John Karantzis, Managing Director & CEO, iSignthis: "Creating and re-using the financial identity- 4th AML Directive opportunities"

Can you give our readers some background information about iSignthis?

iSignthis is currently publicly-listed on the Australian Stock Exchange (ASX) under code ISX. The original aim of iSignthis was to identify consumers remotely, on behalf of merchants, so that the merchant would have the confidence as to who they are dealing with.

If you look at your current position, what do you see as your key markets in terms of segments and regions? You started in Australia, how did you grow from there?

Our key sector is actually Know Your Customer (KYC) or identity proofing for the various Anti-Money Laundering (AML), counter terrorism regulations and legislations that exist in different markets. Europe is our largest opportunity, because of the 28 member states of the Union, the way they are divided by language but bound together by European Community law, in the 3rd and 4th AML directives. Therefore, that means they need to have a unified and harmonious approach as to how they onboard or identify customers. However, it is important to keep in mind that they may also have to face a couple of challenges associated with different languages, different documents, and different physical approaches.

Could you point a few of the current identification methods and explain how does iSignthis method differentiate from these?

Typically, the original identification method is face-to-face. In this case, a customer presents himself with a passport or drivers’ license, and is identified by someone on the other side of the table. There was also the postal-based identification method, where documents were being photocopied and certified by a notary or a judge. In this situation, people did not need to turn up to the merchant or the bank directly. The third method, which has gained some popularity, has been the ‘big data’ or ‘data mining’ whereby government or credit agency databases are mined by various private bodies and the customers are asked knowledge-based questions - historical questions about themselves. If they manage to answer sufficient questions, then they are likely to be who they say they are. However, this approach presents a couple of challenges. Firstly and most important, the database is susceptible to being hacked or breached, and customers, hackers or other people can actually elicit information from others, and ghost or take over a person’s identity. This is what recently happened in the US with the Anthem data breach where 80 million customers’ details were exposed. The issues and challenges regarding the static approach with databases are currently tackled by the 4th AML directive, which suggests the adoption of a risk based transaction and dynamic-based approach.

With regard to our own identification method we offer a dynamic knowledge-based authentication system, in contrast with the static, historical data. Hence, we create a secret, dynamically, within the transaction, or a standard e-payment message, and we ask a customer to retrieve that secret from their statement of account behind the security of their home-banking or online-banking. This means that the customer needs to pass the issuing bank security before they can access the secret. In this case, as bank’s are a reliable source, we can trust that the financial identity is also reliable, as it was created under AML regulations, based upon KYC requirements.

What is your view on identification methods that use scanning technology or a webcam to transform physical documents?

For many years, people have proven their identity by photocopying a document and having it notarized, certified or verified by a qualified person. In this way a qualified person could look at, feel and tilt the original identity documents, view the in-built hologram and other security features, and verify or certify the document to ensure a trust framework is created, as those copies have been certified by an independent, reliable qualified party.. Therefore, in my opinion, the comparison of a photo on an identity document via webcam is not quite reliable. You cannot see that a document has been faithfully photocopied and certified using a 2D camera, and you would need an array of cameras with sophisticated tools to be able to view a 3D image of a person, as well properly view any hologram or security features on original documents. Another aspect worth mentioning is that there is no EU or global register of stolen credentials, therefore how is the validity of these documents checked?

In many countries, including Germany, Hong Kong, the United Kingdom, Singapore and Australia, the regulations specifically state that copies of documents must be verified or certified by a qualified person, such as a lawyer, notary, judge etc. Clearly, that is not the case with digitized images of documents

I would be reluctant to incorporate this kind of authentication method into a KYC process, but it may serve a certain level of assurance for other purposes than KYC.

How do you price your service? What is your business model?

Our model is based on having an annual price per identity, for each active identity. We only charge our customers, not the end user, as it is basically a business-to-business charge. So the AML obligated entity contracts with us, and we will charge them for each retail customer or consumer that is on-boarded to their service. The consumer does not actually pay anything to be identified. But those identities we verify need to be persistently checked against politically exposed persons lists, sanctions lists, and to see if the source of the identity has been revoked, for example, the bank account or the credit card that we used as the reliance source of information. So we do all these persistent checks, and as the AML directives requires a refresh, a continual due diligence of the identity, we revalidate the identities at least every twelve months. That is, we fully re-check the customer’s credentials to see if they are still valid and ensure that the identity is still maintained up to date and has not been exposed to any sanctions.

What other opportunities will arise from this 4th AML directive?

The key opportunity is that the EU has now recognized a number of countries as having equivalency status. Under the 3rd AML directive there were a handful of countries that were named, such as Australia, Japan, the US, Canada, New Zealand, South Africa. Now what the EU has done was to recognize that all Financial Action Task Force (FATF) members, which has about 100 countries, have an equivalency standard, and the financial identity created in one country can be used as passport into another country. So what that means is that a financial institution or an AML regulated entity here in Europe, such as a gaming organization or a stock broking firm or a bank can actually reach out, onboard customers remotely and offer services or sell directly to those 100 countries, via an online forum

What benefits do you see from digital on-boarding?

For instance, a digital services provider, whose current online focus is on a domestic market of 10 or 20 million people, they can theoretically increase that reach to 200 countries with 3.5 billion people, by using our on-boarding process. Therefore, the reach of the regulated service can grown exponentially, but the operational cost of running a web based service has remained the same. However, the cost for digitally on-boarding is probably lower that the paper-based, notarized or postal-based cost, providing scalable, increased reach at a reduced cost.

About John Karantzis

John Karantzis is founder and Managing Director/CEO of Australian Securities Exchange listed iSignthis (ASX : ISX). John holds qualifications in engineering (University of Western Australia), law and business (University of Melbourne; University of Melbourne Business School). With over 20 years of experience spanning a number of sectors, he has a broad understanding of international regulatory regimes as they relate to payments and identity.

About iSignthis

iSignthis is an intuitive and non-intrusive payment and identification authentication service. Identity and transactions from any card can be authenticated at checkout to safeguard against online fraud and ensure anti-money laundering regulation compliance. iSignthis’ unique solutions protect online customers whilst providing confidence and compliance solutions for merchants and payment service providers.