As many of you are aware, Equifax reported that hackers gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security and driver’s license numbers.
While we are still making sense of what really happened, this hack raises an important question: How do we KYC customers in a world where about half of the customer’s personal information is compromised.
Here are some of the steps Synapse is taking to improve our KYC stack:
For Deposit Accounts
It is fair to say that SSN verification is not a valid KYC method anymore (by the way we were already ahead of this, read this).
So now for deposit accounts we will be doing the following:
- Collect SSN for regulatory reasons with W-9 certification (we will be doing basic SSN validations, but not relying on it for KYC).
- Collect & verify Government Issued photo ID as the primary form of verification.
- Collect & verify Video auth as a secondary form of verification.
This, along with the other signals we get from email, phone number, IPs, etc, will be adequate to KYC the user.
Non Deposit Accounts (payments, sub-accounts, etc.)
For non-deposit accounts (payment processing accounts or sub-accounts), we recommend platforms drop SSN verification altogether and adopt one of our social media verifications instead.
Honestly none of these are any new steps that we are taking except reducing our reliance on the SSN verification stack. Everything else we have been working on for years.
We genuinely believe that building out a trust-less verification layer is far more important than relying on proxy data like SSN to verify customers.
If you are using SSN as a primary source of verification, we will reach out to you to discuss these updates and how they affect your integration. In the meantime, if you have any questions, please reach out to us at firstname.lastname@example.org.