Major efforts are often dedicated to ensuring seamless KYC and authentication processes especially for financial institutions that are looking to transform to digital. Bankers are naturally shrewd and always erring on the side of caution. There’s also the endless battle between the Control team-notorious for saying “No” to every request and the Product Innovation team-always wanting to play with new toys. Current trends in customer behaviour inform that they want more convenient solutions. Studies also show that security is priority for them as well and rightly so. 2016 data from The Nigeria Electronic Fraud Forum (NeFF) Report recorded 19,531 e-fraud cases, an 82% increase from 10,743 recorded in 2015. Customers however do not want it to be so obvious that it disturbs their experience.
The spate of fraudulent SIM swaps has done nothing to assuage regulation’s paranoia. A way to curb this may be giving telcos access to a view-only option of NIBSS’s BVN portal. Properly using this along with the already existing SIM registration database may help bring down current fraud stats as early as Q2, 2019. This method not only allows telcos verify customers by face, but also allows them confirm that their BVN has not been blacklisted. Fingerprint verification can also be be added to the process, much like verifying image and signature at the bank. This plays out as a 2FA, confirming that the individual was indeed physically present. Utilising this option will however mean that SIM swap operations will no longer be available at “under bridge” for obvious reasons.
Customer Care in banks often have the added responsibility of authenticating in such a way that a fraudster is not given free access and the real account holder is not irritated by the process. Existing processes are either poorly thought through or not properly executed. I once had an agent “authenticate” me for over 3 minutes after I was on hold for 6 waiting to have someone hotlist my retracted card. I have also had someone in a branch refuse to hotlist my stolen debit card until she saw my mother. What exactly is the cost of security?
Banks also need to be smarter in scaling the hurdle of KYC during onboarding. I have never seen the need of carrying out independent KYC processes across banks and all other OFIs. This is needlessly repetitive and backend verification processes often prove cumbersome, manual and time-wasting. Customer data which currently reside in silos can be consolidated into one central database so that when a customer walks into another bank, the process flow becomes: verify that the BVN provided is not blacklisted, confirm that provided telephone number is not flagged, authenticate with image and fingerprint and then create account. This ultimately means that I can walk into a bank without any document and have an account opened.
For the truly adventurous, translating this to digital banking could mean asking the customer to put his thumb and index finger on his phone’s fingerprint sensor, the result of which is scanned against the existing (BVN) database checking for suspicious activity and up-to-date information. A green light means that the customer is setup and allowed transactions up to N500k, agreed upon authentication methods could allow him perform more. Prompts of an expired ID would mean that a tier-2 account is opened with the customer needing to upload a more recent National ID. Undetectable ID and utility bill will result in a tier-1 account opened with the customer allowed to upload pending documents on that app. Once verified, these can be synced to the central database so that the customer does not have to do this again. Document verification can be maker-checker with the collecting bank performing first-level verification and a regulatory body authorising the upload and sync to the central system upon due diligence.
KPMG in an article here proposes a blockchain utility bill which can be implemented within a large conglomerate, nationally or internationally. Much like these other ideas, this means that the onboarding process will shed unnecessary weight and totally eliminate the need for customers to repeatedly provide the same documentation across providers. A prototype has already passed the Monetary Authority of Singapore’s test scenarios.
In the case of transaction monitoring, a more intelligent system hinged on customer data needs to be created. This may be as simple as setting better rules. For example, rules that block accounts that transact at midnight to 6am Nigerian time do not consider that midnight in Lagos is 5pm in Vancouver and 8am in China. The 24 hour cycle is different for every customer so it will be better to perform this function on a per customer basis. An alternative may be working with your customer’s location (after requesting permission just as Uber or Taxify would) in a bid to provide a more personalised experience.
Rule setting by current transaction pattern is important as well. For example, a customer that usually performs cheque withdrawals twice every month suddenly performing a self-recharge of N30,000 via USSD should raise an eyebrow even if it occurs 3pm on a Wednesday. Also, accounts owned by private university students for example are likely to receive heavy periodic credits. Let’s face it, their tuition costs an arm and a leg and the system should be able to account for this to avoid needless PNDs.
As with all things truly disruptive though, tangible investment will be required in terms of funds, effort and expertise to have these systems set up and customised to Nigerian realities. The best time to start is now and refining and scaling the process could mean generating another income stream for us as a country. We have a problem however, we prefer the “fire-brigade” approach.