KYC

The fault in our CKYC stars

4 MIN READ
RBI Bank

A few weeks ago, I applied to open a savings account at a private bank. Around the same time, I applied for a credit card with a fintech company. One was a paper-intensive process, the other a single-click one (well, almost).

Through these two contrasting experiences, I understood how the promise of CKYC is still a long way from being fulfilled. Let’s dive in.

The premise of CKYC is simple, yet powerful: you need to do your KYC only once. How cool!

After you’ve submitted your documents, they get uploaded to a central repository and you get a unique identifier assigned against your records.
You can use this identifier to complete any KYC from hereon. Or your PAN number also works. Perhaps this is what the fintech did for my credit card KYC.

However, it got me thinking – how can one be sure that the documents uploaded to CKYC are 100% genuine? Or that they actually belong to me?

Here is where scenarios like my bank account opening process come to mind.

Imagine it’s the month-end. Bank branches are overworked. Account opening targets are yet to be met. An innocuous-looking user walks into the branch and submits tampered KYC documents to open a normal savings account. He escapes scrutiny from the relationship manager owing to the month-end frenzy.

RBI mandates REs to upload a user’s KYC documents to the CKYC registry within 10 days of opening an account. So that’s what the bank does. However, the CKYC registry does not check for the authenticity of documents.

Consequently, the fraudulent user’s tampered with documents end up getting stored in the CKYC registry.

It’s not hard to see why one may rely on documents fetched from CKYC – these are essentially OSV (originally seen & verified). And that’s just the kind of crack that fraudsters might exploit.

So does this leave CKYC unreliable? No, far from it. Not if you have appropriate fraud prevention checks in place.
While downloading documents from CKYC, FIs should check for PAN card tampering.

Additionally, a face comparison between the photo in the records and the user’s selfie will eliminate any chances of impersonation fraud.

Or alternatively, as per RBI regulations, a video KYC flow can also be used to identify a customer based on records fetched from CKYC.

CKYC does make the KYC process smooth and simple. But the sanctity of CKYC is only as good as the first layer of KYC. The right fraud checks process can make the process just as safe.

Do write back to me if you have any thoughts.

Warm Regards,
Vish

RBI to revisit KYC rules after digital lending fraud

RBI Bank

Over the last few months, cases of digital lending fraud have been rising unchecked. Some of these came to the fore owing to their high-profile nature. In light of this, the RBI has decided to take a fresh look at the KYC rules to arrest the rise.
My colleague, Vibhav, had also written about the modus operandi of fraudsters in case you’d like to give it a read.

75 new ‘digital banks’ this year, says FM Nirmala Sitharaman

CKYC stars RBI

Nirmala Sitharaman, speaking at a recent event, revealed that the RBI is all set to bring in 75 ‘digital only’ banks and NBFCs in India. The RBI is going long on taking banking to the remotest corners of our country.

RBI sets foundation for payment system operators’ geo-tagging

CKYC stars

In a recent circular, RBI unveiled its new framework for geo-tagging of Payment system touchpoints. This article highlights its impact on the banks, fintechs, and payment enablers. Every payment touchpoint, including the POS and QR codes, need to be geotagged. Banks, as well as non-bank system operators, are required to implement this. It will help assess infrastructure density as well as regional penetration of digital payments.

On a lighter note

CKYC stars

We help companies like yours prevent fraud and engage with the genuine in a friction-less manner. Do get in touch with us at shivani@idfy.com or fill out the form here.