Certified liveness detection a must for FCA recommended customer selfies
With so many people around the world reduced to essential travel only, financial services firms have had to look for new non-traditional methods to verify their customers’ identities whilst still meeting AML and KYC obligations.
In the UK, the Financial Conduct Authority (FCA) has offered to relax rules and provide some insight on new methods financial services providers can put in place to help verify a customer’s digital identity.
An FCA letter dated 31 March 2020 does not relieve financial services firms of their obligations under the Money Laundering Regulations 2017 (MLRs). Firms must continue to comply with the legislation and ensure that appropriate safeguards and additional checks are in place to assist with client identity verification.
Striking the right balance between customer experience and security remains a priority and it is critical to ensure that customers stay protected against identity fraud. The onus is on financial services firms to accurately verify their users’ online identities.
The MLRs and Joint Money Laundering Steering Group guidance already provide for client identity verification to be carried out remotely and give indications of appropriate safeguards and additional checks which firms can use to assist with verification.
Fortunately, there are ways to make sure that using selfies to identify customers still meets with KYC and AML compliance mandates.
At Jumio, we leverage a selfie as part of the online identity verification process and typically capture it within an app or mobile web experience. We’re capturing a selfie so we can corroborate the digital identity of the remote user to make sure the picture in the selfie matches the picture on the driver’s license, passport or ID card. But, just as important, we have embedded certified liveness detection into the entire process.
In fact, what we capture isn’t really a selfie – it’s a selfie video. As part of the selfie-taking process we ask the user to position their face within an oval on the screen, about 12 inches away, and then move a bit closer. The entire process takes just a second or two, but it allows us to capture hundreds of frames within that video to definitively assess whether the person is physically present, based on capturing the micromovements and other biometric data that senses liveness.
If the user is allowed to send a single selfie picture, banks and financial institutions are much more vulnerable to spoofing attacks since a fraudster could find a picture of someone else online and pass that off as a genuine selfie. Most bank professionals performing manual review would presumably be none the wiser.
The real concern here is that financial institutions run the very real risk of onboarding bad actors and cybercriminals because the requisite fraud measures and review processes are no longer in place. And then there’s the issues of culpability and liability. Assuming a financial institution follows the guidance of the FCA and they’re subsequently defrauded, who’s responsible for the losses?
With identity theft and account takeover risks at stake, businesses must take the necessary precautions to ensure that a customer is who they claim to be online.
Jumio’s Identity Verification and Authentication solutions leverage the power of biometrics, informed AI and the latest technologies to quickly verify the digital identities of new and existing users. With Jumio, KYC and AML compliance becomes much easier to achieve. Users are taken through a quick series of steps that includes ID capture, a quick corroborating selfie with liveness detection, and a definitive yes or no decision – all of which happens in seconds.
Adopting ID, identity and document verification solutions ensures companies know the customer signing up for an online bank account or performing a digital transaction.
This is particularly important for organisations involved in relief and assistance during the COVID-19 crisis, as they need to quickly and accurately identity proof their users to ensure critical services can be delivered and trusted.
Sponsored insights by Jumio