Share this post
While SCA is an important topic, SCA by itself is not enough to secure a transaction. In addition to doing SCA correctly, you also have to know exactly who you’re identifying – and that is where “know your customer” (KYC) comes into play. A few notes on that process:
1. When you start the KYC process, it is important that KYC occurs on the same device the process was initiated on, ensuring that the account created is for the correctly identified person.
2. During the KYC itself, it is important to check for artificially generated images and video. “Deepfakes” are a great example of a potential threat, as the technology continues to improve and becomes more easily accessible.
3. After the KYC is done, it is important that the identity established is properly secured for the next time the user needs to be identified.
Ultimately, doing KYC while onboarding a new customer may seem like a semi-normal task. However, it is important to not take this step lightly, as such a procedure becomes critical during re-enrollment. Namely if you’re a bank or eWallet provider, as your customers typically have a monetary balance on their account, which makes exploiting the re-enrollment process a tempting target (see our previous post on re-enrollment and magic links).
Now, what about trust anchors?
In cryptography, the definition of a trust anchor is “an authoritative entity for which trust is assumed and not derived”. The most common way to represent such a trust anchor is with a ‘certificate’. As such, the security of the validation process depends upon the authenticity and integrity of this certificate.
Want to know more about certificates and how they work? Head on over to our website for the full article, where we expand on trust anchors and the future of SCA and KYC.