Shufti Pro provides ‘next generation end-to-end Identity Verification services’ including Know Your Customer (KYC) and Know Your Business (KYB) solutions. We sat down with CEO Victor Fredung to discuss how these technologies can help merchants and enterprise businesses protect themselves against eCommerce fraud, account takeover attacks, and more.
1. For merchants that don’t know, can you explain the principles behind Know Your Customer (KYC) and Know Your Business (KYB) fraud prevention models? What are the effective elements of these programs, and how are they relevant to eCommerce specifically?
We know that worldwide digitalization of services has exposed us to a great degree of risk. Digital ID theft, account takeover fraud and mobile attacks are real threats and cost millions in lost dollars every year. For the same reason, regulatory bodies and financial regulators are strengthening their grip on business practices, and placing due importance on compliance procedures.
In this respect, KYC and KYB fraud prevention models offer identity verification procedures that stamp out any notion of fraud and money laundering from a business transaction. The idea is to gather adequate information about a customer, both individual and business entity, in the form of identity, origin, registration and other elementary details. High risk individuals, or businesses involved in suspicious activities can easily be detected with the help of screening methods that act as layers of security to protect you from bad actors.
The applications are profound. We’re looking specifically at consumer-centric industries such as ecommerce, retail, banking, healthcare, and now increasingly at cryptocurrencies and FinTech solutions that aim to optimize risk while onboarding customers online.
2. Your website states that your facial recognition technology uses ‘AI (Artificial Intelligence), HI (Human Intelligence) and ML (Machine Learning)’. Can you explain a little about what the analysis process is, and the role each of those players plays in it?
Artificial intelligence is the use of machines to carry out tasks that previously only humans could do. That’s where our software comes in. Shufti Pro’s AI and ML algorithms extract, screen and store data to perform real-time verifications. We use these to detect if, say, ID documents are doctored, or if a person is really present in real life while taking a selfie.
At Shufti Pro, we integrate both HI and AI to fully ensure the accuracy of verifications. What this really translates into is a concept known as augmented intelligence. Machines alone cannot take full control of the decision-making process, without a professional’s (HI’s) final say.
We understand that the consequences of a failed verification may be serious, especially for companies with large turnovers. This is exactly why we develop and implement hybrid technology solutions such as these, catering to businesses with highly accurate and state-of-the-art software.
3. You offer face and document verification solutions. What would you say to merchants who feel that these methods will increase customer friction too much to be viable for day to day eCommerce transactions?
As a business, you have to understand your customer and know why it’s important to verify every single one of them. Not only do fraudulent transactions thwart your chances of making higher profits, they also damage your reputation with customers and shipping services. Growth dampens by simply ignoring the need for authentic buying transactions and maintaining a trusted client base.
It is also true that customer friction is an issue that has been dealt with by leading verification providers to cater to rising concerns of inefficiency. At first, it may seem like verification procedures cause friction in onboarding processes, but efficient and fast API solutions that perform real-time verifications have minimized those risks. Shufti Pro performs facial recognition or document verification in a record time of under 60 seconds, doing away with such concerns.
4. 2FA is another common method used to add additional security to accounts. How do you recommend merchants strike a balance between security and customer friction? What does the optimal 2FA experience look like for both merchants and end-users?
This balancing act between customer experience and fraud prevention is probably one of the top most fraud challenges faced by online businesses. Ensuring fast and easy service delivery requires that firms look deeply into their customer networks and understand where deploying additional security layers is absolutely necessary. Industry insights and fraud prevention trends will help make identity verification an easy strategic decision for companies that prioritize agility.
With 2 factor authentication, a company chooses to add extra security to customer data, while still maintaining mobility that customers expect. A simple username and password is not enough to protect something as crucial as personal data, and must be dealt with the same way.
An optimal experience therefore entails the use of appropriate multi-factor authentication to verify a user’s identity at account login. The most convenient options include text message code, email one-time pins, voice calls, tokens and push notifications.
5. Can you give us an example of the type of fraudster activity a KYC program will catch, that a traditional eCommerce fraud prevention method will not?
A KYC program differs fundamentally form an ecommerce fraud prevention service, in that it provides a smart data solution. While collecting data during signup processes is necessary, directing the information strategically is a different challenge altogether. Leading KYC services allow users to generate reports and manage data including visual evidence to collate customer profiles.
For instance, during CNP (card not present) fraud, stolen identities are used to create multiple fake accounts online to conduct fraudulent activities. Smart verification solutions can detect such patterns during identity verification at account signup.
It’s really all about connecting the dots from the right data sources and providing a seamless customer experience.
6. Can you give us an example of a time when a fraudster tried to trick your technology and failed?
Shufti Pro has caught a number of facial and document spoof attacks this year, where imposters tried to trick the algorithm by making fake attempts. Most of the time it was the use of stolen pictures to try to login through Face ID, and other times a face mask was used to hide key facial features and tried to appear to be an authorised user.
As far as document fraud is concerned, fraudulent attempts were made at using photoshopped ID documents that are usually expired, and try to pass them on as valid proof. Attacks are now well thought out and it seems that bad actors are keeping up with technology to break into online accounts.
We must be prepared. Our technology, both AI and HI, have been able to block any such attempts at gaining undue access to sensitive personal accounts, ensuring both financial and emotional safety.
7. Account takeover is one of the biggest trends enterprise companies are dealing with. What are the best practices for a Know Your Business (KYB) program designed to prevent these kinds of attacks?
As part of an effective Know Your Business Program, all entities must ensure that they are carrying out at least four types of business identification practices:
- Business Search
- Business Filings
- Business Networks
- Business Statements
The goal is to be able to verify and cross-check business details against global commercial registers and jurisdictions. This ensures that all previous business transactions and ultimate beneficiary ownership of the entity in question are analysed and screened before beginning a relationship with them.
8. Following up on that question, what role should management and executive leadership play in a KYB program? What is the work that goes into running a KYB program on a day to day basis, and who should be doing it?
As far as running it is concerned, a KYB specialist can look into operations and oversee the functions. The key is to ensure that compliance procedures are followed and ongoing reviews are completed. Based on client requirements, cases can be referred or escalated to relevant managers and business executives.
Considering the sensitivity of the KYB program, and the far-reaching impact it has in terms of business revenues and customer relationships, the role of executive leadership is also crucial. In most cases, regulatory compliances are strict and must be met within a time frame. Others are specific to high-value transactions or those originating from specific geographic locations.
9. Biometric authentication is another speciality you offer. What are some of the applications of this kind of technology in an eCommerce fraud setting?
The use of biometric technology for authentication is by far the safest and most efficient form of safety procedure. Unique characteristics such as facial patterns, fingerprints, iris and voice patterns are being increasingly employed to authenticate users at login.
For ecommerce, the opportunities are abound. Customers can login using biometrics, without having to enter long details every time they sign in or make a purchase. This streamlines the process for both businesses and customers, reducing chargebacks and fighting fraud.
For instance, address verifications performed in real-time by AI-based software are accurate in terms of both format and data. Shipping costs are reduced by cross-checking addresses while they are entered, and customers can benefit from smooth deliveries.
10. What kinds of measures do you take to ensure that you remain in compliance with data privacy legislation in various markets?
We are strong adherents to global regulations, especially privacy legislations that seek to protect vital client data and make virtual marketplaces safe. As data managers, we integrate strict security protocols and encryption standards to ensure that verification data is discrete. Our IT infrastructure is compliant with the requirements of the cyber essentials scheme of the Bureau Veristas Certification Holding SAS.
We are PCI Compliant providing strong security enhancements and covers against cyber attacks and spam. With 24/7 monitoring of data servers and information infrastructures, we are looking closely at data security, payment security guidelines, data integrity and a robust customer platform.
Shufti Pro complies with the requirements of the QG-GDPR Management Standards as proof of protection of client data. According to GDPR guidelines, we strive to comply with strict data privacy measures and are legally limited to use personal data for the purpose of verification only. User data is governed by strict rules that give customers full control over their personal details, with the legal right to opt in or out of services.
Data is collected directly from end-users or client and video proof is also provided to the client. Steps are taken to prevent security breaches to ensure data privacy and manage risk.