Banks and financial institutions subject to anti-money laundering and know your customer regulations are old hands at understanding the importance of ID verification. But as ID-Pal’s Colum Lyons sees it, ID verification is a load-bearing wall, regardless of industry.
While the pandemic accelerated digitalization to the benefit both of organizations and consumers, it also produced a new set of challenges. One of the most fundamental of these is not knowing for sure the true identity of the person with whom an organization is digitally transacting.
This has long been a top concern for financially regulated industries that need to comply with anti-money laundering and know your customer requirements, but it is just as urgent for e-commerce, healthcare, telecommunications and government entities to bring their identity verification processes up to speed, as it’s an essential building block both for trust, compliance and for protecting organizations from fraudsters.
Coping with the patchwork of global regulations is getting easier thanks to advances in technology.
AI & biometrics
AI enhances security by more thoroughly analyzing identifiers like watermarks, holograms and fonts, while also comparing the validity of biometric elements from live images and videos. Human error can be minimized or eliminated by using AI, while AI-powered identity verification services enable real-time authentication. By eliminating the stress and hassle of submitting documents, AI can make identity verification into a far more user-friendly experience. And while it can be argued that advances in AI gives criminals more tools to become bad actors, e.g. through the creation of audio and video deepfakes, expertly approached, advanced AI also has the potential to revolutionize combating fraud, particularly when it comes to liveness detection wherein a live user’s biometric data is matched to equivalent images stored in image databases.
Biometric recognition technologies further improve the user experience, answering to customers who are increasingly used to the convenience and instantaneous ease of digital services. Having been incorporated into everyday technology (e.g., signing onto mobile phones or laptops), biometrics are also being built into new identity verification platforms. These technologies have also gone a step further than fingerprints, face or iris to encompass behavioral patterns, for example recognizing a user’s keyboard strokes. And in turn, behavior-based identity verification is further refined as AI and machine learning algorithms are trained to detect anomalies.
Unleashing AI’s Potential in AML: Financial Institutions & Regulators Must Both Play a Role
So far, financial institutions are mostly using AI to improve the customer experience. But as Alex Roberto of Phaxis argues, there may be some good reasons why banks and other institutions aren’t yet embracing AI — their systems and technology won’t let them.
Read moreDetailsStreamlining a complex, multi-jurisdictional process
In the U.S. and beyond, a variety of regulatory controls focus on proper identity verification, requiring organizations to take a layered approach.
Between KYC compliance, AML and PEPs (politically exposed persons) and Sanctions lists, businesses are obligated to understand the profile of their clients, new members of an executive team, potential vendors or prospective partners.
Organizations that handle credit card data must also comply with Payment Card Industry Data Security Standard (PCI DSS), a set of security standards that measures the strength of access controls, encrypts sensitive data and regularly tests security systems.
A more specialized regional area of anti-fraud regulatory compliance is the EU’s GDPR, which applies to organizations that handle the personal data of EU citizens and requires them to implement measures to protect that data, such as obtaining consent for data processing, implementing appropriate security measures, and reporting data breaches.
Anti-fraud regulatory compliance is hindered by its lack of global standardization — regulations and the consequences for violating them vary greatly across borders. The U.S. does not have a direct equivalent to the GDPR. Federally, these responsibilities are diluted across four pieces of legislation: HIPAA, the Children’s Online Privacy Protection Act (COPPA), the Gramm-Leach-Bliley Act (GLBA) and the Fair Credit Reporting Act (FCRA).
Consequences for fraud exist across a spectrum, ranging from countries identified by Transparency International to have weak anti-fraud frameworks, lax enforcement and mild fines (Somalia, South Sudan, Syria) to Saudi Arabia, where the consequences for fraud can include lengthy imprisonment and burdensome fines.
A surprising number of U.S. businesses still use in-person verification or paper-based document checks, and the lack of centralized fraud prevention legislation is indicative of a larger trend, with responsibility fragmented across various federal and state agencies and strained communication between these agencies.
The lack of global regulatory standardization can further hinder manual identity verification processes, particularly for businesses participating across jurisdictions. A cumbersome identity verification infrastructure limits their ability to expand into new markets.
Colum Lyons is CEO of ID-Pal, an identity verification solution. Colum founded ID-Pal in 2016 after working as a stockbroker. He has over 20 years’ experience in the financial markets. 
