REMOVING THE BLINDFOLD:

recognising good customers

from bad in a busy and
disrupted online environment
Accelerating the journey of trusted customers while
spotting signs of fraud risk in near real time
You think you know your customer – but do you really?

How confident are you that you really know your customer when they’re
new to your business, not physically present and you can only see
scanned copies of their identity documents? How do you detect the
unusual when everything is unusual?
In a world where face-to-face contact is limited and adoption of digital channels has been a necessity for most, this guide
focuses on ways in which you can protect your business and improve customer experience.
The pressure is on.

The pandemic has disrupted business and has taken the world online
almost overnight. Businesses are up against it:

They need to maintain They need to cope with They need to maximise They need to protect
operations in a digital significant surges in business volumes and their business,
first environment. online activity. onboard new customers reputation and
efficiently as financial customers against a
pressures increase. rising threat of fraud
and financial crime,
whilst many staff
work remotely.

All of this needs to be achieved in an environment where businesses are potentially under-staffed and may well be running at a loss.

Whilst a lot of UK businesses were digital ready and set up to manage customer relationships online when lockdown began, many hadn’t
anticipated anything like the volumes they were subsequently exposed to. Other businesses were less well prepared to operate digitally
and had to make more of a transition.

Consumers, young and old, digitally astute and new to digital, moved online – some for the first time, others simply increasing their
existing usage – for banking, shopping and entertainment. During the first week of the UK government’s lockdown, network traffic across
the UK’s fixed broadband networks went up by a fifth1 with the average time spent online reaching record levels by April 20201.

All of this resulted in a dramatic increase in online registrations and new account creations for many businesses.

1. https://www.ofcom.org.uk/__data/assets/pdf_file/0027/196407/online-nation-2020-report.pdf
Coping with an explosion in online registrations.

Since March 2020, there have been huge spikes in online registrations, new account
£16.6m 6

creations and payment transactions, particularly for banks, ecommerce merchants and The value of online shopping fraud losses
online media and entertainment companies: reported to Action Fraud during lockdown.

Ecommerce Online banking Online media and

April saw a 60% increase in online sales As an indication, from March to June,
in the UK2. TSB reported a 137% increase in
signups for its online banking, with the
average daily number of customers
registering for its mobile app tripling
over the same time period3.
entertainment
Shortly after the start of lockdown, total
internet hits surged by an estimated 70%
and online streaming jumped by 12%4.
Over 40% of people have opened a new
betting account since lockdown began5.

All of these sectors – and many others – face a similar challenge: how to onboard and serve trusted customers, reliably, with the least amount of
friction, whilst also protecting them from the threat of fraud?

In normal times this is challenging, but even more so against the backdrop of the most turbulent operating environment in living memory, and
fraudsters and criminals seeking to capitalise on the crisis whether it be through counterfeiting, scams or cybercrime.

Action Fraud has reported over 16,0006 people in the UK have been victims of online shopping or auction fraud since shops shut on the 23rd March,
2020. They have also received reports of £16.6m6 having been lost to online shopping fraud since lockdown commenced.

2. https://home.kpmg/uk/en/home/media/press-releases/2020/05/brc-kpmg-retail-sales-monitor-april-2020.html
3. https://www.businessinsider.com/tsb-sees-mobile-signups-triple-since-lockdown-2020-6?r=US&IR=T
4. https://www.forbes.com/sites/markbeech/2020/03/25/covid-19-pushes-up-internet-use-70-streaming-more-than-12-first-figures-reveal/
5. https://www.thecork.ie/2020/06/06/online-gambling-trending-upwards-in-q1-2020/
6. https://www.actionfraud.police.uk/alert/over-16-million-lost-to-online-shopping-fraud-during-lockdown-with-people-aged-18-26-most-at-risk
From a distance: the challenges of onboarding new customers remotely.

For most businesses, the focus throughout the COVID-19 pandemic has been
on ensuring continuity and finding ways to adapt and improve onboarding
systems and controls to be more effective, and easier to use, particularly
given the constraints of lockdown.
And the move to digital is unlikely to be temporary. As lockdown eases, there
are many questions around what the “new normal” will be. The likelihood is
that consumer preferences will continue to evolve as they discover new ways
of accessing goods and services7 and that convenience may well replace
necessity as a reason for using online tools. Digital is here to stay.
This is a real opportunity for business, but also represents a real challenge,
particularly in a competitive market where customers are looking for
convenient ways to open accounts and transact quickly and easily. How do
you instantly verify an individual’s identity, electronically, without being able
to see them face to face?

How can you be sure How can you tell How do you know the How can you detect How can you be sure
you’re dealing with a quickly that the name, device being used by suspicious behaviour that proof of identity
real person, not a bot address and date of the person is their online, particularly documents scanned are
or piece of malware? birth details presented regular device and when in the current authentic and actually
relate to a real person not one associated environment, relate to the person
and are not synthetic? with fraud? everything is unusual? applying?

And, crucially, how can you make it quick and painless for new customers
to open accounts online without exposing your business to additional risk?

7. https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights/a-global-view-of-how-consumer-behavior-is-changing-amid-covid-19#
Early warning signs: taking comfort upfront.

When a new customer registers online, there are a number of immediate indicators that can be used to give an early warning,
in near real-time, of potential risk factors, for instance if:

Their email address is brand new or has previously been The device they’re using has been compromised (spoofed),
associated with fraud. contains malware, uses proxies, VPNs or TOR, or else has
previously been associated with fraud.

The location they’re applying from is overseas, despite their The way they’re inputting details is unnatural and may be consistent
address being in the UK. with a bot, a fraudster, or someone operating under duress.

The personal details (name, address and date of birth) raise an The same identity attempts to open a number of different
alert or have been previously associated with fraud. accounts in a short space of time.

However, these risks should not only be assessed at initial sign up. Whilst there has recently been a dramatic spike in the volumes
of people using digital services for the first time, fraud is not a one-time event. What happens if a criminal assumes control of your
trusted customer’s account once they’re onboarded? Or a first-party fraudster bypasses your frontline controls and manages to
establish a (seemingly) legitimate customer account with your organisation? Or if a customer checks out as being genuine, but is
making the transaction, possibly under duress, on instruction by a fraudster?

To ensure you’re only dealing with trusted customers, checks need to be conducted on an ongoing basis, each time your customers
return, login to their account and use your services. By constantly risk assessing a customer’s digital interactions, you can reduce
friction by baselining their normal behaviour. In this way, you only need to step-up checks when there is a deviation from this
behaviour and at that point, agents have full information to be able to justify to the customer why this step-up has occurred.
How can I be sure I’m dealing with a real person?

Could it be a bot or malware?

New account creations are the most “at-risk” use case for bot attacks. The number of account creation bot attacks increased
globally during the second half of 20198. One bot attack can represent millions of individual attacks. These attacks can come
from all over the world and are often driven by automated bots mass testing identity credentials. They rely on a fresh and
ready supply of stolen identity data, harvested from global data breaches experienced by virtually all industries. They are
currently most prevalent in financial services and media sectors, however the industry spread is growing.

So how can businesses differentiate between a genuine online account applicant and an
automated bot or piece of malware?
There are multiple methods that can be applied to help you identify and stop bots and malware from accessing your
systems and your customer accounts:

Context-based information Facial biometrics

Bots and real people behave differently. By comparing trusted user
behaviour during periods of legitimate activity against data gathered
during a bot attack, it is possible to quickly identify bot or malware
activity.
Selfies and video provide new customers applying online with
an easy and convenient way of identity proofing, helping to
demonstrate they are a real and present person. Consumer
acceptance of such processes is high. According to Ofcom’s One
Nation 2020 report, 82% of UK adults now use a smartphone and
two thirds of the population9 are comfortable using biometric
authentication, particularly the younger generations.

However, to enhance security, use of facial recognition systems must

be combined with some form of ‘liveness’ test, as the former have,
on occasion, been compromised using face masks.

8. https://risk.lexisnexis.co.uk/insights-resources/research/cybercrime-report
9. https://www.ibm.com/security/data-breach/identity-report-user-study
How can I be sure I’m dealing with a real person?

Does your customer really exist?

The phenomena of synthetic identities continues to gather pace. Rather than appropriating
an existing identity, savvy fraudsters are concocting their own by mixing fabricated
information with real personal data to create identities that don’t actually exist. They then
build out their synthetic identities by creating history on credit sources (e.g. short term loan
applications), before applying for further services using those details.
To combat this, personal details provided – name, address, date of birth – can be verified
automatically against authoritative, trusted sources such as public records information,
plus data from the credit bureaus, which can help to verify the existence of the identity and
debunk synthetic claims.
More sophisticated solutions will take the process one step further, drawing on advanced
analytics to flag potential risk associated with an identity. This could include a middle-aged
person applying for credit for the first time, an individual reported as living at multiple
addresses, or suspicious numbers of people apparently living at the same address.
However, in an increasingly digital environment, traditional personal identity attributes –
name, address, date of birth – are no longer enough, in isolation, to confirm the identity of
an individual. Instead, you need a broader, multi-dimensional picture of your customer’s
identity, ideally incorporating personal details along with physical and digital identity
attributes, to help you quickly confirm an identity exists and is not synthetic, while
confidently differentiating between bots, fraudsters, and legitimate customers.

Personal Identity Physical Identity Digital Identity

Legal Aliases Date of Birth Address/ Digital Digital Account Digital Geolocation Payment
Names Property Reputation History Behaviour Instruments

Government Financial Phone Relatives and Device IDs User Names Social Account Email
Issued Identifiers Numbers Associates Networks Numbers Addresses

Biometrics
(human characteristics and behaviours)
How can I be sure I’m dealing with the right person?

Do they have identity documents and can we be sure the identity

documents belong to the person presenting?
In a physical, face-to-face environment, it can be hard for the untrained eye to
tell the difference between a fake ID and a real one. In an online environment
where original documents have to be either scanned or copied and submitted,
the quality of the copy or scan may make this altogether harder.
authenticates the chips held on passports, using Near Field Communication
(NFC), and uses advanced algorithms to check identity documents against
an extensive library, as well as confirming the identity document hasn’t been
cancelled, following theft or loss.

In addition, the dark web gives identity thieves unparalleled access to
counterfeit and stolen personal documents such as passports, driving
licenses and birth certificates, which fraudsters can manipulate and present
as their own.
Identity document validation technology (IDVT) exists to help companies
quickly and easily establish the authenticity of identity documents. IDVTs
do so by checking security features on the presented document for
example, by verifying whether the biographic details on the document
match the information contained in the Machine Readable Zone (MRZ).
More sophisticated document authentication software also examines and
Having concluded the identity document is genuine and is still active,
companies then need to be able to associate the document with the person
presenting. This can be challenging given that the document holder’s image
may have changed considerably since the photograph on the identity
document was taken. Facial recognition software provides a good solution
here as it verifies the photo ID against a selfie or video, and can account for
ageing.
Of course, no facial biometric systems are entirely infallible and to ensure the
selfie or video is real and not a face mask, a liveness test is essential.

Can they answer questions relating to the claimed identity?

In most cases, it’s prudent to ask questions that only the real customer would know. A short knowledge-based authentication quiz can provide
companies with further evidence that the person is who they claim to be. Used in combination with biometrics, it allows for a more robust identity
authentication check to be conducted.
How can I understand the risks associated with the confirmed identity?

Even when you have verified and authenticated that an identity is legitimate and relates to the person you are dealing with,
it doesn’t mean the relationship will be risk-free. In addition to identifying any potential fraud risk, if you’re regulated for anti-
money laundering purposes, you’ll need to screen for Politically Exposed Persons, sanctioned entities and identify any adverse
information associated with a customer. When evaluating potential risk, make sure you:

Use a trusted, global
data source
In the age of fake news and
misinformation, anti-money laundering
checks need to be conducted using a
trusted, global data source.
Don’t rely on internet
search engines
Traditional search engines only scan
the surface web (around 3% of the total
web), so by limiting your searches to
the well-known search engines, you will
most likely miss critical intelligence –
adverse information on the customer
– hidden in the deep web. Criminals are
likely to have covered their tracks, so it’s
important to delve deeper.
Document, document,
document
Keeping a record of the compliance
checks you used to arrive at your risk-
based decision is essential to evidence
the robustness of your approach to
the regulator, so it’s important that any
software platform you use enables you
to retain a solid audit trail.
Pierce any IP illusions
Bad actors leverage technology to
mask their true location. Using proxy
servers and VPNs, individuals in
sanctioned jurisdictions can appear
to be elsewhere. Not knowing the true
location of your customers can result in
significant fines and reputational risks
for sanctions breaches, so it’s important
to have technology that will recognise
and raise an alert when proxy servers
and VPNs are being used.

Ongoing surveillance of financial crime and sanctions risks is also critical as today’s
trusted customer could become high-risk overnight. Regular monitoring of your
customer base, aligned with your risk appetite, is vital.
Confirming identity and stopping fraud is not a one-off activity

How do you confirm a returning

customer is still trustworthy?
With more consumers (many of whom will be less tech-
savvy) now using digital channels, and an increase in
phishing scams10, the volume of account takeover fraud
is likely to increase. There is also the possibility of a
determined fraudster making it past your initial controls.
If your strategy is simply to verify identity and check for
risk at the point of onboarding, you could be opening your
business up to sizeable risk.

Applying a multi-factor approach to authenticating

customers, including checks of personal, physical and
digital identity attributes, will help mitigate this risk and
give you confidence that you are dealing with a trusted
customer.

Experience matters
That said, risk and customer experience have to be
balanced, and when a situation demands, you need to be
able to step up the level of authentication. This will provide
you with the additional confidence you need to engage with
your trusted customers in higher-risk scenarios.

10. https://www.bbc.co.uk/news/technology-52319093
Frictionless identity checks and risk identification across the customer journey.
Brand-new customers and longstanding clients alike, can enjoy a seamless interaction with your business without compromising on
security. Combining personal details with physical and digital identity attributes (including the LexisNexis® Digital Identity Network),
the LexisNexis® Risk Solutions identity management, fraud prevention, AML compliance and data management capabilities will help
you ensure a positive and secure customer experience, while minimising risk to your business and broader society.

Onboarding / Account Creation Returning Customer / Account Management

Onboard Login / Account Changes /

One-off transaction New Transactions
Open account Login – risk and authentication
Register device Change of personal details
Deposit funds Change of bank account details
Subscribe to services Update login credentials
New transactions/purchases/transfers

Identity Checks
Identity age and address verification
Mobile landline validation
Facial biometric checks
Document authentication
Screen customer digital identity against
Digital Identity Network
Fraud and AML Checks
Assess email address risk
Detect mule profiles and activity
Screen for PEPs, sanctions, adverse
information
Bot/Malware detection
Identify VPN, Proxy, TOR usage
Trusted User Identification
Device and behavioural location
recognition
Check for fraud and social engineering
Bot detection
Risk assess customer changes and
behaviour – step up authentication as
required
Defend against password takeover
(Password reset)
Threat Monitoring
Ongoing PEPs, sanctions adverse
information monitoring
Identify suspicious payment patterns
and scams
Flag high risk transactions for manual
review
Receive data update alerts – when
customers move house, change name
or pass away
 For more information, please call 029 2067 8555
or email ukenquiry@lexisnexis.com

risk.lexisnexis.co.uk

About LexisNexis® Risk Solutions

LexisNexis® Risk Solutions harnesses the power of data and advanced analytics to provide insights that help businesses and governmental entities reduce risk and improve decisions to benefit people around
the globe. We have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information-based analytics and decision tools for professional and business customers across
industries. For more information, please visit risk.lexisnexis.co.uk and www.relx.com.

LexisNexis and the Knowledge Burst logo are registered trademarks of RELX Inc. Other products and services may be trademarks or registered trademarks of their respective companies. No part of this document may be reproduced without the express
permission of LexisNexis. LexisNexis Risk Solutions UK Ltd is a company registered in England & Wales at Global Reach, Dunleavy Drive, Cardiff CF11 0SN. Registration number 07416642. Tracesmart Limited is a LexisNexis company, operating under the trading
name of LexisNexis, with an England & Wales Registration Number 3827062. Registered Office is Global Reach, Dunleavy Drive, Cardiff CF11 0SN. Authorised and regulated by the Financial Conduct Authority (Firm Reference number 742551).

Copyright © 2020 LexisNexis Risk Solutions. 369/MK/GU/1. NXR14549-00-0720-EN-UK