How digital identity verification keeps your account secure
Banks use intelligent learning mechanisms to protect you at every step of your banking relationship, from the moment you sign up to the day-to-day transactions you don’t even think about.
8 min read
If you’ve ever opened a bank account, you know how time consuming it can be. Most banks require some pretty serious paperwork, such as a passport or other photo ID, proof of address or registration, and proof of income. While this may seem tedious, this process — referred to as “KYC” — is actually vitally important for keeping customers, banks, and your money safe.Customer identity verification in the digital world isn’t as arduous, but it comes with its own challenges, especially given how sophisticated cyber criminals have become. However, banks have new tools at their disposal for everything from detecting financial crime to preventing account takeovers.Here, we’ll dive deep into how banks like N26 are using technology to spot blacklisted fraudsters and keep legitimate customers — and their money — safe.
KYC: The first step in banking customer security
KYC, or “know your customer,” is a process of verifying a customer’s identity and confirming that they are who they claim to be. Not only is identity verification important when someone opens an account, but it’s also an ongoing measure to protect customers and their accounts from scammers. According to Christian Thurau, Director of Data Science and Analytics at N26, KYC has two distinct goals when it comes to security: “The first thing we want to do is restrict any fishy customers from opening or accessing an account. The second is to monitor customer behavior so that we can detect money laundering and other financial crimes, like marketplace fraud.” With KYC, banks can detect identity theft, and ensure that money comes from legitimate sources. All of this helps to protect legitimate customers from fraud, money laundering, and other criminal activity. As N26's Anti-Financial Crime division of the Product team explains it, KYC is about facilitating an environment where everyone is safe and relaxed. “This is why you want to know your customer, — all without being too intrusive.”
Data and technology: The best bouncers a bank could ask for
This is where data and intelligent learning mechanisms come in. While you might think that machine learning isn’t as reliable as a human “bouncer” at a bank branch, these tools can actually make the entire KYC process less biased, more thorough, and most of all, more secure.“In a bank branch, you need to rely on the person at the desk asking for a customer’s ID card — it’s a matter of trust and is susceptible to human error or bias,” says Vincent Junik, Director of Security Engineering at N26. Furthermore, he adds, many banks were built on analog technology, and many of them are still trying to adapt and optimize their processes. That’s where digital banks have a leg up. “In the digital world, we have a lot of tools to create proof of action. At N26, we built our system to be optimized on all those domains. So, when there’s new technology or new ideas about targeting a specific problem, we can integrate it into our system quickly while ensuring the highest compliance standards are met” says Junik. From the moment customers download a banking app, banks have tools at their disposal to ensure that they’re only giving accounts to legitimate customers. Machine learning has the power to identify patterns of behavior from large data sets and generate predictions. This means that it can zero in on red flags that a human might struggle to spot. It also automates these prediction processes — in collaboration with real-life humans, of course — which saves a lot of time and money.For the customer onboarding process at N26, Thurau and his team created intelligent tools (supervised by humans) to detect potentially fraudulent users. “Our model is designed to take in all the data that we have about any given user up until that moment in time,” says Thurau. Using information from large internal and external databases, Thurau and his team are able to catch fraudsters or money launderers during the KYC process and stop them from gaining access to the club — er, bank — in the first place.
Maintaining trust beyond KYC: Internal security that keeps our club safe
Keeping criminals out is all well and good, but the reality is that no bank is able to catch every single fraudster at the door. Plus, account takeovers mean that even if a newly onboarded customer is legitimate, the activity on their account may not be. That’s why banks need to have measures to prevent scammers from doing any damage if they do get access to someone’s account. To do so, modern banks implement advanced data processing and technical solutions that prioritize both convenience and security every step of the way.
How customer data keeps customers safe
Data isn’t just helping banks like N26 keep fraudsters out, it also helps prevent financial crime from taking place — without disrupting customers’ daily lives. Machine learning helps to achieve both security and convenience. Looking at transactions holistically can reveal patterns that tell a story: “For example, when you identify that someone just used their card in Berlin and then two minutes later they use that same card from Spain, we know something isn’t right. Either the Berlin transaction was fraudulent, or the Barcelona one is. That’s what we're trying to understand.”In this way, machine learning is like your own personal bodyguard as you move through your life and use your bank – helping to verify that you’re actually the one buying a plane ticket to Barcelona or a t-shirt from a niche Swiss brand. By using tech to review each transaction in real-time, banks can identify suspicious payments or purchases, stop money from going to blacklisted accounts, and spot suspicious activity that may indicate anything from money laundering to an account takeover. These security triggers are partially automated, and when a certain threshold is breached, the transaction is put on hold by investigators and scrutinized. These tools don’t just keep customer accounts secure — they also make people’s lives easier. Thanks to intelligent learning models, banks can now spot payments that could lead to other unique purchases that would otherwise have been flagged as suspicious. Buying that plane ticket to Barcelona offers a clear explanation for your Spanish hotel booking and a sudden flurry of payments to tapas bars, for example.
Worry-free — This is how I bank
Bank card gone missing? Lock it and unlock it in seconds in your N26 app.
Re-authentication: An everyday tech solution that keeps your account secure
As much as data and machine learning do to keep bad actors from accessing an account, they aren’t the only tools that keep digital banks secure. Banks use technology to think holistically about the customer journey. And as a mobile bank, this all starts with your smartphone. With smartphone pairing, customers need a single, authenticated device to perform any action on their account. Got a new phone? Then you’ll need to re-authenticate. Rather than doing this via phone or chat, where a fraudster could hack into the account and try to gain extra information, N26 sends a push notification to the paired smartphone. So, why is this seemingly simple action so effective? Well, fraudsters are experts at phishing for email passwords, birthdates, or ID numbers, which they use to log in to websites, initiate a chat, and try to gain account access. But when a push notification is sent to a customer’s phone, you need access to that phone to perform any further action. “This seamless user experience is possible because we use cryptographic digital signatures at each step of the user journey. ,” says Junik. " In simpler terms, this means that there are checks in place to make sure everything is happening in the way that we expect it to. “These signatures ensure the authenticity and integrity of the user and his actions, which makes it impossible for anyone to be authenticated unless they have the paired smartphone.” And that’s not all, Junik adds. “When you log in from your paired device we’re also using cryptographic materials behind the scenes, which are stored in the most secure enclaves of your device. This makes it virtually impossible for someone to steal this data.” Thanks to the smartphone pairing system in place at N26, cyber criminals would need to be much more advanced — basically, the customer would have to be cooperating with the criminals for them to pull off a hostile takeover. “With N26, it’s not enough to have the customer information. Criminals would need to have their tech too.”At the end of the day, banks and their customers will always have to fend off attacks and scams. But by using advanced technology and by putting meaningful data to good use, banking is actually safer than ever before. Once you’ve made it past the bouncer and onto the (digital) dance floor, you can let your hair down a little — safe in the knowledge that your bank has your back.
Your money at N26
At N26, your security is our priority. Security features like 3D Secure and biometric authentication are included with your N26 account to keep you and your money safe. Plus, we regularly update our blog with articles about the latest online fraud tactics and how to protect yourself. Learn how to protect your digital identity, create a strong password, how secure mobile banking works, and much more.
