Experts argue that the number of fraudsters who can open real bank accounts with the stolen identities or documents of real people is increasing day by day. With the increasing popularity of online banking services, theft of banking information has become one of the most common criminal activities on the internet. In addition to stealing access codes to personal and business bank accounts, cyber criminals can also steal credit card numbers and other types of payment cards.

Victim’s personal data, documents and photos seized by spam, malware and phishing attacks can be used in various fraud cases and money laundering by opening fake accounts. Therefore, it is more important than ever for banks and fintech companies to comply with KYC processes to combat financial crimes and combat money laundering within the fast-growing ecosystem. On the other hand, it is important that people use cybersecurity software to ensure their cybersecurity and prevent such fraudulent events.

While the procedures for identifying customers and verifying credentials are similar in many countries around the world, the exact list of mandatory KYC checks may vary from country to country. For example, while companies in Germany are required to conduct video calls with customers in addition to document-based authentication, many countries, such as the United Kingdom, do not have such a requirement. Experts review procedures around the world He states that there are 6 degrees in Know Your Costomer (KYC) processes. Identify Turkey continues to inform industry and businesses about KYC, which is becoming increasingly important. The company summarizes the details of the 6 degrees of KYC and the areas of use of these processes as follows:

6 degrees of KYC processes

KYC1 The identity verification phase is defined as reading the information in the customer’s identity with a phone, tablet or computer camera with OCR or reading the information on the identity chip with NFC.

One of the most critical steps of KYC processes, called Customer Due Diligence KYC2In , the vitality check of the person is carried out by means of a photo (selfie) taken of the person and it is verified that the person is the same as the person on the identity card.

KYC3 At this stage, the process expands a bit and it becomes mandatory to perform security checks on the customer data obtained. The security elements of the identity document presented and the identity as valid proof of identity are checked.

KYC4 It is mandatory that the identity information verified at the stage is approved by the customer’s representative.

KYC5 In the second phase, the level of risk of transactions increases and legislation obliges the organization to confirm the biometric information obtained from the customer with a video interview with a customer inspector. It is important that the customer inspector is fully equipped for AML, fraud and cybersecurity issues and successfully completes all security verification processes, cross examinations and identity checks provided by the regulations. Otherwise, it will lead the organization to accept a high-risk customer.

KYC6 On the other hand, it makes it possible to sign digital contracts with Electronic Signature (QES). This process is not yet available in Turkey.

KYC is as sensitive as cybersecurity

Claiming that an understanding of the KYC processes and grades, which are becoming increasingly important today, is just as critical as cybersecurity. Ali Haydar Ünsal, General Manager of Identify Turkey, “There are many fraud cases where bank accounts are opened with stolen credentials or bank account holders become victims. On the other hand, we think that the use of digital wallets will be adopted very quickly in a country like Turkey that is rapidly adapting to digital, and its use will grow exponentially with external customer acquisition processes. A process between KYC4 and KYC5 is currently being designed in Turkey, especially in the areas of banking and fintech. The legislation does not consider Selfie Ident and Video Ident solutions sufficient at this stage. Therefore, the processes change according to the transaction limits and the size of the companies. Our Hybrid KYC solution, which we developed as Identify, complies with all processes in Turkey. In addition, as a company, we attach great importance to the training of customer inspectors, and with our Academy program that we have developed, we aim to train customer representatives who are positioned in the eKYC processes of our business partners and become customers of them. inspectors. “

Kaspersky Turkey Marketing Manager Unsal Yurdakonar He said: “To steal a bank account, a cybercriminal needs a set of user data such as the person’s important personal information, photos and documents. To get all this, criminals can use malware, especially Trojans, spam and phishing methods. At Kaspersky, we block millions of phishing pages every year. For example, in 2021 Kaspersky researchers blocked 1.2 million individual phishing pages using fake page templates based on 469 different phishing kits, allowing cybercriminals to phishing effortlessly. before it starts passed. Although these pages only last for a few hours, most of them manage to accomplish their goal and steal user data. To expand the scope of these attacks, scammers have to create thousands of fake pages every day. Phishing kits have become an easy way to do this. Gone are the days when only the most skilled hackers could develop a phishing site and delete users to reveal their personal information. Now any amateur can create their own phishing page. Therefore, special care should be taken when following links from any email or messaging service. Users should use a robust security solution that can automatically fix security vulnerabilities and protect the user’s safety and money.”