Summary:
As technology advances at incredible speeds, businesses are currently found to be relying on the internet more than ever. Most of the larger enterprises have one or more channels to engage with their customers. As such, anonymity is a problem, cybercrimes such as fraud and scams are on the rise, and cyber threats could be more prominent than what is currently being reported or recorded.
The EMAS CIDA is a living framework which provides a consolidated means to mitigate online identity fraud with the use of multi-layered authentication tools such as ID verification, biometric authentication, document authentication, and more. All of these can be managed through a single platform in the form of EMAS CIDA. The framework is expandable and customisable depending on the nature of the business.
Current challenges faced by BFSI companies
A survey by FICO stated that one in 20 Filipinos suspect that their identities have been stolen, and one in 15 survey participants knows that their identities have been compromised. With the rise of identity theft and other cybercrimes. This means that it’s high time to adopt stringent cybersecurity measures.
How secure would it be for companies to place their trust in documents and identification pieces of evidence which have been uploaded during customer onboarding since businesses are directly affected by cyber crimes? Hampering the rise of cybercrimes in Southeast Asia, companies are on the lookout for ways to mitigate major losses. Affected businesses are looking for ways to further fortify their cybersecurity.
But this begs the question: What technologies are involved in verifying user IDs, and can eKYC alone resolve all of the company’s verification and authentication problems? More importantly, where should the company start, and how do they ensure that the system is effective and scalable after years of use? This is where the EMAS CIDA framework steps in.
What is EMAS CIDA?
Innov8tif Solutions promotes EMAS CIDA, a living framework which showcases different types of ID authentication solutions to help implement a comprehensive ID assurance process for users and help identify and mitigate fraud and scams. The goal of EMAS CIDA is to ensure that customers’ ID verification data is complete, accurate, legitimate, and authentic to run a successful business.
The Five Layers of EMAS CIDA
1. Data Layer
There are five layers to the EMAS CIDA framework. Let’s start from the bottom-most layer, the CIDA database is a secure platform where users’ ID Verification information such as ID Proofing transactions, Customer Due Diligence records, ID Authentication transactions, and other historical transactions related to customer IDs are securely stored.
Whenever a customer registers for a new account, personal details such as full name, address, email, identity cards, fingerprint, and facial features will be captured and securely stored in the EMAS CIDA database. After all the necessary details are securely stored in the database layer, it is then used throughout the customer lifecycle for use of MFA and passwordless authentication.
The data layer forms the foundation of the entire framework
At the heart of EMAS CIDA is a customer-driven database with high data integrity. Institutions rely upon the completeness and accuracy of this database to conduct daily operations and provide services, such as loan applications, targeted marketing, account openings, and so on. A complete CIDA framework involves five core layers. Now that we have covered the Database Layer, let us move on to the facets layer and features.
2. Facets and Features
The Three Core Moving Facets of ID Assurance:
- ID Proofing: Verifying that the user is who they say they are
- Customer Due Diligence: Assessing user desirability
- ID Authentication: Authenticating existing/returning users for transactions & account changes
- ID Proofing:
Tools are used to verify customers who are authentic from the ones who are fake. The following are examples of tools used for ID Proofing. With that said, this is a living framework. (These are merely some examples of how it works, and it can further be expanded when necessary).
Referring to the diagram above;
ID Evidence Collection relates to ID Proofing of which eKYC (Electronic Know-Your-Customer) is a part of. It establishes the identity of a customer hence, for example, users in the Philippines are required to provide the necessary ID documents such as SSS UMID ID and passports during customer onboarding. With the use of our established framework, the submitted documents such as SSS UMID and passports will be analysed for irregularities like holographic printing, address, profile picture, fonts, and the placement of details on the documents presented and submitted through the system. When the system detects the absence of holographic printing, misplacement, or difference in fonts, facial features, address, and other details, these can be cross-checked with the liveness of the user’s facial features thus it can be used to further ascertain the legitimacy of submitted the document(s).
Digital Footprint Analysis is used to review the internet presence of an individual to ascertain the customer’s authenticity. As an example; Large volumes of false accounts are being created anonymously, while private data is stolen. Customers may create a new social media account but it has little to no information shown. There is a lack of proof in terms of digital footprints to prove their real-life existence.
Biometric Alerts Lists focus on facial blacklisting eliminating the possibility of onboarding a customer whose identity is already known to be blacklisted. This is effective because all data will be cross-checked based on the database layer which can consist of multi-layer and inter-organisational scanning. As an example, those whose identities have been blacklisted will trigger a notification to the organisation which is onboarding the freshly registered user, to alert them of the person’s blacklisted profile.
- Customer Due Diligence
This next facet reviews the tools that are used to assess the quality of a customer.
Financial Risk Checks warrant the ability to run credit reports from credit rating companies during the onboarding process. Individuals who submit their documents are scanned through financial channels. The check will reveal if a person is a poor payee when it comes to paying bills, based on the data which is shared through the different channels, be it financial institutions or telcos and the like.
Proof of Income/Address Feature is offered for higher levels of credibility and accuracy. As an example; Proof of income and/or address align the customer’s credentials based on the documents which were provided during the onboarding. The system can check for irregularities to ascertain if the new sign-up is authentic by cross-checking data which is tied to the person’s name displayed on the submitted ID. In short, the name, address, and payment slip must be aligned and this is where the proof of income/address from the CIDA framework carries out its due diligence.
- ID Authentication
There are many ways to perform an ID authentication for transactions. One of the ways is by binding customers’ verified IDs to a device for transaction authorisations. Security measures such as pin numbers, TAC, or passwords can be used in such instances. Authorisations can be risk-based depending on the severity type of the transaction.
Device binding works where smart-devices can be used to authorise transactions. As an example; when a bank account is bound to the device via the registered application and hardware credentials it can be used to approve transactions or to receive any activity alerts. The ways of authentication can come in different forms such as MFA, passwords, TAC numbers, email or notification prompts.
Biometric Authentication is used to ensure a higher level of security is carried out. Let’s take this situation as an example; when a customer is about to access their bank account via any bound device(s), a facial or fingerprint scan is can be used during the login. This level of security can be applied during instances where the customer is about to make any online transactions.
3. The Channel Layer
The channel determines how the functions and features get delivered. At Innov8tif, we use APIs and low-code process automation to bridge communications between end consumers, business clients, and our servers. As an example, a customer has the desire to apply for a bank loan. The applicant must present relevant documentation for the application to be processed and reviewed. By using the services provided by this layer, it is possible to automatically authenticate and cross-check customers’ data with the EMAS CIDA database, to ascertain the legitimacy of the relevant data submitted.
4. The Interactive (Portal Access) Layer
The Portal Access layer provides access to administer and operate EMAS CIDA. It is an interactive system which is used to manage our eKYC solutions. This access allows operations personnel to review and audit transactions performed, making necessary manual adjustments whenever necessary.
Otherwise, leave it to the system to run automatically, vet out the imperfections/irregularities detected from the system, or manually approve or reject applications. The CIDA framework is flexible; it can be applied layer by layer, or just by choosing any existing layers of the eKYC. It is curated entirely up to the individual needs of different companies.
The EMAS CIDA Framework Applied to Different Industries
Not all companies have the need to create an ID assurance system from scratch. Depending on the frequency of eKYC usage, the EMAS CIDA is customisable according to the needs of individual companies. It is a living framework, meaning that the scope of functions and related features will gradually expand along with shifting market demands and maturing technologies.
Using the portal access which is available for companies to manage their database, owners can choose to access either API or Low-Code Process Automation services for ID proofing, assurance, and authentication. This is how companies can leverage EMAS CIDA for practical use. Below are some examples of how the EMAS CIDA framework can be applied to different business industries.
- Banking Industry:
Which part of the EMAS CIDA framework do banks need, and how can the framework assist in achieving the goal of having tougher cyber security set up to protect the institutions’ integrity?
The EMAS CIDA assists in fortifying the cybersecurity of banks by setting up prerequisites for their customers. Customers are required to provide parts of IDV, due diligence, and MFA.
Banks need to set up such requirements when it applies to situations where the customer is applying for banking services such as loans and credit cards. In this context, the customer must present a digital footprint of their payments, credit score, and the like to ascertain that they are eligible to apply for loans based on monthly income and a track record for repayments.
However, if an existing/registered member doesn’t have the desire to apply for credit services, then banks only need to utilise EMAS CIDA tools at a surface level. Only parts of the framework will be applied during the onboarding process. For example; using MFA for banking needs such as interbank transfers, to microtransactions from their e-wallets.
- Telecommunications Industry:
Would telco companies need their proof of income upon registration? Telcos only need part of the EMAS CIDA framework where the device is bound to the registrant. In such cases, the customer only needs to provide personal details such as a national ID or passport for verification purposes. There is no need to go through the inconvenience of providing proof of income, a link to their social media, their credit rating and CC score, and the like.
However, an existing/registered customer may need to provide such information if they would like to purchase high-value items through the telco company. In this way, the EMAS CIDA framework is flexible where due diligence is required. The telco company may then utilise and manage the due diligence tools via the EMAS CIDA framework.
Based on the two examples above, the EMAS CIDA is a living framework where businesses can leverage usability and management according to their budgets based on the API score which is left in their account upon registration to the EMAS CIDA framework.
What are the benefits of implementing EMAS CIDA?
To summarise the facts mentioned above, EMAS CIDA is the next evolution for digital customer ID assurance implementation. CIDA needs to be implemented as highly customisable while simultaneously offering relevant ID assurance services, running on cross platforms, and multiple access channels to meet the ever-changing requirements of the organisation. A high level of security protects both organisations and users from facing any consequences or repercussions of having identities compromised. EMAS CIDA is created to cater to the different needs of different companies and organisations which are looking to move forward into the future of cyber existence and to manage the ID assurance framework without having to worry about cybersecurity threats.
Innov8tif Solutions offer ISO-compliant (ISO 27001:2013 standards) ID assurance and protection.
Are you interested to learn more about our EMAS eKYC products? Drop us a quick message at [email protected] or visit us at www.innov8tif.com