#12 - Why fraud beats your KYC (and how to fix it)

KYC checks do not block fraud.

Wait! Do not rush to read onwards.

Let this sink for a bit:

KYC checks.

Do NOT.

Block fraud.

While this might seem obvious to veteran fraud fighters, I see many Fintechs who struggle to understand how fraud penetrates their initial KYC checks.

Today, I’d like to not only bust the KYC myth, but also to describe what can be done to stop fraud more effectively at signup.

Let’s get down to business.

Fraudsters treat KYC checks as a working assumption.

It’s not like they are surprised and deflated when they realize they need to go through KYC.

The opposite is true: Fraudsters would aim to buy/synthesize complete identities that are designed by default to bypass KYC.

So how come KYC is considered as a fraud prevention measure by so many?

Well, for one, it does create a hurdle for fraudsters. Less so in stopping them, and more so in marginally increasing their effort (and lowering their ROI).

Secondly, KYC can be a good measure against some fraud vectors.

Friendly Fraud and Insider Fraud come to mind, when the fraudster is often exploiting an opportunity rather than orchestrating an attack.

But while these fraud vectors are a consideration for Fintechs, they are usually not the first priority compared to Identity Fraud, Money Laundering and Payment Fraud.

For professional fraudsters such as in these cases, KYC is a mere bump in the road:

A stolen identity is still a valid identity, and will pass KYC.

A money mule’s identity is still a valid identity, and will pass KYC.

And what about Synthetic identities?

Fraudsters are well equipped today to not only create identities from scratch, but also ​provide them with documentation​ and even credit history if they need to.

Preventing Identity Fraud requires a layered defense system.

When examining best-in-class Fintechs, you often see these three layers in place:

Pre-KYC layer:

• Goal: Filter and block brute-force attacks, malicious testing, and “obvious” fraud cases.

• Main KPIs: optimization of your operations resources and vendor costs.

• Tools: Device Telemetry, Block Lists, ​Velocity Checks​, Rate Limits, etc.

The idea behind the pre-KYC check is rather simple: blocking extensive networks that are actively trying to attack the system.

This can be anything from DDoS attacks, through brute-force, “dumb” fraud attempts, and even malicious testing designed to pinpoint system weaknesses.

While these can be easily detected and blocked by the following layers, we want to stop them with crude, cheap tools.

The goal is to conserve our resources for the more sophisticated fraud cases.

KYC layer:

• Goal: Segment the population further to several risk categories.

• Main KPIs:

  • Segment-level Fraud Pressure* on the first 180 days.

  • False positive rate in “Likely Fraud” segment.

• Tools: Identity Verification, Identity Risk Scoring (including device/IP intelligence, etc.).

Side note: Fraud Pressure measures the overall size of the fraud population within the segment population, regardless of how many fraud attempts have actually succeeded. It’s always a partially-estimated KPI that helps explain sudden shifts in decline rates.

At first glance, this looks like a “normal” KYC check.

The difference lies in how it integrates into the rest of the system and user journeys.

Specifically, its role is to segment your new customers population.

Ideally, it will look like this:

• Likely Fraud: Extremely suspicious identities. Block on sight.

• High Risk: Suspicious identities, should be reviewed manually.

• Medium Risk: Semi-suspicious identities, should be monitored with tighter thresholds.

• Low Risk: Majority of users, normal fraud strategy applies.

This all plays out in the next layer.

Post-KYC layer:

• Goal: Optimize new customer experience while minimizing fraud to acceptable levels.

• Main KPIs:

  • New customer activation/engagement KPIs.

  • Segment-level false positive rates.

  • Segment-level fraud rates.

• Tools: Identity Risk Scoring, Behavioral Analytics, Anomaly Detection, etc.

This is where most businesses fail.

They see fraud mitigation as a single check that happens at signup. Best case, they throw in a step-up investigation for suspicious cases.

But here’s the thing:

At the time of signup, you have the least amount of data you’ll ever have on the customer.

So why force yourself to an inaccurate decision then?

Instead, keep monitoring the behavior of the customers that passed the previous two layers.

As you watch the behavior of the customer over time and collect additional data, you can should update your risk score.

Look for the following three main suspicious behaviors:

• Payment Fraud: A newly created account that spends large amounts very fast. If the customer is spending more than the top 10% of your customer base, it’s probably a bad indicator. This should be combined with the payment-specific risk score.

• Money Laundering: A new account that has received funds and shortly thereafter tries to move them again (e.g., transfer, withdrawal, etc.). This is especially suspicious if the money-movements involve other platforms as well.

• Account Aging: Legitimate customers usually don’t sign up to a new financial service just to keep it dormant. Fraudsters, however, try to do exactly that so the above two attacks can go unnoticed.

Side note: Don’t just focus on fraud indicators when monitoring your new customers population. Also keep in mind how your “average” top customers look like, and make sure you know how to identify and enable these users.

Bringing it all together

Each defense layer has its own role:

• Pre-KYC: Gatekeep and clean up

• KYC: Initial risk assessment and segmentation

• Post-KYC: Context-based decisions

Here’s the thing:

Segmenting your population enables you to make better decisions.

And making better decisions means you can take more risks.

For higher risk accounts, this means implementing limits and investigations instead of outright blocking new customers.

For lower risk accounts, this means loosening fraud controls.

This is critical for new customer experience, as we know it’s directly linked to their overall LTV.

Because it’s never about reducing losses. It’s just the means for propelling growth forward.

Have questions or feedback? Reply to this email, I read all messages.

That’s all for this week.

See you next Saturday.

P.S. If you feel like you're running out of time and need some expert advice with getting your fraud strategy on track, here's how I can help you:

Fraud Strategy "Power Call" - Book a consultation call with me to get clear, actionable recommendations that fit your budget. Guaranteed.
​Book a Call Now >>​

Fraud Strategy Workshop - are you an early-stage Fintech that needs to move fast and with confidence? Book this 1.5-hours workshop to get instant insight into your vulnerabilities, optimization opportunities, and get clear actionable recommendations that won't burn through your budget.
​Book Your Workshop Now >>​

Fraud Strategy Transformation Program - are you a growth-stage Fintech in need for performance optimization or expansion of your products offering? Sign up to this 6-8 weeks program, culminating in a tailored made, high-ROI roadmap that will unlock world-class performance.
​Schedule a Call Now >>

Enjoyed this and want to read more? Sign up to my newsletter to get fresh, practical insights weekly!