A Primer On Identification Documents For KYC And AML
Identification documents are with us from the moment we’re born. Nationally issued ID cards, passports, visas, birth certificates and drivers licences help determine if we can drive a car, enter a foreign country and even — in some places — walk the streets.
As the requirements around KYC and AML continue to grow, an increasing number of businesses are compelled to identify, manage and authenticate centrally-issued identification documents. Know Your Customer processes often require businesses to collect a passport copy and authenticate its legitimacy before entering into a business relationship.
Keeping in mind that hundreds of identification documents exist, it’s unsurprising that the cost of KYC jumped by 19% in 2017 and around 16% in 2018. Not only do businesses need to be able to collect and authenticate current documents, but they also may have to analyze documents that were issued decades ago. The Kenyan ID card for example, does not expire and many different versions have been issued over the years.
For businesses this can be a huge headache and many use a compliance solution to help manage their ever-increasing regulatory burden. Regardless of whether you choose to tackle this problem yourself or not, the key is to be able to accurately check identification documents and reject those that are fraudulent. That’s what this article aims to help you with. Let’s dive in.
What types of identification documents can typically be used for a KYC check?
Not all IDs are created equal, but it’s often tough to understand which can be used for KYC checks and which can’t. The US alone has 11 forms of identification that your prospective customers may attempt to use. These are:
- Ordinary Citizen’s Passport
- Diplomatic Passport
- Three different types of Service Passport
- Two types of Travel Document
- Visa
- Two different types of residency documents
- Work permit
The EU’s Prado database is an invaluable resource for this kind of information, providing not just a list of accepted documents, but also reference images and detailed security features. With that in mind, most businesses tend to limit the accepted identification documents to passports, ID cards and driving licenses.
What is a security feature?
One of the main reasons that nationally-issued identification documents are the gold standard for KYC checks, is that they typically include an array of sophisticated security features. These are designed to prevent convincing replicas being made, and help to ensure a higher likelihood of an ID being authentic.
When carrying out KYC checks, businesses need to know which security feature should be present on the ID in question. For example, a standard US passport should comprise 28 pages, and be 88mm wide as well as 125mm high. It should also possess the following security features:
- Inside back cover
- Printing technique — guilloches / fine line patterns
2. Biodata page
- Printing technique — optically variable ink
- Facial image
- Laminate — hologram
- UV feature
3. Inner page
- Substrate
- Watermark
- UV feature — fluorescent overprint
Of course all of these are important when identifying a customer in person, but most KYC checks are completed online — meaning that prospective customers upload a photo of the ID. In these cases it becomes very difficult to authenticate documents properly because most of the security features will simply not be clearly visible.
Unfortunately, mainstream photo editing solutions have made it incredibly easy to replicate the shape and design of an ID. Therefore, simply asking customers to upload an image showing a single page can only be considered the bare minimum in terms of KYC and AML.
To combat this, countries like Germany have introduced video identification procedures which require businesses to set up live video calls, during which the identification document is checked more rigorously.
This is also why banks typically require the customer to visit the branch before opening an account. Regardless of which form of identification you choose — image upload, video call or in-person meeting — make sure to take your customer due diligence duties seriously.
What are the most common security features and what do they look like?
We’ve listed a few prominent security features above, but it makes sense to look at the most common ones here:
UV Light — brightly glowing image and lettering which is only visible under UV Light. Source
Hologram — intricate shapes which shine and glimmer with varying lighting conditions. Source
Watermark — a faint design that is visible both when held against light and when not. Source
Numbering — a string of numbers typically punctured into the material. Source
Problematic identification documents
With the dawn of the Internet age, customers are no longer limited by geographic location. These days, a small business in Philadelphia may service customers from Indonesia, India and Australia.
From an AML and KYC perspective, this introduces new challenges. For one thing, different countries issue different forms of ID, and not all of them are compliant with internationally-recognized best practices.
The Italian ID card for example consists of a simple, folded piece of paper and almost no security features. This makes it incredibly easy to fake, and it’s almost impossible to detect fraudulent documents via a simple image upload.
Passports from Greece can also present a challenge because there are currently three different versions in circulation — all of which are considered valid. The first one was issued in 2011 and contains printing techniques, substrates and UV features. The next one was issued in 2012 and is almost identical to the previous version except that it has a UV feature on the inside back cover, which is not present in the 2011 version. Finally, the third iteration was issued in 2014 and features a different hologram near the facial image.
A similar problem arises with IDs from the other side of the world: Indonesian passports issued prior to 2014 use laminated paper instead of polycarbonate and are therefore easy to forge. This is worth keeping in mind when asking the customer to complete your KYC procedure. Ideally ask for Indonesian passports issued after 2014.
Additionally, document fraud is a key component of organized crime and terrorism. There is a whole subset of criminal activity that is involved in stealing and faking passports in order to supply them to the criminal market. IDs that are easier to forge or easier to get a hold of are therefore more commonly used by criminals attempting to pursue malicious activity. It is vital that you protect your business from criminals aiming to misuse the business relationship.
Below you can see how the number of lost and stolen travel documents has escalated since 2010:
From a KYC perspective, stolen documents are particularly difficult to detect, as they are usually genuine and have been misappropriated from law-abiding people, or even seized from civilians or combatants in conflict areas.
To counter the threat of both misappropriated and forged documentation, it will be necessary to implement enhanced due diligence procedures and monitor customer behaviour closely.
Automating the identification document checks
As you can see it is becoming increasingly complicated to collect, authenticate and manage identification documents. A vast number of IDs exist and the regulatory landscape around compliance keeps shifting. Today, KYC procedures are more cost-intensive than ever before and it seems like this trend will endure well into the next decade.
With this in mind, it’s often no longer feasible to build and operate a KYC solution in-house. The development time combined with the time it takes to bring in trained personnel is simply not available to 99% of businesses, making alternative solutions ever more necessary.
That is why dedicated low-cost compliance solutions are more popular than ever. These can often automate the collection phase and give you the tools you need to manage customer IDs securely.
An additional advantage of these kinds of compliance solutions is that they often adapt to regulatory changes much faster than an ordinary business can. When a significant change, like the introduction of GDPR, occurs, companies like KYC-Chain are the first to react, updating their processes and best practices. This allows you to focus on your business and what you do best, while the intricacies of KYC compliance are handled and maintained by people who specialize in it.
Finally, working with a vendor also means that your ID checks will employ the latest technology. If your business was to build an automated solution in-house you would likely not have the time or resources to update it when new technology emerges — like biometric data. Third party vendors on the other hand, are often at the forefront of this kind of technological innovation.
