Think you’re safe with KYC protection? Think again…
(… and we have data to back this - read on)
In a world where digital payment fraud is becoming more sophisticated and elusive, many digital merchants rely on KYC as one of the pillars of protection to get through these unsettling times.
And for good reason, we might add. After all, the concept of knowing your customer through email, phone, and all sorts of document verification (among other things) is vital to assessing customer risk.
KYC doesn't quite prevent payment fraud. In fact, there are cases where it can often have the opposite effect, as our data shows.
KYC is not quite an anti-fraud measure
We analyzed all of the transactions in Q2 2022 for all of the crypto companies we work with and made this troubling discovery:
76.97% of the reported fraud in gross merchandise value (GMV) came from users that passed KYC protocols.
That’s three out of every four users who were verified as legitimate.
The conclusion is pretty clear - KYC isn’t as effective in the fight against payment fraud as you believe it is.
Why is this happening?
Let’s make one thing clear first - we are not bashing KYC.
There is no denying KYC can be a useful tool in filtering out bad actors. After all, it’s part of the regulation and almost unanimously considered as one of the most beneficial ways to block fraudsters.
But it’s far from a foolproof system:
Documents pose a loophole
As you know, the brunt of verification is done via document scans. Unfortunately, these are fairly easy for fraudsters to leverage, whether through manipulating existing information and documents obtained through the dark web, creating new documents with proper selfie photos and original personal and financial information, or making a combination of the two versions.
This makes document scans one of the easier and straightforward ways to circumvent user authentication.
Lack of universal standards
It doesn’t help that KYC verification doesn’t have universal standards with a broad variety of documents from different countries. Meaning, passports and IDs from across the world differ from one another in terms of features, making it extremely difficult to authenticate them.
Fraudsters are becoming increasingly sophisticated
Most importantly, fraudsters are becoming more intelligent, cunning, and pervasive. An apt metaphor would be a strong virus (as this is most certainly an online plague) - they evolve and learn how to break defenses with new practices.
In that sense, KYC has a somewhat antiquated status. It has trouble keeping up with and fully comprehending the nuance of scammers and how they operate.
Social engineering effectively navigates around KYC as several different approaches aim to extract the user’s credentials. Whether it’s posing as a customer service rep, law enforcement official, or even a victim’s family members, $6.9 billion was stolen in 2021 with social engineering scams playing a major role.
Their effectiveness is all the scarier because the “engineering” part doesn’t require any technical skill whatsoever like cracking a password. Simply by pretending to be someone else, fraudsters aim to dupe a person into giving them sensitive and highly damaging information.
KYC-approved accounts have become a commodity
Cybercriminals routinely bypass KYC checks and gain access. In fact, there’s an entire black market where KYC-approved accounts are hot commodities and valuable assets that certain fraudsters want to buy from fellow criminals.
So, not only does KYC fail to help payment fraud prevention - it even helps the fraudsters' cause, in a way.
All of these factors combined lead us to a harsh truth:
KYC compliance isn’t enough to fight payment fraud.
What can be done?
Technology needs to be made a focal point of defense.
At the moment, there is no comprehensive regulation that can meaningfully help digital merchants (that’s just how the game is “rigged”) so the only way they can protect themselves is by relying on predictive artificial intelligence.
AI can uncover all the subtle differences that discern fraudsters from genuine buyers, and make accurate, real-time decisions without adding additional layers to the customer experience.
Through the use of behavioral and contextual analysis, it can not only make KYC processes more efficient and successful but also eliminate any type of friction coming from it. In turn, the conversion rate increases significantly as you “save” customers who otherwise wouldn’t get to the end of the funnel.
As AI continuously trains and learns, it can adapt to fraud patterns and stay up-to-date with whatever fraudsters scheme, even providing an explanation as to why a certain event is considered to be fraudulent.
If it helps, consider such a fraud detection and protection solution a competitive advantage. Early identification of possible fraud improves the merchant’s image among its customers and boosts their satisfaction and loyalty.
There’s more damage than meets the eye
There is too much at stake to rely on KYC as one of the definitive answers to all the fraud challenges out there.
Let’s not forget the broad picture and collateral damage here: lost revenue of an entire LTV of a customer, alongside the reputational damage a digital merchant takes on the way. A buyer who gets scammed is likely to seek out a new place to shop, for example.
So at best, it needs to be a part of a multi-layered approach to preventing fraudulent activities.
In combination with an AI-powered framework, it can reduce the effect fraudsters have on payment transactions - all without disrupting the experience for legitimate users.