The Importance of KYC for Security

Security: Know Your Customer

Know-your-customer or KYC is the practice of collecting data about your customer base for a variety of purposes beneficial to your business. Know-your-customer should be implemented as a company-wide policy and be considered in every decision you make, but at a basic level, KYC has two primary functions: marketing and security. Today we will be talking about KYC in Security. Click here to read our article about on KYC in Marketing.

KYC for Security

Knowing and understanding your targeted customers is the key overarching factor in how well your company is going to distinguish itself from its competitors. In online business, know-your-customer or KYC becomes doubly important. Knowing what to sell and who to sell it to is one thing, but when your business is conducted virtually rather than face-to-face, knowing your customer becomes a matter of security. Fraudsters lie in wait for a company that doesn’t take KYC seriously – if that turns out to be you, your business could be involved in fraud, identity theft, money laundering and terrorist financing without you even knowing it.

Electronic payment volumes grew at an unprecedented rate last year (see also: E-Commerce Growth Report 2014), and the reality is that cybercriminals see the industry as a cash cow. Because of this, KYC is about a lot more than just delivering a great, personalised service – it’s about operating a secure, ethical and sustainable business.

  • Security: In most jurisdictions there is a basic level of know-your-customer enforced by law. That is because, put simply, there is no more effective security measure than KYC. If you can confidently verify the identity of your customer then they cannot effectively conduct criminal activities using your product, service or platform. Cybercriminals needs to operate anonymously to effectively launder or steal funds, so forcing customers to verify their identity will keep fraudsters away.
  • Ethics: By failing to maintain adequate KYC controls, you are effectively turning a blind eye to any number of potential illicit activities such as identity theft and terrorist financing. Most importantly, any one flaw in your security practices puts not only you at risk, but also your business partners, banking partners and all of your legitimate, law-abiding customers. Allowing responsible KYC to fall by the wayside is unethical because it puts all of your loyal customers and associates into the line of fire.
  • Sustainability: Think you can cut corners? Put security on the backburner until you have more resources at your disposal? That’s a sure-fire way to drive your business into the ground. In the age of social media, word gets out faster than you could imagine. Any one bad apple among your customers can cause long-lasting reputational damage that you may never recover from. The only way to create a sustainable online business is to keep top-of-the-line security practices right from the beginning and to know every one of your customers.

At DalPay, we take a little extra time to get to know our customers. Our philosophy is that our customer is not just our client, but also the countries we do business with, our banking partners who make our business possible, and our employees who keep our business running. There are too many organisations in the online payments landscape that don’t share our holistic approach to KYC, and their lax attitude is harmful not just to themselves, but to everyone in the industry.

When a fraudster makes his way through a security system due to insufficient KYC practices and begins moving money around, he’s going to set off a red flag that begins a chain of reactions. Funds are frozen, payments are delayed and accounts are locked. That’s why a truly secure organisation is one that gets it right the first time every time.

When DalPay approves a client to become a direct merchant or a sub-merchant, that means the customer has gone through our rigorous KYC program.We have a clear picture of who they are and we’re certain that their business model and activities meet the requirements of our banking and country partners. Because of this, we’re confident that our merchants will never have their accounts locked, funds frozen or payments withheld.

KYC: The Essentials

There are countless know-your-customer methods practiced in the e-commerce industry, but there are four specific steps that a business must be willing and able to follow on a day-to-day basis to ensure a responsible level of security.

  1. Customer Acceptance Policy – The first step is to realise that you can’t accept every customer that comes your way. You need to develop clear and explicit criteria for who you do business with and perform due diligence to ensure that all of your customers are operating under their real name and are not associated with fraudulent or criminal activities.
  2. Customer Identification Procedures – Beyond customer acceptance, you need to develop and outline procedures for customer identification at every step of the relationship, from submitting personal information such as addresses and bank accounts to carrying out a transaction and shipping a product. Fraudsters often try to infiltrate existing, “verified” accounts and therefore you need to be able to confirm your customer’s identity at every interaction.
  3. Monitoring of Transactions – E-commerce is full of patterns and when something doesn’t fit in to those patterns then it might be a red flag. The third step in an effective KYC program is to be able to identify unusual and high-risk transactions, such as very large or complex transactions or those that operate contrary to the normal behaviour of your customer base. These transactions should be subjected to a higher level of scrutiny.
  4. Risk Management – An organisation’s risk level can never be reduced to zero and particularly in e-commerce there are risks around every corner, so no KYC program is complete without established risk management procedures. Internal audit and compliance functions as well as company-wide training programs should be in place to minimise the frequency of risky activities. Customer accounts and specific transaction types should be categorised by their risk level and put through the appropriate level of due diligence.

Don’t be one of those businesses with money launderers and terrorist financers operating right under your nose. Follow these four steps to allow your business to operate securely, ethically and sustainably while complying with established KYC regulations. By knowing your customer from the very beginning, you can greatly reduce your short and long-term risk levels and provide a safe and reliable product or service to your clientele.

Advertisements

How to Resolve Chargebacks: Managing the Inevitable

Resolving Chargebacks

Chargebacks can happen for any number of reasons. Many of us can relate to the experience of not getting quite what we expected when buying a product online. Maybe it’s damaged, or maybe it never even showed up. When a customer contacts their credit card issuer and demands their money back, the credit card issuer reverses the transaction and fines the merchant. This is called a chargeback.

Two weeks ago we posted a few tips on how to reduce your chargeback ratio, but you may never be able to reduce it to zero. We do what we can to avoid chargebacks by encouraging customers to contact us directly with billing questions and we list our contact information on their credit card statements and purchase confirmation pages. However, despite our best efforts, chargebacks still happen. If you are on the receiving end of a chargeback, we are more than happy to help you resolve it and (hopefully) get your money back.

The costs of chargebacks to you:

  • Loss of product.
  • Loss of shipping costs.
  • A chargeback fee charged to a merchant that can exceed 75 USD.
  • Potential reputational damage.
  • Depending on the credit card provider’s policy, potential loss of your merchant account or ability to accept a certain type of card.

On top of these losses, statistics show that 41% of online fraud comes from chargebacks, so disputing a chargeback is often a wise decision. However, a chargeback dispute requires substantially more work to resolve than a regular customer inquiry because the customer has decided to formally question the charges with their credit card company instead of contacting you or DalPay directly. The four common types of chargebacks are:

·        DNEF: The customer says that he/she didn’t authorize this transaction or purchase anything through DalPay.

·        NRCT: The customer says that he/she has not received their purchase.

·        REFP: The customer says that they returned the merchandise, or that you agreed to issue a refund on this order.

·        DMER: The customer says that their purchase was either defective, damaged, or not received as advertised.

How to resolve a chargeback

  • Check the validity of the chargeback

First things first – is it possible that the chargeback is your fault? Consider the information provided by the customer. If they are claiming a DNEF chargeback, perhaps the transaction is fraudulent – the customer’s card or information could have been stolen, in which case the chargeback is valid and perhaps you should consider adding new security features such as two-step authentication for credit card payments in the future. In this case the chargeback will stand and you will have to absorb the losses.

DMER chargeback are common when a merchant doesn’t adequately describe a product on their web store. This is why it’s important to provide as much relevant information as possible about all of your products to ensure that the customer receives exactly what they want. If your description of a product doesn’t match up with reality, chargebacks will be inevitable. You also need to ensure that you’re packaging fragile products adequately and securely so they aren’t damaged during delivery.

  • Check with the customer

In every case, the best thing that you can do is get in touch with the customer. The chargeback may be the result of confusion; the customer may not recognize DalPay as the processor or they may not recognize the charge labelled “dalpay.is” on their credit card bill. It’s possible that the customer forgot that they made the purchase or that it was made by a family member without their knowledge.

You should always offer a hassle-free, user-friendly method for returns and refunds to avoid REFP chargebacks. If the customer has filed a REFP chargeback but you have not agreed to refund the order, you should contact the customer to clarify whether the chargeback was a mistake.

  • Check with the courier

You should always be shipping your merchandise with a trusted courier that provides package tracking services and requires a signature from the recipient of each delivery. For NRCT or DMER chargebacks, the courier can determine whether the package has reached the customer or not and whether there is a possibility the package was damaged.

If the package has been delayed, contact the customer to reassure them that the package is still on its way and ask them to reverse the chargeback with their bank, although at this point they may want to cancel their order. It’s also possible the package was lost or stolen during shipment, in which case the chargeback would stand but the courier may be able to reimburse you.

The customer could be attempting to defraud you by receiving the product without having to pay for it. In this case a courier that requires proof of receipt can allow you to identify whether a customer is lying about not having received the product. A customer claiming the package has arrived damage could also be lying, so ask for proof such as a photograph of the damaged product.

  • Check with the card issuer

If you haven’t been able to resolve the chargeback dispute with the customer but you believe that the chargeback is invalid, you can appeal to the issuing bank. The issuing bank sides with the merchants an average of 40% of the time and reverses the chargeback. If the bank chooses in favour of the customer, you will have to absorb the cost of the chargeback – it’s one of the unfortunate costs of running a business.

DalPay can also appeal to the issuing bank for you. The success rate and duration of the process can vary greatly depending on the case and the particular issuing bank. If you have additional information that may help in disputing a chargeback, please provide it to us as soon as you receive the chargeback to ensure that it is included in the dispute claim. If the chargeback is successfully disputed, the returned funds will be deposited to your account.

At DalPay, we’re committed to providing you with the tools for success. We’re always happy to answer your customers’ billing questions and we will do everything we can to help you to prevent and dispute chargebacks. Remember that we’re here for you – if you need additional help in preventing or dealing with chargebacks, feel free reach out to a member of our team.