Why Your Payment Security Strategy Should Include KYC and SCA Compliance (Yuri Kropelnytsky)

Why Your Payment Security Strategy Should Include KYC and SCA Compliance (Yuri Kropelnytsky)

Source Node: 2597710

More than ever, it’s crucial to keep your customers safe from threats and ensure they have a smooth payment experience. This is where Know-your-customer (KYC) and Strong Customer Authentication (SCA) come into play.

In this article, we’ll delve into the ways in which these processes can help you design a smooth customer experience and secure payments. We will also provide an overview of 3DS2 and explain the differences between various KY terminology, such as KYC, KYB, and KYT, and why they are significant.


What is KYC?: Verifying Customer Identity

KYC verifies customer identity to prevent fraudulent activities such as identity theft and money laundering. For B2B businesses, financial institutions, and even some federal banks, it is mandatory to collect necessary identification documents like passports or address proofs to verify their customers’ identities. 

This process, also known as Customer Identification Program (CIP), is a critical component of financial regulatory compliance. Like KYC, CIP involves collecting and verifying information about a customer’s identity, such as their name, date of birth, address, and other identifying information.

In addition, financial institutions also need to establish a Customer Acceptance Policy (CAP), which confirms the identity of a potential customer before agreeing to conduct business with them. Together, CAP and KYC form the foundation of a comprehensive customer due diligence program, helping to reduce the risk of financial crimes and ensure compliance with regulatory requirements.

In Europe, KYC holds particular significance as it is required to comply with the Anti-Money Laundering Directive (AMLD). By adhering to KYC protocols, businesses can safeguard themselves against fraudulent activities and maintain a secure and legitimate business environment.

This doesn’t mean KYC is limited to Europe. The U.S. Financial Crimes Enforcement Network
(FinCEN) requires both customers and financial institutions to comply with KYC standards to prevent illegal activity, specifically money laundering.

Document Authentication

What is SCA?: Keeping Online Payments Safer

Strong Customer Authentication (SCA) is a security measure that protects customers by using two or more authentication factors. All businesses operating in Europe must comply with SCA, as per the

revised Payment Services Directive

SCA applies to customer-initiated online payments in Europe and online card payments in the European Economic Area. The latest version of 3DS2 offers additional layers of protection and liability guarantees.

With the growing adoption of SCA worldwide, it’s been anticipated that
SCA initiatives will emerge in the United States
, either at the federal or state level. U.S. e-commerce merchants and processors should prepare by incorporating SCA capabilities and exploring transaction-based exemptive relief options. 

This may involve reviewing existing payment processor agreements to maximize exemptive relief availability or switching to a cost-effective processor that can provide it.


The Merging of KYC, KYT, and KYB

An emerging trend in the Anti-Money Laundering or Countering the Financing of Terrorism (AML/CFT) space is the merging of Know Your Customer (KYC), Know Your Transaction (KYT), and Know Your Business (KYB) processes.

KYC involves identifying and verifying customer identities, KYT monitors and analyzes customer transactions for suspicious activity, and KYB verifies the identity of business entities.

By merging these processes, businesses can create a more comprehensive and efficient AML/CFT program that covers the entire customer journey. This can help reduce the risk of financial crimes, improve compliance, and enhance customer trust.

sca laptop

2023 Trends in KYC and SCA

In today’s digital age, designing a smooth and secure customer experience (CX) is crucial for businesses, and incorporating Know Your Customer (KYC) and Strong Customer Authentication (SCA) can play a significant role in enhancing CX. As we move into 2023, several trends are emerging in the KYC space, such as e-KYC, AML, digital KYC, and forensic checks, leveraging biometric information, distributed ledgers, and AI. 

Biometric Authentication

One of the most significant trends is the use of biometric authentication, such as facial recognition andvoice recognition, to enhance KYC processes. This provides an added layer of security and convenience, allowing for a smoother authentication process. 


Artificial intelligence

The trend of using
AI and machine learning to automate KYC processes
is gaining momentum as it saves time and resources while improving accuracy and efficiency.

Forensic checks using AI algorithms authenticate uploaded documents during digital onboarding to enhance consumer identification and verification, mitigate fraud risk, prevent money laundering, and validate document authenticity. 

Advanced ML/AI algorithms can detect fraud more effectively than current client screening tools, which have high false positives. However, it is essential to have parameters to ensure AI techniques operate within a contained and understandable framework.

Blockchain Technology

Another trend is the use of blockchain technology to create a shared KYC repository that can be accessed by multiple parties, thus reducing duplication and improving efficiency. This can also enhance security and privacy, as blockchain technology is known for its secure and tamper-proof nature.


eKYC refers to the digitalization of KYC procedures, which enables remote, paperless verification of a customer’s identity. It stands for Electronic Know Your Customer and is a cost-effective and less bureaucratic approach to traditional KYC processes.

Document-Free Verification

Document-free verification will become more widely adopted, allowing users to confirm their identity through a quick face authentication check. 

Stricter Global Requirements

Worldwide, regulatory requirements will continue to tighten, with more countries implementing the Travel Rule and stricter data protection measures. 

Companies must prepare for increased scrutiny and ensure they comply with regulatory requirements, such as expanding KYC due diligence to include ESG factors. Regulatory organizations such as FATF are scrutinizing ESG violations more closely, and companies with poor ESG scores risk damaging their reputation. 

In addition, KYC crypto regulations are also changing, with similar rules to Switzerland’s identity verification for transactions over 1005 USD expected to be introduced in other countries.


Verification Orchestration

Companies will need to personalize their KYC processes to different types of customers based on their characteristics. This can be achieved through

verification orchestration
, which allows companies to create user verification workflows tailored to specific risk scenarios.

Digital Identity in Daily Services

As we head into 2023, we can expect to see a further increase in the use of digital identity in daily services. To confirm identity, there will be a shift towards using passive biometry, which means an “always-on” mode of confirmed identity rather than a one-time face recognition check. Additionally, digital KYC verification, such as video-based and non-assisted modes, will gain greater acceptance for digital onboarding

Web 3.0

It’s expected there will be further developments in Web 3.0
and related verification solutions. This will lead to the emergence of a new form of digital identity, and companies will need to develop new products to implement.

These changes present an opportunity for forward-thinking banks that can anticipate these shifts and take proactive steps to ensure compliance while providing a seamless customer experience. 

However, advanced fraud techniques are expected to continue in 2023, and companies must be prepared with robust anti-fraud measures that can detect and prevent these sophisticated fraudulent activities.

KYC as a Profit Center with Automated CLM

We predict that in 2023 we will continue to see the transformation of KYC from a cost center to a profit center. By providing better KYC experiences to attract and retain customers, fintech companies can turn KYC into a competitive advantage. Automated Contract Lifecycle Management tools (CLM) enable companies to gain a complete picture of their customers and offer the right products at the right time, ultimately providing more value to the customer.

lessons learned from KYC failures

Lessons Learned from KYC Failures

Financial institutions such as Danske Bank Estonia and Santander UK faced hefty penalties recently due to inadequate KYC measures and ineffective AML control frameworks. 

Danske Bank allowed high-risk customers to transfer large sums of money with little oversight in 2022, exposing the bank to financial and reputational damages

In the same year,
Santander UK
failed to establish and maintain an effective risk-based AML control framework and monitor transactions, resulting in a £108 million penalty for allowing a money service business to operate through one of its accounts. 

These examples highlight the importance of ongoing KYC and transaction monitoring to reduce the risk of financial crimes and regulatory penalties. 

Several other banks, such as BitMex, Commerzbank AG, Deutsche Bank AG, Skandinaviska Enskilda Banken, Goldman Sachs, and Westpac, have also faced high fines due to similar
KYC failures in the past five years.

Ensure the highest level of KYC Compliance

To plan a strategy for KYC compliance, we recommend following a
KYC Due Diligence checklist
, such as the following: 

  1. Identify the customer and verify their true identity, which involves a strong customer identification procedure through collecting necessary information, checking if the customer is a politically exposed person or listed on the Sanctions List, and validating the ownership of the identity document with an image of the document and the customer.

  2. Assess customer requirements and risks, evaluate the possibility of the customer committing crimes such as money laundering or terrorist financing, estimate the risk of possible reputational damage, and obtain information on the reasoning and intended nature of the business relationship.

  3. Identify the beneficial owner and verify their identity.

  4. Perform ongoing monitoring and record-keeping, as it is crucial to investigate existing customers’ activity and monitor it consistently, just as it is during the customer onboarding process.

KYC checklist

A Final Word

To keep up with the ever-changing trends in KYC compliance, companies should adopt a comprehensive approach and

leverage modern technologies
. Forward-thinking banks that anticipate these changes and take proactive measures stand to benefit from this opportunity. 

Companies can reap significant rewards by developing a next-generation KYC program with a thoughtful strategy and persistent effort, including reduced costs, risks, and penalties, enhanced customer and employee experiences, and increased revenue.

Time Stamp:

More from Fintextra