Increasingly more companies deal with business impersonation during the Know Your Business (KYB) process, thanks in part to publicly available business information, opaque ownership structures, and higher risk tolerances during onboarding.
We recently held a webinar with experts from Bolt and About Fraud to discuss the different ways fraud shows up during the KYB process — and how to prevent it. Read on to learn how to address business impersonation and incorporate fraud prevention tactics into your overarching KYB strategy.
Want to watch the webinar? Check it out here.
The core KYB process
KYB — or Know Your Business — is a due diligence process that involves verifying the businesses you work with to prevent fraud and comply with regulations. Whereas KYC (Know Your Customer) focuses on verifying individual identities, KYB is about checking the ownership structure of a business then verifying the identity of each individual owner.
As a reminder, the KYB process generally follows these steps::
- Verify the business: Gather information on the business to ensure it’s legitimate and trustworthy.
- Verify the beneficial owners: Identify the business’s ultimate beneficial owners (UBOs), the people who own a significant portion (at least 20%) of the company. Run standard KYC checks on those individuals.
- Decisioning: Review the overall risk profile of the business to determine whether or not it’s safe to engage with them..
Types of fraud in KYB
Business impersonation is when a fraudster uses a fake identity to pretend to be a business. Depending on whom the fraudsters target, business impersonation can be used to gain access to secure information, to steal money, to hide illegal activity (like money laundering), to get consumers to sign up for fake services or purchase fake items, or any number of other fraudulent activities.
Business impersonation is the most common type of fraud that occurs during KYB, but it’s not the only one. Here are other forms KYB fraud can take:
- Business misrepresentation: When a business owner falsifies key attributes about their business, like their financials or revenue
- Shell business: When a fraudster creates a business entity that has no significant assets or real operations, usually to hide illicit activities
- UBO impersonation: When a fraudster falsifies information about an ultimate beneficial owner of a company
- Business account takeover: When a fraudster takes control of a legitimate user’s identity to make unauthorized transactions
- Merchant fraud: When a fraudster assumes a merchant’s identity to process transactions and take funds
- Synthetic business: When a fraudster uses synthetic IDs to create a fake company
- Falsified documents: When a fraudster uses fake documents or changes key information in certain business documents
- Marketplace collusion: When two fraudsters on a marketplace — usually the buyer and seller — team up to run a scam, like creating multiple fake accounts to make fraudulent orders.
Common misconceptions about fraud during KYB
Many companies are still in the early stages of implementing a KYB strategy, which means there are a lot of misconceptions about how to effectively fight fraud during KYB. Here are two our panel called out:
Misconception #1: The same KYB strategy works for most businesses
KYB strategies aren’t universal. The same data collection practices and the same level of verification scrutiny aren’t going to yield the same fraud prevention results for every company. For example, large enterprises have a lot of publicly available information fraudsters can take advantage of, so they might need more friction and verifications during the onboarding process. On the other hand, for smaller operations and sole proprietors, you might need to reduce friction during onboarding and look to alternative risk signals further down the line.
A company’s size, industry, market, internal structure, and unique risk factors influence the type of fraud a business is likely to see, as well as the volume of verifications a business can run and the resources they can deploy to stop fraud. That’s why what works for one business won’t necessarily work for another.
Misconception #2: KYB is a one-and-done process
Many companies make the mistake of building a KYB process, then deploying it without modification for years. But KYB isn’t a process you can build and then ignore. Doing it right requires regular adjustment, as you review your data, talk to customers, and re-assess your business’s needs.
What trade-offs should you consider when addressing business fraud?
Financially succeeding as a company means balancing two goals: mitigating fraud and keeping your customers happy. The problem is that these goals can be in conflict. To mitigate fraud, you often need to collect lots of information from potential customers. But customers can get annoyed when you ask for too much information!
Here are a couple of key trade-offs to consider when figuring out how to prevent fraud:
- Customer experience: You have to cater to your customers’ needs and preferences while ensuring your KYB process is as safe and protective as possible. Let’s say, for example, that many of your customers are sole proprietors who aren’t super tech savvy. Instead of making them submit multiple documents online, you could look to other signals — like their online behavior — to assess their overall risk.
- Competitors: It’s important to consider what your competitors do when refining your KYB approach. If you go heavy on the verifications and checks during onboarding, for example, you might end up losing good customers to competitors who make the process easier. In that case, one way to balance risk and conversion would be to reduce friction during onboarding, then increase the number of checks before a business cashes out.
4 strategies for adapting KYB processes
Try these tactics to adapt your KYB process to keep more fraud out — while still keeping conversion high.
1. Combine multiple data points
Fighting business impersonation starts with conducting thorough verifications. To do that, you need to cross-reference a variety of data points and risk signals.
For example, confirming that a business passes a database verification check is a critical step, but it’s not enough. To cut your risk of fraud, you also have to make sure the information from that given database matches the details on the business’s documents, website, and other paperwork.
Or, let’s say a user verifies that they still have access to their company email address. You need to go one step further and verify that the user’s email address domain actually connects to the business entity in question.
2. Know what’s normal in your business (and what’s not)
An effective KYB strategy should extend past onboarding. A major part of preventing fraud during KYB is about understanding user behavior in your business. It’s crucial to know what normal behavior looks like, what good behavior looks like, and what suspicious behavior looks like — and have tangible examples of each.
Let’s say, for example, that a Bolt driver earns a higher-than-normal amount for one week of work. After flagging the suspicious behavior, the next step is to get more information. Maybe there’s a special local event where drivers are earning extra, or maybe they served several VIP customers. However, if there’s no reasonable explanation for the high earning amount, it’s time to escalate with an additional check.
3. Monitor and escalate
Continuous monitoring is critical to identifying patterns that indicate risk over time. If you have a more advanced solution, it should be easy to set up automatic cadences for monitoring crucial information. This helps you accomplish three key goals:
- You decrease friction by spreading out verification checks, while keeping yourself attuned to alternative risk signals.
- By triggering automated checks for suspicious behavior or specific events, you can reduce manual verification work, while still flagging risks for multiple types of fraud.
- You can continually refine your fraud prevention tactics, staying ahead of trends and changes in the ecosystem.
4. Put the right feedback loops in place
Business fraud evolves fast. Having the right feedback loops lets you incorporate fraud learning into your own system, so you’re keeping pace with — and even getting ahead of — fraudsters.
Whether you use a link analysis tool to identify fraud rings or a workflow automation tool, it’s important to codify the data from these tools into rules that block bad actors. That’s where it’s helpful to use a platform with modular building blocks, so you can layer on different rules and checks at different points in time.
Check out our complete guide to building your ideal KYB process.
Fight fraud with Persona
Persona makes it easier to fight business impersonation and other types of fraud throughout the KYB process — and beyond. For more examples of business impersonation and fraud prevention strategies, watch our entire webinar here.
For help building out your KYB strategy, consider Dynamic Flow, a customizable workflow that lets you collect identity information and adjust friction based on real-time risk signals.
Need more support? Reach out to us any time to ask questions and schedule a demo.