Why don’t fintechs use identity verification?

Across financial services, there are clear benefits to having deep knowledge about who’s using your products. Today, having rich customer data is almost a prerequisite to developing pricing strategies, features, or effective sales and marketing efforts.

Identity verification is the process of confirming a customer’s identity by validating their personal information. Arguably, it acts as the foundation for understanding any customer. So — why would any financial institution (FI) choose NOT to use identity verification?

We’ll explore some of the reasons why identity verification hasn’t reached full adoption. We’ll also examine the risks involved, and how FIs can use technology to manage them without introducing fraud or creating friction for customers.

Why do fintechs skip customer verification?

In theory, every bank, fintech, and credit union should verify every customer. And in practice, most of them do.

At the margins, however, other incentives like growth, profitability, and competition have led some fintechs to get creative with how they verify customer information.

While there are clear KYC (know your customer) and BSA (bank secrecy act) rules in place for bank accounts, fintech products which resemble bank accounts (P2P payment services, open-loop prepaid cards, or crypto, for example) continue to exist in a gray area, and companies aren’t held to the same standards as banks and credit unions. In cases where fintechs want to capture more market share or unlock a new customer segment — for instance, within an underbanked population — they may find it easier to not verify every customer’s identity.

As a result, being verified can mean something different from one FI to another. Even within one institution, some customers may be “more” verified than others. This has the effect of fragmenting the broader digital identity ecosystem and impeding industry adoption of identity-related best practices. How is the industry supposed to agree on standards for privacy or data protection, for example, when there’s no standard for understanding who is using a given financial product?

This may seem like a risky status quo. However, the industry shouldn’t assume that identity verification is the only approach to identity data. Bringing behavioral data into an onboarding flow, for example, can allow you to capture growth and curb fraud at the same time — which can significantly de-risk a “light” approach to customer verification.

To better understand how fintechs are handling identity today and why the associated risks are worth paying attention to, let’s consider a hypothetical customer acquisition strategy.

How fintechs acquire customers

Fintechs, banks, and credit unions alike want to offer as little friction as possible to new customers hoping to sign up for their products. They know that more customers prefer digital experiences than ever before, and they believe signing up should be painless.

Having an outstanding onboarding UX is particularly important today due to the focus on growth and competition, which has characterized banking in recent years. From JPMC Chairman and CEO Jamie Dimon’s 2022 letter to shareholders:

“The growing competition to banks from each other, as well as shadow banks, fintechs and large technology companies, is intense and clearly contributing to the diminishing role of banks public companies in the United States and the global financial system… Large tech companies, already 100% digital, have hundreds of millions of customers, as well as enormous resources, in data and proprietary systems — all of which give them an extraordinary competitive advantage.”

Amid this competitive environment, many fintechs have embraced blitzscaling to gain market share. It’s a strategy of “getting very big very fast”, and while fintechs have indeed moved quickly into the market — growing by as much as 300% per year in areas like mortgage lending — growing pains persist. In many cases, the methods fintechs use to attract customers come with significant fraud and compliance risks.

For example: the common practice whereby fintechs will allow new customers to create an account with just a ZIP code and email address or phone number. The not-quite-verified customer is given access to some account features, and the full fintech product is only made available if the customer provides additional information like their social security number or physical address.

This strategy allows a fintech company to acquire customers who might otherwise abandon a more burdensome application process. Plus, it drives growth and can provide an important access point for underserved or unbanked individuals. So — what’s so risky about it? 

The answer is that a tiered approach to identity verification adds complexity. Without a clear picture of all customers’ identities, fintechs also introduce unique risks that can impact profitability, fraud prevention, and compliance. So, while fintechs are happy to acquire customers, it’s only worthwhile if they also understand and adequately manage these risks.

Light KYC carries full risk

Critics say that these fintechs’ customer acquisition strategies enable an unacceptable amount of fraud, money laundering, or other illicit activity. In the example above, for instance, a customer who’s already had their account closed for fraud or compliance reasons can easily sign up again with a new account if the fintech doesn’t verify their identity.

Another problem is that neglecting to verify customer identities allows bad actors to impersonate victims more easily. Without identity verification, customers can easily open accounts or even obtain debit cards in other people’s names. Not only does this present a risk for identity theft, but it also opens the door to payment fraud, romance scams, elder abuse, and countless other damaging schemes.

Ultimately, fintechs are experiencing an acute version of what has become a sore spot across all of banking. Digital channels, while very valuable for growth, also unleash a variety of risks — some of which are not yet fully understood. While a lack of universal identity verification will impede any effort to manage these risks, there are other, upstream ways to reduce fraud and protect customers.

Tools like behavioral data, for instance, can help curb fraud without impacting conversion rates. NeuroID’s behavioral tools let you evaluate whether an individual is who they claim to be early on (in some cases, after just a couple of PII questions at the start of the application). By evaluating how familiar a user is with PII they provide, we help FI’s better orchestrate their applicants. For applicants familiar with their name and address, consider a lighter verification path. This ensures you’re still offering them a secure relationship without belaboring their first transaction with you. Meanwhile, for applicants second-guessing how to spell their name and address, invest in stringent identity verification checks. Making it harder for fraudsters to do business with you helps protect your offering and reputation with your genuine customers. This means pairing behavior with identity verification can mean less fraud, less risk, and a better sense of who your customers are — all without getting in their way.