As technology advances, the threat to digital security and identity protection becomes greater, forcing regulations to quickly adapt.
But in a space that’s constantly changing, how can anyone really keep up?
It starts by knowing the basics and breaking down many of the common terms and acronyms being thrown around today.
Sunil Madhu founder and CEO of Socure, joined Karen Webster to give context to some of the compliance concepts trending in the industry and also share his thoughts on what’s coming next down the regulatory pipeline.
Know Your Customer (KYC), which is also referred to formally as Customer Identification Program (CIP), is the process by which identities are verified as being legitimate or not. Madhu explained that there are two segments of KYC — customer due diligence and enhanced due diligence.
Customer due diligence covers the steps a business must take to identify and verify a consumer that is interacting with them digitally. What they have to do in those circumstances — the processes and procedures put in place — varies based on the specific flow and how high-risk that customer may be.
In the KYC/CIP space, one of the latest trends Madhu identified is robo-compliance — the application of machine learning and real-time analysis of online social and offline data together.
“The funny thing is that the use of online social data in the world of compliance has been kind of a dirty little secret,” Madhu said.
He noted that regulators and compliance officers are often finding that using traditional methods alone to identify and accept good customers isn’t working, which is why many turn to online social data behind the scenes.
By using social networks, like Facebook, LinkedIn or even just looking up someone’s name on Google, they are able to leverage socially based data to verify a person is who they say they are.
The compliance space is now at the forefront of recognizing the use of online social data as an adjunct to using credit data as a mechanism for verifying people at scale, for both financial inclusion and for compliance, Madhu explained.
By using online social data, regulators are also able to cover and identify a newer demographic of consumers who are typically left off the traditional credit data mechanism.
Why Compliance Is Going Social
In a world where data breaches have made it easier than ever for cybercriminals to access all the data they need to hack the identity of an individual, Madhu said social biometrics is the predominant way to flush out the bad guys from the good guys.
The Socure identity verification platform utilizes social biometrics — a person’s digital footprint — to validate digital identity. Alongside social, data is aggregated and correlated across email, phone, address, IP and other offline data to build a complete identity picture. This approach makes it easier to spot when the data that makes up an identity has been stolen and repurposed, such as changing an email address or a phone number to make it easier for the attacker to take over an existing account or establish a new one.
“The alterations on the identity is something that you can validate very easily in this way, because, if you look at the online presence associated to those real attributes versus the modified attributes, there’s a stark difference,” Madhu pointed out.
Synthetic or altered identities tend to lack the depth and online/social proof that legitimate identities naturally have.
But Madhu said both regulators and the industry itself are catching onto the power digital identity has in compliance.
“The market is really adapting to realize that, in order to solve for the problem of coverage and the problem of easily available stolen data, that they have to look beyond just the [credit] bureaus,” he noted.
The data that’s used by the credit bureaus to verify identities can easily be manipulated and compromised, whereas it is much more difficult to spoof a person’s entire social network, digital identity history and online interactions.
The Human Element
Though compliance is shifting towards very digitally powered tools and solutions, such as artificial intelligence, there’s still a need for people in many processes.
Madhu used anti-money laundering (AML) as an example of compliance that is very process-driven and manually intensive. In some cases, it can take several months of ongoing procedures to determine if a transaction represents a money laundering event or not.
“I don’t ever see human workers being displaced at scale in compliance,” he said.
When it comes to tools like robo-compliance, the goal isn’t to remove all human elements but to instead turn a manual, paperwork-driven approach to something that is real-time-driven by machine learning. This enables data to be processed at a scale at which a human worker would not be able to attain.
Madhu explained that robo-compliance is a tool that actually enables people to do their jobs more effectively by assimilating data and looking for patterns of use across different types of data in real time.
If Madhu could issue the regulation and compliance guidelines himself, he said that the use of trusted online and offline data in combination would be standard. By using both types of data together to verify identities, businesses can ensure that they are addressing customer due diligence and enhanced due diligence, he explained.
In the future, it’s possible that blockchain will also play a role in being able to verify true digital identities.
According to Madhu, blockchain could end up becoming a platform for identity verification because all of a person’s transaction history can be used as a proxy for their identity.
“You are how you spend your money, or you are what you buy,” he pointed out.
As innovators continues to pull apart the technology to find out how it can be implemented in closed-loop blockchains, the potential is there for it to be utilized for much more than just cryptocurrency.
As the blockchain advances, it’s being put to the test for data, like transactions, procedures and even adding layers of business logic.
“The blockchain itself is evolving into a more mature form of a distributed database,” Madhu said. This will make understanding a consumer by their transaction history realistic, if and when that technology becomes more prevalent.