Payment regulations are tightening. Most new and existing rules have a common denominator: the customer. More specifically, the need to know who the customer is and validate their identity.
The revised version of the Bacs Service User’s Guide and Rules to the Direct Debit Scheme place a heavy emphasis on ‘Know Your Customer’ (KYC).
Despite being in a world heavily fuelled by digital technology, 81% of businesses admit finding it hard to achieve a single customer view – an essential part of the KYC guidelines and fraud detection.
How can you get to know your customers when your view is obscured by technology?
It is just as important to carry out KYC, Bank Account Validation and Verification of Bank Account ownership before making payments to beneficiaries.
In addition, with the Second Payment Services Directive (PSD2), the EU has ruled that multi-factored ID checks should be used to enhance strong customer authentication. Businesses will be allowed to choose how they meet these requirements, but will have to establish two out of three of the following criteria:
- Knowledge – something only known by the customer
- Possession – something specifically owned by the customer
- Inherence – something original to the customer
Along with PSD2 comes the 4th Anti- Money Laundering Directive (4AML), which also concentrates on the need to know customers better. It means organisations will need to complete risk assessments and customer due diligence, and keep reports on file as evidence that the business relationship is strong and of legitimate standing.
With these steps towards risk-free payments come some important considerations for businesses. Not only do they need to respect payment regulations by implementing advanced anti-fraud solutions, they also need to deliver a smooth, uninterrupted customer experience. There are a number of regulations to comply with and organisations needs to consider them as a whole. PSD2, 4AML, KYC – they all advocate and mandate the need to know who a customer is, validate them and authenticate them. Therefore, businesses would be wise to consider what this looks like as a single strategy that complies with all – while focusing on the expectations of the customer. This won’t be a simple change, but will protect both business and consumer from fraud and losses as a result.
Customers who’ve grown to expect quick and easy transactions won’t take kindly to having to go through lengthy identity checks and risk assessments simply to make a payment.
Keep extra steps quick and easy, however, and they’ll soon become an accepted part of the process. Already common online, services which ask the customer for characters from a password add an extra layer of authentication.
The future will be led by innovation. One company working towards PSD2 requirements has trialled the use of selfies to fulfil the inherence element, together with the use of a password for knowledge. It’s this sort of creative thinking that could turn the authentication process into something that actually engages customers and drives growth.
Providing businesses continue to be customer focused and explain to customers exactly how their data is being used, the changes presented from the new rules can offer a better experience as a whole.