Making Great Customer Onboarding Experience

Even though we’re past the pandemic, its impact on digital experiences can’t be underestimated. It has changed how people access financial services. The digital revolution has increased the number of people who use a range of financial services across the globe.

It has significantly impacted how people send and receive money, borrow, and save. 

With a sudden shift in the way customers use the services, customer expectations have changed significantly as well. Compared to 10 years ago, Gen Z is now leading the Buy Now Pay Later industry.

These are the same consumers who are more than likely to see digital engagement as the industry standard and want a seamless customer onboarding experience for financial services.

What Consumers Expect from Customer Onboarding

According to a BAI report, “75% of millennials surveyed would switch banks for a better mobile experience.

Gen X on the other hand is looking to open more banking, saving, and loan accounts online. 

Salesforce also conducted a survey of what customers expect from financial services and found that 80% of customers consider user experience a part of the service that an institution provides. 

Around 30% of all customers abandon the onboarding process because it’s too long and complicated.

All the data points towards one thing. Financial institutions need to find a balance between seamless customer onboarding and simultaneously preventing fraud.

The best approach to providing great customer experience is to place identity at the center of customer experience. This can help brands build stronger relationships with customers based on trust.

Best Practices for Customer Onboarding

1. KYC in Financial Services

Know Your Customer is a series of checks every business has to do to verify a customer or entity’s identity. These KYC checks are done during customer onboarding and several moments during the customer lifecycle. 

Types of financial institutions that have to comply with KYC checks include:

  • Banking
  • Credit
  • Payments
  • Money Transfer
  • Cryptocurrency (Some jurisdictions).

Complying with regulations also helps in preventing financial crimes. It also helps businesses avoid many risks that come along with a failure to comply, including financial penalties, brand reputational damage, and more.

2. Building Trust and Reputation

Considering KYC checks and Identity checks as a service of your business makes good sense in this digital-first environment. 

To establish quality relationships with customers, businesses need to find the right balance between:

  • Personal identifiers
  • Identity documents
  • Behaviors and signals.

If a brand can successfully find the balance, it can instill greater confidence about its brand in a consumer’s mind right from the onboarding. 

For customers, well-designed KYC checks and ideal customer onboarding practices remove barriers and provide access to financial services. It has one more benefit as it removes the risk of fraudsters abusing the system.

3. Risk Assessment and Multi-Layered KYC Solutions

Taking a risk-based approach to KYC is a crucial part of ensuring customer onboarding meets the industry standards and prevents fraudsters from being able to access the service. 

A risk-based approach, including geography, finances, and other key demographics needs to be put in place.

Great customer onboarding solutions should have a built-in automated risk assessment. They show how much risk factors a customer has. The best KYC solutions for financial institutions are multi-layered, they combine risk management engines that search customer risk parameters.

4. Speed and Convenience Matter

Speed and convenience are as important as security when it comes to customer onboarding. Consumers don’t want to go through a customer experience that’s slow, clunky, and poor. 

To avoid customers abandoning the customer onboarding process, KYC in customer onboarding needs to be done in minutes. 

Quick KYC checks and good experience during customer onboarding help in building trust in a customer-business relationship.

5. Analyze and Adapt for Great Customer Onboarding

The best customer onboarding for financial services will aim to balance sign-up with compliance and risk management. To make the best customer onboarding solutions, businesses must provide analytics to improve the customer experience. 

Businesses need to know which OS, browsers, screen resolutions, and devices customers are using to sign up. Which part of the customer onboarding process is experiencing the highest number of drop-off rates? 

Businesses also need to focus on their customer onboarding conversion rate. How many prospects are automatically being accepted, rejected, or referred for review?

Identifying this data can create an improvement cycle that learns from mistakes, and continually evolves to enhance customer onboarding experience and conversion rates.

1. What are KYC, CDD, and EDD?

KYC is know your customer, it covers a number of activities such as identifying and verifying a customer’s identity. Customer Due Diligence (CDD) verifies the identity of a customer and also assigns a risk profile to the customer.

If a customer has a high-risk level, they have to go through enhanced due diligence (EDD).

2. When should businesses do KYC checks?

At a minimum, KYC checks should be done when onboarding a new customer. Ideally, businesses should do KYC checks when there are any changes to a customer’s situation.

The most robust KYC is an ongoing risk assessment, and it may be a requirement for EDD.

3. Who is responsible for doing KYC checks?

Any financial institution that is trying to onboard customers is responsible for doing KYC checks. This could be any activity, such as:

* Opening a bank account
* Getting a loan
* Real estate purchase, or more.

The customer has to go through KYC checks to be able to access services.


Vendor Fraud Practices and Prevention

Businesses often overlook fraud red flags. In the long run, this leads to monetary and reputational losses. Vendor fraud has become highly prevalent across several industries. When vendor fraud happens, the culprit could be someone from your own team or someone you trusted. It could also be a fake vendor that wasn’t verified properly. 

Every business needs to make robust and reliable partnerships with vendors to thrive. Fraudsters often take advantage of this reliance on vendors to trick businesses into making wrong payments. 

Here are some of the most common types of vendor fraud, and how you can prevent them:

Common Vendor Fraud Types

1. Phony Vendors

One of the most common methods of vendor fraud is fake vendors pretending to be legit. Fake vendors try to get businesses to make payments for fake services. It can take a long time before companies uncover the fraud.

In some cases, even employees pose as fake vendors to exploit known weaknesses in payment systems. Employees can set up fake vendors, and make fake invoices to get payments in their accounts.

Common red flags to uncovering fake vendor fraud include:

  • Photoshopped invoices
  • Photocopied invoices
  • Companies with no real-address
  • Sequentially numbered invoices
  • Companies with addresses of post offices

Companies should train their employees to check for red flags in invoices raised by vendors. If there’s a specific vendor that raises invoices just below the sum that needs approval from higher-ups.

2. Fake Invoices with Real Vendors

Sometimes an employee from your business and an employee from the vendor’s team can collaborate to come up with a scam. Both members of the team can collude to trick the business into making wrongful payments. 

A vendor may submit fake invoices, and an employee at the purchasing department will make payment for the amount. The payment is made to a personal account and split between the two. 

This type of fraud becomes common when the supplier and business teams are in close contact. To prevent this kind of fraud businesses must do due diligence before they hire their employees.

3. Kickbacks

If your business performs contract work, then kickbacks are another type of vendor fraud you need to be wary of. The person who approves the contracts could be receiving kickbacks from their vendors. Common red flags for this kind of fraud include:

  • Fewer bids than expected/needed.
  • Widely ranging bids on the same project.
  • Sudden and unexplained deadline changes. 

Kickbacks also happen when you’re paying higher prices for low-quality products. Making cash payments to your employees is the hardest to detect as there’s no record of these payments in company books. But they are reflected in higher pricing from vendors. Even fraudulent vendors need to cover their costs. 

To minimize losses, companies should always look for consistent shortages, communications that happen informally between vendors and staff, and poor record keeping.

How to Effectively Identify Vendor Fraud?

The key to fighting vendor fraud is knowing where to look. If you don’t know where to look for it, you won’t be able to detect it. Here are some basic measures any company can take to prevent vendor fraud:

  • Check for the vendor’s pricing structure. If the prices look too good to be true, they’re probably scams. 
  • Don’t be lenient on any single invoice. Scrutinize every invoice submitted by the vendor or submitted on behalf of the vendor. If there are two same invoices with the same invoice numbers, it’s probably a fraud. 
  • Most companies follow their own invoice format. If the invoice was made using Microsoft Excel, it’s a red flag.
  • A vendor that doesn’t have a verifiable taxpayer identification number is most likely to be a fake vendor.
  • Do vendor onboarding checks? Run Vendor KYB checks, and background checks to see if they’re legit or if they have a history of fraud.
  • Any vendor with a P.O. box address is likely a fraud.

Tips for Vendor Fraud Prevention

Knowing how to look for vendor fraud is one thing, but it’s not enough to identify vendor fraud. What’s important is to prevent vendor fraud from happening. 

  1. Manage Vendors Effectively

Fraudsters keep evolving their methods of conducting fraud. When you’re fighting vendors, you need to come up with an effective vendor fraud management system. 

With an ideal vendor fraud management system in place, it will become easier to manage vendor risk. Ideal strategies can significantly reduce the risk of fraud.

  1. Audit Vendors Regularly

Keeping a track of vendors is essential. Even a trusted vendor can suddenly start doing fraud. Frequent vendor auditing can help you protect your business against huge financial losses caused by fraudulent schemes. 

  1. Multi-Level Payment Approval Process

Vendor fraud happens the most at businesses where there are just one or two employees handling vendor invoices. 

To prevent making fraudulent payments, vendor invoices should go through multiple processes from different departments. 

  1. Use Invoice Matching Technique

Invoice matching is pretty basic but it can reduce vendor fraud significantly. 

As the name suggests you have to match invoices submitted by vendors against internal records such as purchase orders, payment receipts, inspection slips, etc.

To ensure you achieve the best possible results, you have to match the invoice against multiple documents. 

  1. Don’t Make a Single Employee Manager

Sometimes, several employees work with each other to commit fraud. This is why businesses go such a long time without detecting fraud. Usually, its employees in the procurement and payments department conduct these kinds of fraud. 

The best way to manage risks and prevent fraudulent vendor payments is to keep rotating employees and moving them across different departments. This can ensure that no one employee has too much power.

  1. Thoroughly Verify Vendors

Vendor verification is a crucial part of the process. During vendor onboarding, you should verify the vendor’s business information. This includes vendor proof of address verification, vendor KYB checks, and vendor bank account verification.

Running through these checks simply means that you’re using vendors you can trust.


Fintech Cybersecurity Best Practices

FinTech firms have become a favorite for fraudsters globally. According to a report, FinTech firms faced 2.5 times more attacks in Q1 2022. FinTech firms deal with sensitive customer data, so they’re a goldmine to fraudsters. The data stolen is used for financial fraud and only makes it that much harder to detect fraudulent activities.

Not only data, but a data breach also costs an organization reputational damage. Handing cybersecurity threats have become a significant challenge for businesses. FinTech businesses must be vigilant and explore every weak point that could leave them vulnerable to attack.

FinTech organizations, regardless of their scale, audience, and location face the same challenges when it comes to supercharging their cybersecurity practices.

Importance of Cybersecurity in the FinTech Industry

Fraudsters love to get their hands on financial data. FinTech firms have become a favorite target because they don’t have to adhere to as many rules as traditional banks. Thus, leaving out potential vulnerabilities in the system.

Products that are not properly protected lead to data breaches, and financial fraud.

Preventing cybersecurity risks requires businesses to develop a proactive risk prevention approach.

Understanding and amending the vulnerabilities in the system can prevent fraud before it even happens.

Cybersecurity Audit Goes a Long Way

There’s only one way to come up with a proactive approach to cyber fraud. Having a proper understanding of your systems, and knowing the vulnerabilities should be your first step.

Businesses won’t get rid of fraud just because new measures are in place. Chances are there will be vulnerabilities in your fraud prevention methods as well. Businesses need to do a complete audit of their products, and their workings to find out the weak points fraudsters could exploit.

Changes in Cybersecurity and FinTech

Cybersecurity practices in the BFSI industry have become incredibly complex. Customers globally want seamless digital banking over traditional banking methods.

Cybersecurity Tips for FinTech

To be able to prevent cyber threats, businesses need to follow a list of practices, including:

1. Build Robust Security Policies

Risk management is combining rules and regulations to come up with policies that address all the vulnerabilities in the system. To prevent cyber risks, businesses need to build security policies.

Here are some things to keep in mind while building these policies:

  • Set clear goals, objectives, and expectations. 
  • Choose security frameworks and implement them strongly. 
  • Clearly define security processes, procedures, and tools.
  • Define roles and responsibilities.
  • Set up continuous risk monitoring.
  • Build a flexible system that’s able to handle all kinds of fraud. 
  • Update policies regularly.

2. Leverage AI, ML, and Analytics

If fraudsters can rely on sophisticated tech to enhance their attacks, then so can businesses.

Relying on AI, ML, and analytics tools can help businesses spot threat trends, track suspicious activities, and more. AI, ML, and analytics tools can help businesses in identifying:

  • Financial fraud
  • Know security threats
  • Identify emerging risks
  • Unauthorized data access and usage
  • Anomalous activities

3. Implement Secure by Design Policies

As a FinTech, it should be your aim that all the products and services you release are secure. Fraudsters aim to find these vulnerabilities so they can exploit them. Make sure these policies include:

  • Integration of security into the early SDLC stages.
  • Only work with specific frameworks, libraries, and components. 
  • Continuously test and fix code during the early stages of development. 
  • Fix all vulnerabilities before the release.

4. Continuous Threat Monitoring

Attackers are relentless and they keep on trying until they get a breakthrough. BFSI is a primary industry that’s continuously under attack. It is essential for financial institutions and FinTech firms to continuously look for threats.

Relying on traditional signature-based detection techniques could result in grieving mistakes.

To be able to detect and prevent complicated threats, use the following methods:

  • Global threat intelligence
  • Contextual awareness
  • Custom rules

Centralized visibility is an essential threat-monitoring practice. Real-time alerts and triggers help you improve cybersecurity in FinTech.

5. Manage Vulnerabilities Proactively

As we’ve mentioned above, more than anything fraudsters love to exploit vulnerabilities. Vulnerabilities of any kind can be an entry point for attackers.

FinTech firms need to identify, assess, and prioritize their vulnerabilities. The aim should be to minimize as much vulnerable entry points as possible. Uncover vulnerabilities and fix them before an attacker can exploit them.

6. Implement Zero Trust Policy

Did you know that 60% of instances of fraud happen from within the organization? This is why no one must have unverified access to your company’s assets. Enforcing zero trust policy can help to prevent:

  • Insider threats
  • Brute force attacks
  • Privilege escalation
  • Data theft

It is advised to strictly enforce role-based, least-privilege access to stakeholders. Moreover, businesses should implement strict password and MFA policies. Encrypt sensitive data with passwords.

7. Manage Third-Party Risks Effectively

Businesses in the BFSI industry rely on third-party components, services, and APIs. With third-party attacks growing more and more every day, handling third-party risks is a major challenge.

Third-party vendors are one of the biggest fraud risks for FinTech businesses. Securely verifying third-party vendors is one of the best ways to prevent fraud. DIRO vendor verification technology is built especially to help financial firms and other businesses prevent vendor fraud. This technology can help businesses verify vendors before onboarding them.

8. Don’t Ignore Robust API Security

Managing API risks is a big part of managing cyber fraud risks. With the growing use of APIs in the BFSI industry, businesses must know how to manage API risks.

9. Build a Culture of Cybersecurity

The banking and FinTech industry suffers from Phishing fraud attacks more than any other industry. To reduce phishing attacks, businesses should aim to teach their customers how to spot phishing emails.

Creating a robust cybersecurity culture within your organization can be done by:

  • Continuously teaching your employees how to spot fraud.
  • Employees and customers must know what to click and what not to.
  • Implement a clear chain of command. Employees should know who to report to when something is suspicious.


Due Care vs Due Diligence – Understanding the Difference

Maintaining the integrity of online accounts is more than challenging in today’s time. Regulatory bodies keep writing more and more laws to help businesses keep themselves and their customers secure.

Financial institutions and FinTechs keep building cyber risk strategies to protect their customers from fraudsters online. This is one of the reasons why businesses need to understand the difference between due care and due diligence.

Understanding the difference between these can help financial institutions manage risk better.

What is Due Care?

Due care is providing just the right amount of care based on sufficient data available. Sometimes, due care is also defined as sufficient care, implying a person hasn’t been careless and hasn’t violated any laws.

Apart from legal terms, due care focuses on whether or not someone’s actions didn’t contribute to harm or violate the law.

In due care, organizations focus on whether or not a customer did something they were supposed to do. 

What is Due Diligence?

Due diligence has a significantly different meaning than due care. Due diligence focuses on what a reasonable person would do based on the type of situation they’re in.

What is Due Care in Cybersecurity?

Due care in Cybersecurity means taking reasonable steps to protect your business’s reputation, finances, and legal interests. Based on some most common cybersecurity frameworks, you can set some basic due care practices, such as:

  1. Know Your Assets

It’s impossible to protect devices and users that businesses don’t know exist. To ensure you’re taking the right due care steps, you need to catalog all these:

  • Data assets, including PII and IP.
  • Storage locations, including on-premises and cloud.
  • Devices include IoT devices, routers, and switches.
  • Your users.
  1. Build Your Custom Cybersecurity Policy

Every brand should have a cyber security policy to protect its users and themselves from online fraud. Before you write your policy, you should make a list of all the weak points in your organization. A risk assessment can help you build a policy that can prevent cyber fraud.

A great cybersecurity policy should outline the responsibilities of senior management and the board.

  1. Continuous Monitoring

Fraudsters love to evolve their techniques. They keep finding new ways to bypass security measures. To protect your organization from these developing measures of fraud, you need to continuously monitor the cybersecurity measures set in place. 

As a part of the process, you need to make sure your team also becomes aware of new risks and weak points in the system. 

  1. Build Incident Response Process

Cybersecurity risks can and will happen. Creating, testing, and reviewing your threat response process means you’re taking cyber security seriously. 

You have to make sure that the response team includes all the right people, and that there is a minimum response. 

  1. Create an Audit Trail

To protect your organization from risks, you need to build an audit trail. Almost every cyber security or privacy law requires organizations to undergo independent assessments of their programs.

What is Due Diligence in Cyber Security?

Due diligence in cyber security is the process of identifying cyber risks that come with third-party vendors. Due care means managing the risks your organizations have control over. Due diligence on the other hand focuses on managing risks that third-party vendors bring to your organization’s ecosystem.

To build a great due diligence process in cyber security, follow these steps:

  1. Identify Your Vendors

Vendor fraud is one of the largest types of fraud that businesses come across. Not conducting “Know Your Vendor” while vendor onboarding can lead to fraud risks. Use DIRO vendor verification technologies to verify:

  • Contractors
  • Cloud services providers
  • Operating systems
  • Applications

Having a full image of the process can help you prevent vendor fraud.

  1. Build Vendor Risk Management Policy

Similar to a cyber security policy, businesses need to build a vendor risk management policy. Your policy should include:

  • Defining appropriate controls
  • Setting metrics for measuring third-party compliance
  • Continuously monitoring vendor security posture
  1. Monitor Continuously

A primary part of vendor fraud management due diligence is knowing the potential security risks your vendors pose. Before you onboard a vendor, you should do a risk review that includes verifying vendor identity. 

Once you’ve onboarded vendors, it’s essential to ensure you monitor them continuously to ensure they don’t do anything they’re not supposed to be doing.