Customers are often a north star for businesses. Understanding customer personas and preferences help companies set effective strategies that drive loyalty and long-term business growth. However, there’s another side to why it’s essential to know your customers.
The concept behind Know Your Customer (KYC) is grounded in keeping business and systems safe by vetting customers. The strategy is for a company to set protocols that will help protect them from scammers posing as customers. By gathering and evaluating information about a potential new customer, the company can root out nefarious people acting as customers and looking to commit financial crimes.
Such protocols entail verifying a customer’s identity, clarifying their intentions, understanding their transaction patterns, and evaluating that data to determine potential risk. These areas give a business insight into whether a customer is exhibiting suspicious signs or activity and the next steps they should take to mitigate harm to the business and other customers. In summary, the goal of KYC is to enable a business to confirm the true identity of a customer before conducting business with them.
An industry well versed with KYC is the financial sector. Financial institutions like banks, credit unions, and financial firms are legally required to comply with KYC regulations to avoid bringing in fraudsters that could conduct serious and illegal financial schemes like money laundering and terrorism financing. By verifying a customer’s identity when opening an account and monitoring their transaction patterns, a bank is able to more easily weed out and address suspicious customer activities compared to regular customer activity. If a financial institution does not follow KYC regulations, they are subject to fines.
The KYC practice has become applicable in the cloud communications and enterprise collaboration spaces, as fraud has emerged as a growing concern.
In December 2020, the FCC adopted a resolution requiring all originating voice service providers to “know their customers and exercise due diligence in ensuring that their services are not used to originate illegal traffic.” This directive came with the recommendation “that voice service providers exercise caution in granting access to high-volume origination services, to ensure that bad actors do not abuse such services.”
These diligent KYC identification practices help managed service providers (MSPs), resellers and other communications service providers (CSPs) safeguard their services from being used by nefarious individuals hoping to conduct fraud or cybercrimes.
At Flowroute, members of our sales and customer success team play a role in identifying, preventing, and collecting data on potentially problematic use-cases of our platform. We provide our customers access to the PSTN through a self-service portal and, therefore, have prioritized setting up processes that will keep them safe and prevent our systems from being abused.
We’ve implemented machine learning tools that identify and ban bad actors from accessing services until they can provide the necessary identification and use-case information to our customer success teams. Other MSPs and CSPs can follow a similar practice. We also manually monitor potential risks by cross-referencing customer activity against a predetermined list of warning signs. These signs help us uncover untrustworthy “customers” that could pose a threat.
Below are some of the factors that we consider top warning signs. These factors might vary based on the MSPs and their customer base but can be used as a starting point to keep systems safe.
- A customer requires access primarily to high-volume, short-duration outbound voice or SMS options in their communications campaigns.
- A customer exhibits rude, entitled, or discriminatory behavior or remarks.
- A customer’s website has very little current content or has incomplete information about this business, including vague testimonials without sources, old formatting styles, blurbs that include “Lorem ipsum sit dolor amet” or similar default text. A suspicious customer website also lacks clarity of the services or products they provide or the customers they serve.
- A customer asks to only pay with crypto or other non-traditional and complex methods of payment that are hard to trace.
While each of the above actions in isolation may not be cause for concern, they are all red flags that should prompt a CSP or MSP to further investigate before moving forward with that particular customer.
If a provider finds itself running into these factors, it’s best to advise the customer to register with the FCC’s Robo-Call Mitigation Database or implement its own STIR/SHAKEN implementation. These actions will help them find an amenable vendor while keeping systems safe.
Providing secure, protected, and reliable cloud-based communications will always be a top priority. It’s imperative that our customers and partner carriers feel secure using our services. We’ll continue to dedicate time and resources to enforce targeted KYC protocols that keep our systems safe from abuse by nefarious people who intend to scam our customers and partners.