Although you might think that customer onboarding in the digital era would be much easier than a few decades ago, there are numerous potential hurdles for organisations to consider.
Governments are passing new policies aimed at improving data privacy for their people and demanding better protection for investors. At the same time, organisations also face growing competition in their respective industries to reduce friction in the customer onboarding process. Here’s how digital identities can optimise onboarding processes while also prioritising adherence to regulations.
Prioritising Data Security and Privacy
GDPR and equivalent legislation have had a profound impact on global regulatory compliance efforts in the past year. Generally speaking, governments are becoming more focused on implementing laws that protect citizens on a global scale. This especially applies to online data privacy and data security. While there has been a renewed focus from organisations to emphasise compliance during the onboarding process as a direct result of these regulatory changes, the fact remains that organisations are mostly unprepared to provide comprehensive data security solutions.
This is largely because organisations, especially those in the financial services sector, have a legal responsibility to meet KYC and AML requirements. This means that they have an obligation to mitigate legal or financial risks by finding out some information about their customers in order to avoid potential cases of money laundering, fraud, or other crimes. In many scenarios, GDPR may contradict these regulations, adding to the friction between organisations and customers during onboarding. Nevertheless, GDPR and KYC/AML must co-exist, even if there is scrutiny from both sides. Therefore, organisations have to find a way to prioritise the fulfillment of both sets of requirements without increasing friction for the customer during onboarding.
So what are some additional issues that organisations face in regards to regulatory compliance? The vast majority of organisations are quite proactive in adopting policies that are compliant with regulations. Yes, it is true that some organisations have had to change their marketing strategies and/or business models to remain operational in places where data privacy laws have been implemented. For example, the world’s 500 largest corporations are on track to spend a total of $7.8 billion to comply with GDPR. Despite a willingness to comply, some potential flaws are not being properly addressed.
According to a report published in 2018, software vulnerabilities may be one of the major sources of future GDPR compliance issues. Simply put, organisations lack the cyber expertise required to prevent hackers from executing database hacks or code injections. Consequently, we have seen a number of cases where sensitive data is exposed. These are not just theoretical scenarios. They have already manifested as real-world problems that need to be addressed. For instance, prior to the implementation of GDPR in 2018, the security team at LocalTapiola, a Finnish financial services company, conducted an internal hackathon. They found that “14 percent of the vulnerabilities reported during the event touched consumer data in one way or another.”
Further research indicates that approximately 25% of software vulnerabilities have GDPR implications. GDPR requires organisations to notify such bugs or breaches “without undue delay and, where feasible, not later than 72 hours after having become aware of it.” According to the “Hacker-Powered Security Report 2017”, HackerOne found that the fastest industry, ecommerce & retail, takes an average of 31 days to fix a reported vulnerability. The slowest industry takes 90 days. In the case of a data breach, an organisation runs the risk of exposing digital identities. In turn, this could lead to major fines levied by governments and long-term loss of customer trust.
Onboarding and User Experience Friction
While it’s essential that organisations comply with GDPR and other similar laws, it’s also crucial to streamline the customer onboarding process and to choose solutions that improve customer retention rates. With stats from 2017 showing that 19% of people believe their personal data online is not secure, and 21% believe their data is neither secure or insecure, you can imagine how this would impact a sign up process.
Despite the fact that users are more skeptical/concerned than ever before about how their data is managed, users also consider other factors like the convenience of using web technologies when choosing which sites and products to adopt. As this concept applies to KYC checks for financial institutions (or any other types of organisations), potential customers will be more likely to utilise options that feature fast, simple-to-understand approval processes over those that don’t.
If a customer thinks that the information required to sign up for a particular service is too intrusive or irrelevant, these factors can create increased onboarding friction points. At the same time, it is the responsibility of an organisation to err on the side of regulatory caution to avoid potential AML/KYC breaches.
Maintaining Data Security of Digital Identities
Even with organisations that actively prioritise data privacy, the security of digital identities is at risk simply due to a reliance on older database technologies. This often applies to business but can apply to government as well. For example, in 2015, the US Office of Personnel Management (OPM) was hacked, exposing the digital identities of 22 million government workers. At the time, this equaled to roughly 15% of the US population.
For financial institutions, it’s important to understand the data security track record of your organisation as well as the technical details of your current or potential KYC solution. Organisations must also look towards adopting a solution that is continuously effective in complying with new government regulations as well as preventing emerging security vulnerabilities. In summary, effective digital identity management goes far beyond the initial onboarding process.
Improving the Onboarding Experience with SingleSource
As highlighted above, organisations and individuals alike face catch-22 scenarios on a regular basis when it comes to meeting data compliance standards and reducing friction points of identity management. This is why SingleSource has developed a product called eKYC. Our solution complies with relevant global privacy standards, including GDPR. It also aligns to the highest e-KYC standards.
For customers, the process of submitting identity information to organisations with eKYC is fast, simple, and secure. For organisations, the data points collected are robust. Our Fraud Intelligence Engine (FIE) uses proprietary algorithms and machine learning to ensure data accuracy and generate a risk score for each potential customer. Click here for more details on the capabilities of SingleSource eKYC, and how it can with the the requirements of your organisation.