new fraudulent identity for themselves. This identity can be used to open fake accounts, obtain credit, apply for loans, make purchases, and go as far as bypass tax returns and receive monetary and government benefits. This threat is often undetectable and highlights faults in today’s anti-fraud solutions.
COVID related scams – As the pandemic has taken the world by storm, a series of scamming opportunities have also followed, taking advantage of the vulnerability of the public. Fraudulent activity has spread with vaccine emails used for phishing attacks, peer to peer mobile scams, travel scams offering COVID-19 discounts, to data breaches in the healthcare sector.
One of the most common were fake websites selling much needed medical supplies, such as face masks, testing kits, ventilators and sanitisers. The Federal Trade Commission has stated over $16 million worth of these supplies never arrived at their intended destinations.
The offering of COVID-19 tests in exchange for personal details was also a large threat, using door to door visits, text messages and phone calls. The credentials given were then used towards medical ID theft and building fraudulent healthcare programmes.
- KYC/AML and overall compliance to become more rigid
The Sixth Anti-Money Laundering Directive (6AMLD) was planned for 2021, but due to increased fraudulent activity during the pandemic, led to its implementation in December 2020 in the EU.
The KYC and AML protocols claim to be an improvement from the previous 5AMLD. But despite the current climate with digitalisation rapidly growing, and COVID having a diverse effect on the way everyday business is now conducted, companies will need to start following even more directives as cybercriminals are finding more sophisticated ways of attack, and loopholes in the regulatory system.
The post-Brexit situation has also left businesses in the UK confused on which regulations to follow. The UK has been forced to follow the Sanction Act 2018 while the rest of the EU continues to adapt to 6AMLD, this difference in rules and regulations could make it challenging for businesses to perform those seamless customer onboarding checks, leading to implications and potential consequences, that force businesses to reconsider their KYC/AML measures.
Fortunately, as we continue to shift towards tighter compliance acts, digital KYC and AML solutions are keeping up, satisfying the needs of businesses for a while now. It’s only a matter of time before we start to see potential pitfalls beginning to emerge as we trade between two regulations.
- Retail, Finance, and Public sectors most targeted
It’s not a surprise that the retail sector is one of the most targeted for fraud. Increased eCommerce is opening up a wider pool of online consumers also attracted by the convenience of shopping online. As a result, fraudulent activity grows with credit card fraud, refund fraud, merchant fraud, card testing, chargebacks phishing and identity theft becoming common in this sector. Retailers should consider implementing consumer identity solutions to gain KYC knowledge to combat such threats. Address verification, IP location and sanction checks are a few to really consider.
The second is the financial sector. No doubt this is among the hardest-hit sectors in 2020. Financial institutions are always at risk, but suspicious activity has now become harder to catch because of the shift in spending behaviour due to the pandemic and overall online engagement. In our experience, the sudden surge in foreign exchange and transfers is attracting fraudulent attention, requiring more protection to safeguard businesses in this space.
The digital currency exchange market is another to look out for. The Forex market alone has the potential to be used as a wide platform for global money laundering. Therefore, the Forex industry must stay aware of AML & CFT vulnerabilities.
The same goes for cryptocurrencies that have gained a lot controversy since gaining popularity amongst traders and consumers. Due to its anonymous and transparent nature, it is easier for fraudulent activity and money laundering acts to pass through undetected. Technology Review highlights that approximately 2.8 Billion USD were laundered through using crypto exchanges. A significant rise from the previous year, with the pandemic a major driver in this.
Thirdly, is the public sector, which stems from the UK government’s response to COVID-19. The Policy Exchange states that this was mainly due to the novelty and speed by which new measures had to be introduced, such as assistance schemes and relief packages. The increased use of digital channels and third parties also raised opportunities for fraudsters to infiltrate the system.
COVID-19 has cost the UK government a lower bound of £1.3 billion in fraud and a potential upper bound of just under £8 billion, in light of total projected expenditure of £154.3 billion, excluding additional expenditure.
The Government has highlighted two types of threats which are expected to evolve as we pass through the pandemic and into 2021:
- First party application fraud – this is where an applicant for a government support scheme misrepresents their circumstances to become eligible. This can be done for government support payments or universal credit.
- Third-party impersonation fraud – this is typically when a third party acting as an individual or a business gains access to government data, account, and financing options. This was often used by cybercriminals impersonating a business and then applying for business support grants.
Fraudulent attacks have the power to disrupt any sector and there is no doubt that as we move toward a more digitalised world, more cyber threats will become inevitable. The pandemic has created even more opportunities for fraud, and it’s up businesses and enforcement teams to ensure correct measures are taken to protect customers.
It’s important consumers are aware of the potential scams in circulation, so are mindful when interacting on platforms that utilise transactions, payments, third parties and overall communication. From a business perspective, recognising the types of anti-fraud and know your customer solutions out there that can be tailored to their needs is critical. These technologies tend to be continually updated to meet all compliance regulations and combat any new potential forms of fraudulent activity as we enter 2021.