Verifying users’ identities during the account registration process helps to confirm who they are and ensure they aren’t using a stolen or fake identity to engage in fraudulent activities.
However, this initial check isn’t all that’s necessary to protect an organization from fraud and ensure compliance with Know Your Customer (KYC) requirements.
A user’s personal details may change over time as they move or get married, meaning organizations need to update their records on a regular basis to maintain accurate customer information and support effective risk management practices.
What is Re-Verification?
Re-verification is a security practice that organizations use to collect and confirm a user’s information again after they’ve already opened an account.
Depending on the organization, its regulatory requirements, and risk management practices, users may need to resubmit identity documents like a driver’s license or passport and biometric data to verify their identity and keep their account in good standing.
What is Re-Verification Used For?
The re-verification process helps organizations ensure that customers are still who they claim to be and that the personal information on file is current.
It’s also a way to detect account takeover fraud, which occurs when a hacker is able to infiltrate a legitimate user’s account without their knowledge.
Organizations subject to KYC and anti-money laundering (AML) regulations, like financial institutions, often implement re-verification as part of their ongoing monitoring and Customer Due Diligence procedures. On the other hand, businesses in industries with less stringent regulatory requirements may not have a need for re-verification workflows.
How Does Re-Verification Work?
How a company conducts a re-verification check for customers can depend on a variety of factors. Each organization must establish tailored re-verification protocols that align with internal policies, regulatory requirements, and other operational considerations.
In many cases, these procedures will be based on a risk-based approach, meaning that customers will trigger re-verification based on their perceived risk and ongoing behaviors, such as:
- When they want to change account details, like their password or contact details
- When an identity document is about to expire
- When they attempt a large transaction
- When they log in to the account from a new location
- After a period of inactivity
- When there’s been a suspected data breach
Aside from customer behaviors and actions, some re-verification procedures will be initiated on a set schedule for compliance purposes.
Whatever the reason for the re-verifcation workflow, the customer will be prompted to provide additional information or documentation to confirm their identity once more.
Depending on the organization and circumstances of the request, customers may be able to respond to within the same interface, or they may need to submit the requested information in person. Likewise, some companies may leverage automated systems to trigger re-verification checks and review submitted documentation without human intervention, while others still rely on manual checks.
Re-Verification Example
A bank designates its customers as low, medium, or high-risk based on the information provided during account opening.
The institution might initiate a re-verification request for a high-risk customer if their account has sat inactive for a few months, and they suddenly attempt to make a large transaction. This helps the bank verify that the customer is still in control of the account, and that a bad actor hasn’t taken it over. Low-risk customers engaging in similar behaviors may not trigger re-verification.
Types of Re-Verification
During re-verification, organizations might request a variety of information to confirm customers’ identities. The specific data they need to collect and review might depend on the context of the request. Some of the main types of verification they might complete include:
- Identity document verification: Customers may need to resubmit documents like a passport or driver’s license in person or with a selfie to confirm that their claimed identity matches their true identity.
- Official document verification: Organizations that need to re-verify a customer’s address or other personal details might request them to present official documents containing the information, such as a house deed, apartment lease, utility bill, etc.
- Biometric verification: Organizations might request customers provide a biometric scan during high-risk transactions or other activities to re-confirm their identities. This can include a scan of the person’s fingerprint, face, iris, or other trait before their request can be authorized.
- Contact information verification: To meet KYC/AML compliance, institutions may need to regularly verify that customers’ contact details are up-to-date. This includes having them confirm their phone number and email address yearly or on some other schedule.
Benefits of Re-Verification in Cybersecurity
Re-verification adds another layer of security and provides organizations with the following benefits:
1. Proactive Fraud Detection
With re-verification protocols in place, organizations can be more proactive about detecting and preventing fraud.
By requiring users to re-confirm their identities or other critical information when suspicious or high-risk activities are detected, they can stop fraud attempts before the bad actor is able to complete the transaction, change account details, or other unauthorized activity.
2. Regulatory Compliance
Organizations that are subject to KYC and AML regulations can engage in re-verification practices to support proper risk management. This way, they can ensure they know who their customers are and the sources of their income.
3. Protect Accounts
Account takeovers are a common fraud tactic for hackers. Thus, re-verification helps protect legitimate users and the sensitive information stored in their accounts.
Whenever they recognize a login attempt from a new location, or an attempt to change account details, re-verification challenges will prevent unauthorized parties from accessing and taking over the account.
4. Agile Security Measure
Re-verification policies and procedures can be updated as needed to adapt to emerging threats. Organizations can regularly alter which behaviors or actions trigger re-verification to uphold customer trust, prevent fraud, and keep sensitive data secure.