How KYC API Solves Identity Theft Problems in Finance

The emergence of technology — which poses itself as an opportunity ready to enhance human endeavor with ease — doesn't come without its challenges. While people get to execute almost all of their daily activities on the spot, with access to the internet via smartphones, computers or laptops, the problems introduced by the same invention are highly hazardous to human well-being.

Take cyberattacks for example!

We’ve witnessed cybercriminals successfully weaponizing the same technology to commit grotesque cybercrimes such as fraud, identity theft, illegal access to personal information, breach of privacy, and hacking of servers or databases of various organizations. The more distressing part is watching a large percentage of these attackers get away with the crimes. Without useful clues on how to track them.

Identity theft is one of the most common cybercrimes committed nowadays. This is because people now have free access to vital information about one another. This article will clinically note identity theft occurrences and the possible solutions to such cyberattacks.

What is Identity Theft?

Identity theft occurs when someone unlawfully possesses the personal or identifying information of another person (such as a credit card, name, Identification Card, Social Security Number, etc.) without the owner's permission or knowledge, and uses it to commit fraud.  According to the US government, a stolen identity is mostly used to commit fraud such as loan acquisition, purchase of highly expensive items, or used to make tax payments, thus, causing a lot of damage or problems to the real owner.

Unfortunately, many cybercriminals involved in identity theft smoothly succeed in their malicious acts by applying cunning tactics such as phishing, social engineering, spyware, and malware when they target vulnerable people to give up their personal information. In 2021 alone, the US National Identity Theft Protection Council confirmed that Americans lost $5.8 billion to identity theft. This is a huge loss to cybercrime that is expected to increase in the coming years.

Types of Identity Theft

Identity theft is a serious cybercrime perpetrated  in different ways, below are some of them:

• Financial Identity Theft

This occurs when a person poses with another person's identity to purchase goods or obtain some benefit or service.

• Synthetic Identity Theft

This is one of the growing financial crimes. It includes creating fake identities by fraudsters with real information about their victims such as their Social Security Number, home address, birthdates, etc, to demand loans or fraud. Most often, this happens to the vulnerable, such as young people and the elderly.

• Medical Identity Theft

This occurs when a fraudster uses your personal information to receive free medical funds or treatment without your consent or permission.

There are others like tax identity theft and criminal identity theft.

The Implications of Identity Theft on Victims

Identity theft is a crime that can leave its victims with indelible memories. When a cybercriminal successfully uses your personal information to commit a crime, you automatically become responsible for what they do. Suppose a cyberattacker uses your identity to obtain a loan from a financial institution, you become responsible and authorized to repay the money possibly with the interest attached.

More so, among the different types of identity theft, financial identity theft is one of the most pivotal attacks. This is because many financial institutions rely solely on the presentation of a customer's collected information (such as a registered PIN, email address, etc.)  to authorize transactions. This enables cyberattackers with access to this information to have a hassle-free opportunity to commit crimes.

Therefore, the consequences of this attack can leave victims feeling exhausted, in pain and embarrassed. It can always drive victims into depression, considering how much damage the attackers do.

As for companies where identity theft occurs, such as financial institutions (banks or fintech startups), their reputation and credibility can be tarnished.

What are the Available Solutions?

To prevent the occurrence of cyberattacks, the following advice by the US government must be strictly adhered to:

• Protect confidential information - Never move around with vital information like your SSN card in your wallet.
  
• Prevent personal information from being shared with a stranger on social networks. Your personal information must be your business. When someone else asks for it, this is a sign of fraud.

• Refrain from reading or clicking on links in spam messages. Refrain from accessing unauthorized links on your email. Once you are not familiar with the sender of the message, refrain from reading the mail or clicking on any embedded link.
  
• While using public Wi-Fi, protect your phone and personal information with a Virtual Private Network (VPN) which will protect your device from being hacked.

• Avoid writing confidential information on paper in public places. If this happens by chance, dispose of the paper by shredding or burning it when you're done.

There is also a solution offered to companies or financial institutions in a race to protect their database and the confidential information of their customers. The use of Know Your Customer (KYC)has been largely accepted as a reliable guide available to curb online financial theft by fraudsters. KYC enables customers to verify their identity (eg biometric check: fingerprint or face) before agreeing to any financial service. These KYC guidelines have also strengthened the relationship between financial institutions (traditional banks and fintech startups) with their customers.

However, despite the adoption of Know Your Customer guidelines by financial institutions as a measure to combat fraud and other financial misconducts, the process is still highly susceptible to cyber threats.

In an opinionated article, Siddharth Kukatlapalli, co-founder of Syntizen Technologies, agreed that the KYC guidelines can be __compromised or bypassed __by criminals and thus, proposed the need for an additional layer of protection to have a secure  financial service, stating APIs, and ML algorithms as good options.

Perhaps he may be right about the incorporation of KYC APIs to verify customer identity.

What about API KYC?

One of the leading financial institutions using API to combat identity theft is Okra, an API Fintech startup in Nigeria.

In a discussion on how Okra helps curb identity theft, Mike McMillan, Okra Product Manager, and Anthony Kiplimo, Okra Marketing Lead, confirmed how the API Fintech startup uses its embedded KYC to process and verify the identity of its customers using key information like bank data, geographical location, address, etc.

McMillan stated that companies can easily verify a customer's identity when entering simple details such as BVN into the Okra widget. The API helps in collecting clients' financial data, making it easier to spot any anomalies. The service is turning Okra into a game-changer for financial services within Nigeria, Africa's largest economy, as major financial firms such as Opay uses Okra's solution  to verify  customers' identity.

Ultimately, just as Kukatlapalli suggested and operationalized  by Okra,  API KYC may be the right solution to cyberattacks like identity theft in the finance industry.

Conclusion

According to the US National Council in its Identity Theft Protection report, identity theft occurs every 22 seconds. This means that it is not something that can be completely or manually controlled.

Therefore, the use of Artificial Intelligence and Machine Learning may be the next solution to reduce identity theft and enhance customer verification. This means that in a few more years, financial institutions may abandon manual verification and adopt newer technologies. This will also help large companies identify fraud early to implement proactive measures to prevent it.