Professional Documents
Culture Documents
How confident are you that you really know your customer when they’re
new to your business, not physically present and you can only see
scanned copies of their identity documents? How do you detect the
unusual when everything is unusual?
In a world where face-to-face contact is limited and adoption of digital channels has been a necessity for most, this guide
focuses on ways in which you can protect your business and improve customer experience.
The pressure is on.
The pandemic has disrupted business and has taken the world online
almost overnight. Businesses are up against it:
They need to maintain They need to cope with They need to maximise They need to protect
operations in a digital significant surges in business volumes and their business,
first environment. online activity. onboard new customers reputation and
efficiently as financial customers against a
pressures increase. rising threat of fraud
and financial crime,
whilst many staff
work remotely.
All of this needs to be achieved in an environment where businesses are potentially under-staffed and may well be running at a loss.
Whilst a lot of UK businesses were digital ready and set up to manage customer relationships online when lockdown began, many hadn’t
anticipated anything like the volumes they were subsequently exposed to. Other businesses were less well prepared to operate digitally
and had to make more of a transition.
Consumers, young and old, digitally astute and new to digital, moved online – some for the first time, others simply increasing their
existing usage – for banking, shopping and entertainment. During the first week of the UK government’s lockdown, network traffic across
the UK’s fixed broadband networks went up by a fifth1 with the average time spent online reaching record levels by April 20201.
All of this resulted in a dramatic increase in online registrations and new account creations for many businesses.
1. https://www.ofcom.org.uk/__data/assets/pdf_file/0027/196407/online-nation-2020-report.pdf
Coping with an explosion in online registrations.
Since March 2020, there have been huge spikes in online registrations, new account
£16.6m 6
creations and payment transactions, particularly for banks, ecommerce merchants and The value of online shopping fraud losses
online media and entertainment companies: reported to Action Fraud during lockdown.
All of these sectors – and many others – face a similar challenge: how to onboard and serve trusted customers, reliably, with the least amount of
friction, whilst also protecting them from the threat of fraud?
In normal times this is challenging, but even more so against the backdrop of the most turbulent operating environment in living memory, and
fraudsters and criminals seeking to capitalise on the crisis whether it be through counterfeiting, scams or cybercrime.
Action Fraud has reported over 16,0006 people in the UK have been victims of online shopping or auction fraud since shops shut on the 23rd March,
2020. They have also received reports of £16.6m6 having been lost to online shopping fraud since lockdown commenced.
2. https://home.kpmg/uk/en/home/media/press-releases/2020/05/brc-kpmg-retail-sales-monitor-april-2020.html
3. https://www.businessinsider.com/tsb-sees-mobile-signups-triple-since-lockdown-2020-6?r=US&IR=T
4. https://www.forbes.com/sites/markbeech/2020/03/25/covid-19-pushes-up-internet-use-70-streaming-more-than-12-first-figures-reveal/
5. https://www.thecork.ie/2020/06/06/online-gambling-trending-upwards-in-q1-2020/
6. https://www.actionfraud.police.uk/alert/over-16-million-lost-to-online-shopping-fraud-during-lockdown-with-people-aged-18-26-most-at-risk
From a distance: the challenges of onboarding new customers remotely.
For most businesses, the focus throughout the COVID-19 pandemic has been of accessing goods and services7 and that convenience may well replace
on ensuring continuity and finding ways to adapt and improve onboarding necessity as a reason for using online tools. Digital is here to stay.
systems and controls to be more effective, and easier to use, particularly
This is a real opportunity for business, but also represents a real challenge,
given the constraints of lockdown.
particularly in a competitive market where customers are looking for
And the move to digital is unlikely to be temporary. As lockdown eases, there convenient ways to open accounts and transact quickly and easily. How do
are many questions around what the “new normal” will be. The likelihood is you instantly verify an individual’s identity, electronically, without being able
that consumer preferences will continue to evolve as they discover new ways to see them face to face?
How can you be sure How can you tell How do you know the How can you detect How can you be sure
you’re dealing with a quickly that the name, device being used by suspicious behaviour that proof of identity
real person, not a bot address and date of the person is their online, particularly documents scanned are
or piece of malware? birth details presented regular device and when in the current authentic and actually
relate to a real person not one associated environment, relate to the person
and are not synthetic? with fraud? everything is unusual? applying?
And, crucially, how can you make it quick and painless for new customers
to open accounts online without exposing your business to additional risk?
7. https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights/a-global-view-of-how-consumer-behavior-is-changing-amid-covid-19#
Early warning signs: taking comfort upfront.
When a new customer registers online, there are a number of immediate indicators that can be used to give an early warning,
in near real-time, of potential risk factors, for instance if:
Their email address is brand new or has previously been The device they’re using has been compromised (spoofed),
associated with fraud. contains malware, uses proxies, VPNs or TOR, or else has
previously been associated with fraud.
The location they’re applying from is overseas, despite their The way they’re inputting details is unnatural and may be consistent
address being in the UK. with a bot, a fraudster, or someone operating under duress.
The personal details (name, address and date of birth) raise an The same identity attempts to open a number of different
alert or have been previously associated with fraud. accounts in a short space of time.
However, these risks should not only be assessed at initial sign up. Whilst there has recently been a dramatic spike in the volumes
of people using digital services for the first time, fraud is not a one-time event. What happens if a criminal assumes control of your
trusted customer’s account once they’re onboarded? Or a first-party fraudster bypasses your frontline controls and manages to
establish a (seemingly) legitimate customer account with your organisation? Or if a customer checks out as being genuine, but is
making the transaction, possibly under duress, on instruction by a fraudster?
To ensure you’re only dealing with trusted customers, checks need to be conducted on an ongoing basis, each time your customers
return, login to their account and use your services. By constantly risk assessing a customer’s digital interactions, you can reduce
friction by baselining their normal behaviour. In this way, you only need to step-up checks when there is a deviation from this
behaviour and at that point, agents have full information to be able to justify to the customer why this step-up has occurred.
How can I be sure I’m dealing with a real person?
So how can businesses differentiate between a genuine online account applicant and an
automated bot or piece of malware?
There are multiple methods that can be applied to help you identify and stop bots and malware from accessing your
systems and your customer accounts:
8. https://risk.lexisnexis.co.uk/insights-resources/research/cybercrime-report
9. https://www.ibm.com/security/data-breach/identity-report-user-study
How can I be sure I’m dealing with a real person?
Legal Aliases Date of Birth Address/ Digital Digital Account Digital Geolocation Payment
Names Property Reputation History Behaviour Instruments
Government Financial Phone Relatives and Device IDs User Names Social Account Email
Issued Identifiers Numbers Associates Networks Numbers Addresses
Biometrics
(human characteristics and behaviours)
How can I be sure I’m dealing with the right person?
In addition, the dark web gives identity thieves unparalleled access to Having concluded the identity document is genuine and is still active,
counterfeit and stolen personal documents such as passports, driving companies then need to be able to associate the document with the person
licenses and birth certificates, which fraudsters can manipulate and present presenting. This can be challenging given that the document holder’s image
as their own. may have changed considerably since the photograph on the identity
document was taken. Facial recognition software provides a good solution
Identity document validation technology (IDVT) exists to help companies
here as it verifies the photo ID against a selfie or video, and can account for
quickly and easily establish the authenticity of identity documents. IDVTs
ageing.
do so by checking security features on the presented document for
example, by verifying whether the biographic details on the document Of course, no facial biometric systems are entirely infallible and to ensure the
match the information contained in the Machine Readable Zone (MRZ). selfie or video is real and not a face mask, a liveness test is essential.
More sophisticated document authentication software also examines and
Even when you have verified and authenticated that an identity is legitimate and relates to the person you are dealing with,
it doesn’t mean the relationship will be risk-free. In addition to identifying any potential fraud risk, if you’re regulated for anti-
money laundering purposes, you’ll need to screen for Politically Exposed Persons, sanctioned entities and identify any adverse
information associated with a customer. When evaluating potential risk, make sure you:
Use a trusted, global Don’t rely on internet Document, document, Pierce any IP illusions
data source search engines document Bad actors leverage technology to
mask their true location. Using proxy
In the age of fake news and Traditional search engines only scan Keeping a record of the compliance
servers and VPNs, individuals in
misinformation, anti-money laundering the surface web (around 3% of the total checks you used to arrive at your risk-
sanctioned jurisdictions can appear
checks need to be conducted using a web), so by limiting your searches to based decision is essential to evidence
to be elsewhere. Not knowing the true
trusted, global data source. the well-known search engines, you will the robustness of your approach to
location of your customers can result in
most likely miss critical intelligence – the regulator, so it’s important that any
significant fines and reputational risks
adverse information on the customer software platform you use enables you
for sanctions breaches, so it’s important
– hidden in the deep web. Criminals are to retain a solid audit trail.
to have technology that will recognise
likely to have covered their tracks, so it’s
and raise an alert when proxy servers
important to delve deeper.
and VPNs are being used.
Ongoing surveillance of financial crime and sanctions risks is also critical as today’s
trusted customer could become high-risk overnight. Regular monitoring of your
customer base, aligned with your risk appetite, is vital.
Confirming identity and stopping fraud is not a one-off activity
Experience matters
That said, risk and customer experience have to be
balanced, and when a situation demands, you need to be
able to step up the level of authentication. This will provide
you with the additional confidence you need to engage with
your trusted customers in higher-risk scenarios.
10. https://www.bbc.co.uk/news/technology-52319093
Frictionless identity checks and risk identification across the customer journey.
Brand-new customers and longstanding clients alike, can enjoy a seamless interaction with your business without compromising on
security. Combining personal details with physical and digital identity attributes (including the LexisNexis® Digital Identity Network),
the LexisNexis® Risk Solutions identity management, fraud prevention, AML compliance and data management capabilities will help
you ensure a positive and secure customer experience, while minimising risk to your business and broader society.
Identity Checks Fraud and AML Checks Trusted User Identification Threat Monitoring
Identity age and address verification Assess email address risk Device and behavioural location Ongoing PEPs, sanctions adverse
Mobile landline validation Detect mule profiles and activity recognition information monitoring
Facial biometric checks Screen for PEPs, sanctions, adverse Check for fraud and social engineering Identify suspicious payment patterns
information Bot detection and scams
Document authentication
Bot/Malware detection Risk assess customer changes and Flag high risk transactions for manual
Screen customer digital identity against
behaviour – step up authentication as review
Digital Identity Network Identify VPN, Proxy, TOR usage
required Receive data update alerts – when
Defend against password takeover customers move house, change name
(Password reset) or pass away
For more information, please call 029 2067 8555
or email ukenquiry@lexisnexis.com
risk.lexisnexis.co.uk
LexisNexis and the Knowledge Burst logo are registered trademarks of RELX Inc. Other products and services may be trademarks or registered trademarks of their respective companies. No part of this document may be reproduced without the express
permission of LexisNexis. LexisNexis Risk Solutions UK Ltd is a company registered in England & Wales at Global Reach, Dunleavy Drive, Cardiff CF11 0SN. Registration number 07416642. Tracesmart Limited is a LexisNexis company, operating under the trading
name of LexisNexis, with an England & Wales Registration Number 3827062. Registered Office is Global Reach, Dunleavy Drive, Cardiff CF11 0SN. Authorised and regulated by the Financial Conduct Authority (Firm Reference number 742551).