As businesses embrace a rapidly evolving digital landscape, so have fraudulent and criminal opportunists. In an effort to combat growing levels of financial fraud and crime, countries are introducing increasingly robust identity verification procedures for online payments and financial transactions.

However, new ID verifications aren’t being rolled out consistently. Regulators around the world are taking different approaches when creating and enforcing these ID checks. Often, their methods are a reflection of their regulatory environments, cultural norms, and technological advancements. Here’s what the current landscape of ID checks looks like.  

‍

Using ID verification to tackle fraud and identity theft

ID checks are essential for preventing fraud, money laundering, and other illicit activities; they help businesses mitigate risks and comply with regulations. They also foster trust and confidence in digital financial systems by verifying the identities of individuals and entities involved in transactions. 

The UK is at the forefront of implementing affordability checks and digital ID in payments, aiming to introduce new measures to enhance consumer protection, streamline transactions, and combat fraud. Regulatory changes, such as the Digital Identity and Attributes Trust Framework and new measures applied to the UK’s Open Banking real-time technology infrastructure, are driving this effort. The UK's approach is part of a global trend towards strengthening identity verification processes, which is crucial for businesses, governments, and consumers alike.

Effective identity verification processes help to prevent fraudulent account openings and transactions, detect and deter identity theft attempts, comply with anti-money laundering (AML) and know-your-customer (KYC) regulations, and build more trust and confidence in the global financial digital network.

The most commonly used methods for ID verification include:

1. Biometrics, which is the use of unique physical or behavioural characteristics, like fingerprints, facial recognition, and voice patterns, to verify an individual's identity.
2. Two-factor Authentication (2FA), which is a security process that requires two distinct forms of identification, like a password and a one-time code sent to a pre-registered device.
3. Digital identity verification, which is made possible with digital technologies and databases that can verify an individual's identity remotely by using document verification, facial recognition, and data cross-checking.

‍

Which countries are spearheading national adoption of ID verification checks?

In the UK, digital verification has become very popular, and companies like Credas Technologies and Yoti have emerged as leaders in this space. They offer digital ID solutions that use biometrics, document verification, and secure data storage.

Germany has been at the forefront of electronic identity (eID) adoption, and in 2010, the eID card (Personalausweis) was introduced. This secure electronic identity card incorporates advanced security features, such as digital signatures and encryption. It enables German citizens to conduct a wide range of digital transactions, including online banking, e-commerce, and accessing government services.

In the USA, financial institutions and other sectors have embraced multi-factor authentication and biometric verification has key strategies for combating identity theft. A combination of traditional passwords with one-time codes, facial recognition and fingerprint recognition have been adopted by major banks and payment processors. 

‍

How are legal and regulatory compliance measures shaping identification processes?

There is a general global consensus that the use of Know Your Customer (KYC) and Anti-Money Laundering (AML) processes are highly effective at fighting fraud and protecting the integrity of financial systems. While international organisations like the Financial Action Task Force (FATF) provide guidelines and recommendations, the implementation and enforcement of these regulations vary significantly across the globe.

In the UK, tackling Authorised Push Payment (APP) fraud has been a focal point for regulators… banks are now required to reimburse victims of APP fraud, provided that the customer took reasonable care.

In the UK, tackling Authorised Push Payment (APP) fraud has been a focal point for regulators. Victims of this fraud type are tricked into transferring money to fraudsters. New rules require payment service providers to segregate customer funds from operational funds, safeguarding customer funds. Additionally, banks are now required to reimburse victims of APP fraud, provided that the customer took reasonable care. Financial institutions are also required to provide Confirmation of Payee (CoP) services, which verify the recipient's name before a payment is made, reducing the risk of misdirected or fraudulent transactions.

Within the European Union, the revised Payment Services Directive (PSD2) has introduced Stronger Customer Authentication (SCA) requirements, aimed at enhancing the security of online transactions and reducing fraud. This risk-based approach allows exemptions for low-risk transactions. Otherwise, customers must complete two-factor authentication by providing two of three elements: something they know (a password), something they have (a mobile device), or something they are (biometric data). PSD2 also facilitates the integration of third-party payment service providers, like account information service providers (AISPs) and payment initiation service providers (PISPs), into the financial ecosystem. This promotes innovation and competition, whilst ensuring security and streamlined customer experiences.

Japan has implemented stringent KYC and AML regulations. Financial institutions must verify their customers’ identities using a combination of document checks and in-person verification. Institutions must also perform enhanced due diligence checks on high-risk customers or transactions. They are also obligated to report any suspicious transactions or activities to the authorities, and are seen as a key contributory role in the detection and prevention of money laundering and terrorist financing.

‍

Personal data protection measures 

Today’s world is largely reliant on the collection, transfer and storage of personal data. Naturally, the protection of personal data has become a paramount concern for individuals, businesses, and governments alike. As data flows across borders, organisations must ensure compliance with relevant privacy regulations and international laws.

The European Union's General Data Protection Regulation (GDPR) has set a high standard for data protection and privacy and has served as a blueprint, influencing other regions to adopt similar measures. In the United States, the California Consumer Privacy Act (CCPA) has emerged as a comprehensive privacy law, granting consumers greater control over their personal information.

Much of these laws aim to prevent data breaches, which can have catastrophic impacts on data subjects, and result in substantial fines, legal actions, and reputational damage for all organisations involved.

• In 2018, the Marriott International hotel chain suffered a massive data breach, exposing the personal information of nearly 500 million guests. The UK’s regulator, the Information Commissioner's Office (ICO) issued a fine amounting to £18.4 million.
• In 2017, one of the largest credit reporting agencies, Equifax, experienced a data breach, which compromised the personal information of some 19,000 Canadians. Regulators fined the company $1 million.
• In 2020, the Office of the Australian Information Commissioner (OAIC) imposed a $495,000 fine on the Australian Institute of Professional Education for repeated and serious violations of Australia’s Privacy Act.
• In 2021, Amazon was fined €746 million by Luxembourg's data protection authority for violating GDPR's rules on data processing and privacy.

‍

No future without ID verification

Although the UK has recently been at the centre of debates regarding the types of identity checks it aims to impose on customers, their actions are part of a global effort to implement robust ID verification checks. Effective use of ID checks for payments is a crucial step in combating financial fraud and identity theft, and there is little doubt that these methods are here to stay. 

The UK, Germany, and the USA are among the countries that have made significant strides in implementing robust ID verification processes, including digital verification, biometrics, and multi-factor authentication. The use of KYC and AML processes is also widespread, with international organisations like the Financial Action Task Force providing guidelines and recommendations. 

‍

In Summary

The implementation and enforcement of regulations vary significantly across the globe. As the world becomes increasingly digital, it is essential that countries prioritise the protection of personal data and ensure compliance with relevant privacy regulations and international laws. At some stage, countries may need to work together at a closer level, to close any remaining gaps that emerge through these globally fragmented solutions.