Language

30 Aug 2024in IDV basics

Customer Reverification: How, When, and Why Businesses Have To Do It

Henry Patishman

Executive VP, Identity Verification solutions at Regula

User verification isn’t a one-time process for many reasons.

Customers may change their addresses or last names, making it necessary to update their personal details stored by companies. Additionally, maintaining accurate client data is a requirement under Know Your Customer (KYC) regulations, which businesses in many industries must adhere to. 

In this blog post, we’ll discuss customer reverification in terms of prerequisites and processes.

Stay Tuned!

We'll deliver hand-picked content from Regula's experts into your inbox

What is customer reverification?

The customer reverification process involves reviewing a user’s identification data again after an interval of time to ensure the person's data held on file is current and they are who they claim to be. This process may require them to resubmit their ID documents, visas, or biometrics to verify their identity. 

Customer reverification is often part of ongoing monitoring under a Customer Due Diligence program, which is one of the essential components of KYC policies. 

For example, most financial companies in the US rely on a risk-based approach. This involves categorizing clients as low-, medium-, and high-risk, with each group being monitored and verified differently. High-risk customers are typically those who engage in certain professions, possess sufficient assets, or are linked to countries subject to sanctions. As a result, their data and transactions are monitored more frequently and carefully.

However, not every company needs client reverification. This practice is generally limited to regulated businesses, such as banks and financial institutions. These companies usually develop their own procedures, considering that the ultimate compliance responsibility rests with them.

Types of customer reverification

Information about clients can be rechecked in various ways. The most commonly used types of customer reverification include:

  • Official document verification: Necessary details about clients, such as a residential address, can be verified through third-party documents, including rental agreements, utility bills, bank statements, or government correspondence. 

  • Identity document verification: To confirm a customer’s identity, companies can check their passport, driver’s license, residence permit, or other photo ID. In some cases, this also allows companies to verify the customer’s eligibility for access to particular services. For instance, a non-resident with a bank account must regularly confirm they have a valid visa or another document allowing them to legally stay in the country.

  • Biometric verification: As a form of rapid reverification, biometrics—such as selfies or fingerprints—can be used to approve large transactions or to change sensitive account information, for instance, a password or personal details. 

  • Ongoing checks: These are quick verifications to ensure that the account is controlled by the authorized user. Ongoing checks include email verification, submitting secret codes, or instant notifications like “Is XXXX still your phone number?” sent automatically by the platform. 

Why is reverification important? Use cases

The primary purpose of the customer reverification process is to ensure that the customer is legitimate and still has control over their account. The type, prerequisites, and frequency of these checks depend on the company and regulations within its operating sector. 

Here are some general use cases in which customer reverification is necessary:

The scheme with the most common customer reverification use cases

Updates to personal details

For many businesses, it’s critical to have up-to-date contact information for their clients. However, people sometimes move, renew their ID documents, or change their mobile phone numbers or names after marriage. Whether the user or a manager updates this information, the new data should be verified before being entered into the database. 

 

Real-life example:

Swish, the payment app by Swedbank, reverifies customers who want to change their mobile number by sending them a verification code via text message during the update process. Users must first cancel the payment service in their internet bank and reactivate it with the correct contact information. 

Swish payment app

All new customers of Swish also need to verify their identity. After scanning a passport, driver's license, or other physical ID document, they receive a BankID, an electronic document used to sign transactions within the app.

Suspicious user activity

This feature, available on most digital platforms, helps prevent account takeovers and fraudulent schemes. Reverification is required when a user logs in from an unusual location or device, authenticates after a long absence, or engages in other irregular activities.

 

Real-life example:

Most digital platforms, like Revolut, track user activity with automated monitoring systems. Once an account is flagged as suspicious, the system temporarily restricts transactions for review. During this process, the user may be asked to provide information or documents to verify their payments or actions.

Revolut restricts an account

Revolut notifies users that their accounts have been restricted via the app and email, highlighting the reasons for the restriction. Source: Reddit

Expiration of user identity documents

Banking and financial services require all new customers to present their IDs to complete registration. Depending on the ID type, validity periods can vary: from a year (such as a business visa) to up to ten years (such as a passport). This means that companies must regularly request updated documents to ensure customers remain eligible to access their accounts.

 

Real-life example:

Maintaining valid customer identity documents and information is a strict requirement under KYC regulations in many countries. For example, ADCB Islamic Banking informs customers that certain transactions or services may be limited, restricted, or discontinued if they don’t update their ID documents upon the bank’s request. 

 ID submission form in ADCB Islamic Banking

ADCB Islamic Banking follows a four-step reverification process for regular customers who need to update their ID documents.

The customer reverification process in this case implies submitting valid IDs—a passport and Emirates ID—along with card details and a registered mobile number. Once the necessary information is provided, it’s processed within 1 to 2 working days.

Applying for a loan

In banking, identity verification is mandatory during the loan application process. Additionally, documents such as income statements, employment records, assets, credit history, and property valuations submitted by the borrower are also validated. Since fraudsters often obtain “non-refundable” loans using synthetic identities, confirming the borrower’s identity is a key eligibility criterion to ensure they can repay the loan. 

 

Real-life example:

Current US Bank customers can receive a personal loan of up to $25,000 after submitting an online application. Factors the bank considers in the decision-making process include the client’s credit score, debt-to-income ratio, and credit history. The two-step online application flow includes:

  • Soft credit check: This uses information about current customers to determine a personalized rate. New customers need to complete a questionnaire.

  • Application submission: This requires a Social Security number (SSN), home address, and employment information.

US Bank loan application

While evaluating new borrowers, US Bank requests additional information.

Once the loan is approved, the funds will be available in the borrower’s account within a few hours. 

Approval of high-risk transactions

Customer reverification is widely used to validate transactions while detecting fraudulent activity and minimizing potential financial loss. Typically, additional authentication is required for subscription payments, high-value transactions, card-not-present (CNP) transactions, and international transactions. Payments involving customers from certain geographical locations or those involving specific goods or services, for example, CBD products or gambling, are also often considered high-risk.

 

Real-life example:

Users of the NatWest International mobile app can authorize transactions using biometric approval. For instance, a customer must present their face to the camera to make a payment to a new recipient for the first time or to change payment limits in their account. To use this functionality, the user must first take a selfie, which is encrypted and stored in the bank’s database after verification.

Security and AML incidents

If a user's data is compromised due to a data breach or fraud, companies are obligated to investigate the incident. Law enforcement agencies, tax authorities, and other relevant bodies are often involved in the process as well. They may request that the company block suspicious accounts to verify personal or financial information, in accordance with anti-money laundering (AML) regulations. 

 

Real-life example:

Paysera can fully restrict user accounts or freeze funds if there are violations of the service’s terms and conditions or the law. For example, if there is suspicion that the account owner is evading taxes or using Paysera for banned or illegal activities, the company may take action. To regain access, customers typically need to submit their ID, complete a KYC questionnaire, or present information about the origins of their funds.

Paysera account is restricted

Digital services impose various restrictions on suspicious accounts in cases of legal violations. Source: www.paysera.lv

Customer reverification in your business

In most use cases, the need to reverify customers’ identities is driven by KYC and AML regulations. Companies are required to keep IDs, official documents, and personal information valid and up-to-date; otherwise, failure to do so can result in penalties and financial losses. 

To meet these requirements and create a smooth reverification process for customers, reliable solutions are essential. Regula offers robust technologies to support your needs:

  • Data entry automation: Ensures accurate and consistent collection of user information, including identification data, in the database.

  • Identity document verification: Authenticates and validates passports, ID cards, driver’s licenses, residence permits, and more with a complete set of verification checks.

  • Biometric verification: Uses face recognition and liveness detection for quick identification through a selfie.

Book a call with one of our representatives to learn more about how we can collaborate.

Time to Connect with Regula

Learn more about solutions for verifying new and existing customers

On our website, we use cookies to collect technical information. In particular, we process the IP address of your location to personalize the content of the site

Cookie Policy rules