Know-your-customer or KYC is the practice of collecting data about your customer base for a variety of purposes beneficial to your business. Know-your-customer should be implemented as a company-wide policy and be considered in every decision you make, but at a basic level, KYC has two primary functions: marketing and security. Today we will be talking about KYC in Security. Click here to read our article about on KYC in Marketing.
Knowing and understanding your targeted customers is the key overarching factor in how well your company is going to distinguish itself from its competitors. In online business, know-your-customer or KYC becomes doubly important. Knowing what to sell and who to sell it to is one thing, but when your business is conducted virtually rather than face-to-face, knowing your customer becomes a matter of security. Fraudsters lie in wait for a company that doesn’t take KYC seriously – if that turns out to be you, your business could be involved in fraud, identity theft, money laundering and terrorist financing without you even knowing it.
Electronic payment volumes grew at an unprecedented rate last year (see also: E-Commerce Growth Report 2014), and the reality is that cybercriminals see the industry as a cash cow. Because of this, KYC is about a lot more than just delivering a great, personalised service – it’s about operating a secure, ethical and sustainable business.
- Security: In most jurisdictions there is a basic level of know-your-customer enforced by law. That is because, put simply, there is no more effective security measure than KYC. If you can confidently verify the identity of your customer then they cannot effectively conduct criminal activities using your product, service or platform. Cybercriminals needs to operate anonymously to effectively launder or steal funds, so forcing customers to verify their identity will keep fraudsters away.
- Ethics: By failing to maintain adequate KYC controls, you are effectively turning a blind eye to any number of potential illicit activities such as identity theft and terrorist financing. Most importantly, any one flaw in your security practices puts not only you at risk, but also your business partners, banking partners and all of your legitimate, law-abiding customers. Allowing responsible KYC to fall by the wayside is unethical because it puts all of your loyal customers and associates into the line of fire.
- Sustainability: Think you can cut corners? Put security on the backburner until you have more resources at your disposal? That’s a sure-fire way to drive your business into the ground. In the age of social media, word gets out faster than you could imagine. Any one bad apple among your customers can cause long-lasting reputational damage that you may never recover from. The only way to create a sustainable online business is to keep top-of-the-line security practices right from the beginning and to know every one of your customers.
At DalPay, we take a little extra time to get to know our customers. Our philosophy is that our customer is not just our client, but also the countries we do business with, our banking partners who make our business possible, and our employees who keep our business running. There are too many organisations in the online payments landscape that don’t share our holistic approach to KYC, and their lax attitude is harmful not just to themselves, but to everyone in the industry.
When a fraudster makes his way through a security system due to insufficient KYC practices and begins moving money around, he’s going to set off a red flag that begins a chain of reactions. Funds are frozen, payments are delayed and accounts are locked. That’s why a truly secure organisation is one that gets it right the first time every time.
When DalPay approves a client to become a direct merchant or a sub-merchant, that means the customer has gone through our rigorous KYC program.We have a clear picture of who they are and we’re certain that their business model and activities meet the requirements of our banking and country partners. Because of this, we’re confident that our merchants will never have their accounts locked, funds frozen or payments withheld.
KYC: The Essentials
There are countless know-your-customer methods practiced in the e-commerce industry, but there are four specific steps that a business must be willing and able to follow on a day-to-day basis to ensure a responsible level of security.
- Customer Acceptance Policy – The first step is to realise that you can’t accept every customer that comes your way. You need to develop clear and explicit criteria for who you do business with and perform due diligence to ensure that all of your customers are operating under their real name and are not associated with fraudulent or criminal activities.
- Customer Identification Procedures – Beyond customer acceptance, you need to develop and outline procedures for customer identification at every step of the relationship, from submitting personal information such as addresses and bank accounts to carrying out a transaction and shipping a product. Fraudsters often try to infiltrate existing, “verified” accounts and therefore you need to be able to confirm your customer’s identity at every interaction.
- Monitoring of Transactions – E-commerce is full of patterns and when something doesn’t fit in to those patterns then it might be a red flag. The third step in an effective KYC program is to be able to identify unusual and high-risk transactions, such as very large or complex transactions or those that operate contrary to the normal behaviour of your customer base. These transactions should be subjected to a higher level of scrutiny.
- Risk Management – An organisation’s risk level can never be reduced to zero and particularly in e-commerce there are risks around every corner, so no KYC program is complete without established risk management procedures. Internal audit and compliance functions as well as company-wide training programs should be in place to minimise the frequency of risky activities. Customer accounts and specific transaction types should be categorised by their risk level and put through the appropriate level of due diligence.
Don’t be one of those businesses with money launderers and terrorist financers operating right under your nose. Follow these four steps to allow your business to operate securely, ethically and sustainably while complying with established KYC regulations. By knowing your customer from the very beginning, you can greatly reduce your short and long-term risk levels and provide a safe and reliable product or service to your clientele.