The Importance of KYC for Security

Security: Know Your Customer

Know-your-customer or KYC is the practice of collecting data about your customer base for a variety of purposes beneficial to your business. Know-your-customer should be implemented as a company-wide policy and be considered in every decision you make, but at a basic level, KYC has two primary functions: marketing and security. Today we will be talking about KYC in Security. Click here to read our article about on KYC in Marketing.

KYC for Security

Knowing and understanding your targeted customers is the key overarching factor in how well your company is going to distinguish itself from its competitors. In online business, know-your-customer or KYC becomes doubly important. Knowing what to sell and who to sell it to is one thing, but when your business is conducted virtually rather than face-to-face, knowing your customer becomes a matter of security. Fraudsters lie in wait for a company that doesn’t take KYC seriously – if that turns out to be you, your business could be involved in fraud, identity theft, money laundering and terrorist financing without you even knowing it.

Electronic payment volumes grew at an unprecedented rate last year (see also: E-Commerce Growth Report 2014), and the reality is that cybercriminals see the industry as a cash cow. Because of this, KYC is about a lot more than just delivering a great, personalised service – it’s about operating a secure, ethical and sustainable business.

  • Security: In most jurisdictions there is a basic level of know-your-customer enforced by law. That is because, put simply, there is no more effective security measure than KYC. If you can confidently verify the identity of your customer then they cannot effectively conduct criminal activities using your product, service or platform. Cybercriminals needs to operate anonymously to effectively launder or steal funds, so forcing customers to verify their identity will keep fraudsters away.
  • Ethics: By failing to maintain adequate KYC controls, you are effectively turning a blind eye to any number of potential illicit activities such as identity theft and terrorist financing. Most importantly, any one flaw in your security practices puts not only you at risk, but also your business partners, banking partners and all of your legitimate, law-abiding customers. Allowing responsible KYC to fall by the wayside is unethical because it puts all of your loyal customers and associates into the line of fire.
  • Sustainability: Think you can cut corners? Put security on the backburner until you have more resources at your disposal? That’s a sure-fire way to drive your business into the ground. In the age of social media, word gets out faster than you could imagine. Any one bad apple among your customers can cause long-lasting reputational damage that you may never recover from. The only way to create a sustainable online business is to keep top-of-the-line security practices right from the beginning and to know every one of your customers.

At DalPay, we take a little extra time to get to know our customers. Our philosophy is that our customer is not just our client, but also the countries we do business with, our banking partners who make our business possible, and our employees who keep our business running. There are too many organisations in the online payments landscape that don’t share our holistic approach to KYC, and their lax attitude is harmful not just to themselves, but to everyone in the industry.

When a fraudster makes his way through a security system due to insufficient KYC practices and begins moving money around, he’s going to set off a red flag that begins a chain of reactions. Funds are frozen, payments are delayed and accounts are locked. That’s why a truly secure organisation is one that gets it right the first time every time.

When DalPay approves a client to become a direct merchant or a sub-merchant, that means the customer has gone through our rigorous KYC program.We have a clear picture of who they are and we’re certain that their business model and activities meet the requirements of our banking and country partners. Because of this, we’re confident that our merchants will never have their accounts locked, funds frozen or payments withheld.

KYC: The Essentials

There are countless know-your-customer methods practiced in the e-commerce industry, but there are four specific steps that a business must be willing and able to follow on a day-to-day basis to ensure a responsible level of security.

  1. Customer Acceptance Policy – The first step is to realise that you can’t accept every customer that comes your way. You need to develop clear and explicit criteria for who you do business with and perform due diligence to ensure that all of your customers are operating under their real name and are not associated with fraudulent or criminal activities.
  2. Customer Identification Procedures – Beyond customer acceptance, you need to develop and outline procedures for customer identification at every step of the relationship, from submitting personal information such as addresses and bank accounts to carrying out a transaction and shipping a product. Fraudsters often try to infiltrate existing, “verified” accounts and therefore you need to be able to confirm your customer’s identity at every interaction.
  3. Monitoring of Transactions – E-commerce is full of patterns and when something doesn’t fit in to those patterns then it might be a red flag. The third step in an effective KYC program is to be able to identify unusual and high-risk transactions, such as very large or complex transactions or those that operate contrary to the normal behaviour of your customer base. These transactions should be subjected to a higher level of scrutiny.
  4. Risk Management – An organisation’s risk level can never be reduced to zero and particularly in e-commerce there are risks around every corner, so no KYC program is complete without established risk management procedures. Internal audit and compliance functions as well as company-wide training programs should be in place to minimise the frequency of risky activities. Customer accounts and specific transaction types should be categorised by their risk level and put through the appropriate level of due diligence.

Don’t be one of those businesses with money launderers and terrorist financers operating right under your nose. Follow these four steps to allow your business to operate securely, ethically and sustainably while complying with established KYC regulations. By knowing your customer from the very beginning, you can greatly reduce your short and long-term risk levels and provide a safe and reliable product or service to your clientele.


Prepare Your Business for Cyber Monday

Cyber Monday

Black Friday, the day after Thanksgiving in the US, is consistently that country’s busiest in-store shopping day. The following Monday, aka Cyber Monday, which began life as an online equivalent of Black Friday, has in recent years extended beyond the US to become a global phenomenon. Since 2010, e-commerce sales on Cyber Monday have risen between 16 and 22 percent each year in the US and it has become one of the busiest online shopping days in much of Europe and the world, second only to Singles’ Day, celebrated primarily in China on November 11th.

Singles’ Day began as an alternative to Valentine’s Day in China and e-commerce giant Alibaba began leveraging it in marketing materials in 2009. In 2013, the holiday surpassed Cyber Monday as the world’s busiest online shopping day and this year, Alibaba alone recorded over $9 billion in sales on Singles’ Day.

You’re not likely to compete with those sales, but there’s a lot you can get out of Cyber Monday, both in the form of sales and in attracting new customers. However, an “if you build it they will come” attitude is not going to be enough to secure a lucrative flow of customers to your web store. In 2014, Cyber Monday falls on December 1st, and if you want your business to make the most of that day, there are a few things you should do to prepare.

Prepare your Marketing

On Cyber Monday 2013, more than 4.1 million items were purchased through Amazon in the UK alone. But Amazon is a household name, almost as well-known as the concept of online shopping. On top of that, Cyber Monday is known as a day of deals, when web stores offer their biggest sales of the year. This is all to say the competition is stiff, and if you want people to visit you online, you need to give them a good reason.

  • Awareness: The public needs to know what you’re offering. Spread the word using social media, email marketing campaigns, banner ads on your website, advertising on sites such as Groupon, search engine marketing (SEM), etc.
  • Appearance: Customised landing pages and backgrounds leading up to Cyber Monday can get your visitors excited about the prospect of taking advantage of sales. Associate your website with Cyber Monday so that when your customers think of savings, they’ll think of you.
  • Timing: Building up the anticipation among your customer base is a great way to ensure their patronage when the deals drop, but if you do this too early you could disrupt your current sales by encouraging visitors to hold off on purchases until Cyber Monday. Tease your deals early, rather than announcing them outright, with hints like “Sign up for our email list to be the first to hear about our Cyber Monday plans.”
  • Repeating: Chances are you’ll be receiving a lot of new traffic, so encourage visitors to sign up on your homepage as well as during the checkout process. Make a note of all customers, both new and existing, who made purchases on Cyber Monday so that next year you can target those customers directly.
  • Maintenance: This one is often overlooked even though it’s one of the most important things to be aware of on Cyber Monday: can your website handle the traffic? If your website crashes because too many people are trying to shop, you can be sure that many of those people won’t come back. Check on your bandwidth capacity and the traffic you’ve had in the past and make sure your web host has more than enough headroom to handle the mad rush. You can make more new customers on Cyber Monday than any other day of the year, but if you’re not ready for it you could find yourself losing customers.

Prepare your Security

As ever, there is a dark side to one of the busiest online shopping days of the year. With the amount of money that will be flowing through the e-commerce industry on Cyber Monday, there will be no small amount of hackers trying to take some of it for themselves. The promise of deals and the charm of holiday greetings are often used to disguise malware and many of your visitors could already be infected, so you need to make sure your website is fully prepared to sustain any potential attacks.

  • Firewalls: Security experts are always trying to find new vulnerabilities before the hackers do, and each time they get more sophisticated so do the hackers. Regardless of the size of your business, firewalls are only as strong as they are up-to-date, so make sure to have the latest rules and restrictions installed.
  • Patches: To circumvent firewalls, many attacks can happen through legitimate applications installed by your business. Firewalls view these programs as trustworthy, but if the program itself is vulnerable, hackers and malware can get into your network using that hole in your security chain. Before the highly vulnerable shopping season begins, make sure all of your applications are updated with the latest patches from the manufacturers.
  • Traffic: It may seem like a big job, but monitoring the traffic on your website is more important on Cyber Monday than any other day. Cybercriminals attempting to make fraudulent transactions are counting on going unnoticed due to the heavy traffic. Make sure to have enough staff on hand to address any red flags in your system in a timely manner.
  • Communication: Social media is not just for marketing. Make sure you have enough staff on hand on Cyber Monday to monitor and engage in social media channels and respond through your customer service channels so that you can be the first to know if any shoppers are experiencing any bugs in your system or if any fraudsters or phishing sites are trying to take advantage of your customers.
  • Maintenance: We’re going to repeat ourselves and say once again that it’s absolutely vital to have the necessary bandwidth capacity to handle the spike in traffic on Cyber Monday. If you’re unprepared, the heavy load can cause some features to malfunction and open up vulnerabilities that hackers can use to launch an attack. Contact your web host to make sure you have the headroom to run smoothly even if your wildest sales predictions come true.

For more information about preparing for Cyber Monday, check out this handy infographic and visit the DalPay Blog regularly for more tips about online security and how to get the most out of your web store.