In a recent interview with SafetyDetectives, Brett Wise, co-founder of ScreenlyyID, sheds light on the burgeoning field of digital identity verification. Born from a blend of experiences in the highly regulated online gaming sector and the diverse world of vacation rentals, Wise’s journey to establishing ScreenlyyID is marked by a keen understanding of regulatory compliance and the paramount importance of user trust in B2C markets. Frustrated by the patchwork approach to KYC (Know Your Customer) and AML (Anti Money Laundering) screenings necessitated by disparate service providers, Wise embarked on a mission to consolidate these essential services under one roof. ScreenlyyID emerges as a holistic solution, offering no-code identity verification for less regulated markets and robust API-driven checks for sectors under tight governmental scrutiny. This innovative platform promises to streamline the verification process, ensuring compliance and fostering trust across various industries.
Can you share your journey and what motivated you to co-found ScreenlyyID?
I started in the online gaming industry and transitioned into building SaaS solutions for the vacation rental industry. Both these industries are regulated to varying degrees. The gaming industry in the US is highly regulated, and globally, vacation rental industries are regulated to various degrees. As well as the regulations, we were also dealing with end-user trust as it is a b2c market.
During this time, I realised that whether it be highly regulated markets where you need to report to government agencies a set of strict data policies, or if you simply want to give your customers a degree of security in knowing the person renting their property is who they say they are; there was no single provider that could allow us to layer the different degrees of data points that we needed to cover as well as the uphold the many standards of compliance across various industries.
We had to work with and integrate with multiple providers for the different KYC (Know Your Customer) and AML (Anti Money Laundering) screening checks that we required. There was one provider for identity verification (document authentication with face match and liveness checks), another for electronic identity verification, one for AML sanctions, PEP (Politically Exposed Persons) and global watchlist screening and other vendors for email, phone, and address verification.
This led me on the journey to start ScreenlyyID. The idea was to set out a platform that can be used by a single user to provide no-code, out of the box identity verification solutions for checks in less regulated industries, to fully fledged AML and KYC teams that can use our APIs and SDKs to integrate enterprise grade monitoring in government regulated industries. We wanted to build a low-cost solution that allowed organizations to work with one technology partner, one data partner, one account management and technical team, sign one Agreement with one Company. Providing them with all their KYC and AML requirements.
What are some of the flagship features offered by ScreenlyyID and what sets it apart from companies in the industry?
Our flagship of course is remote identity verification, which includes document authentication and biometric verification. We can identify over 13,700 identity document types from around the world. We have a number of modules that can be layered on top of this to give a full 360-degree view of the customer, from their device type, their appearance on watchlists, to social media and online presence. This sets us apart as many identity companies rely purely on the ID document itself. We can layer up our various modules to give either a basic identity check (less regulated industries), to a full KYC, Sanction, PEP and Watchlist check, supplemented by other points of intelligence information.
We also have services such as live transaction monitoring for AML, and proof of address. These can be run using our no-code dashboard, or via more advanced API and SDK integrations.
Can you discuss the importance of continuous monitoring in fraud prevention?
There are billions of transactions every minute of the day. Ensuring that these transactions are not fraudulent help not just businesses but also individuals. Protecting those that are more vulnerable from transacting money out of their account to a fraudster for example. We hear about these stories on the news every now and again and they are heartbreaking. At its core, continuous monitoring is to protect people and their hard-earned assets. To ensure that scammers and fraudsters are stopped before they inflict damage, scam money, use the process of illegal activities, or use fake identities to instigate fraud.
What are some best practices for businesses implementing identity verification and fraud prevention measures?
Defence in depth. From initial onboarding, application assessment, transaction monitoring, and ongoing general account activity. Businesses should use secure services like ScreenlyyID at each of these stages to ensure an individual’s identity and prevent the different types of fraud from taking place. Zero friction KYC screening checks that could include email, phone, and address verification along with IP and Device analysis at the account opening stage. Document authentication and analysis along with biometric verification at the application stages, using live transaction monitoring if required. The use of continual monitoring of behaviors in combination with biometric verification such as a face match verification which can be added to workflows where money is being withdrawn or transferred in the account activity and ongoing transactional phase. Using APIs, we provide such as, IP & Device analyses which can determine if the initiator of a transaction is in the location they say they are, using a common device or a device we have not seen before, if the volume falls outside of usual thresholds etc. Conducting regular assessments and audits is also crucial, along with other factors such as staff training, promoting a culture honesty internally, sharing information and continually raising awareness.
How can companies address emerging threats such as deepfakes and synthetic identities?
Deepfakes are a real problem. With the incident recently in Hong Kong with the financier paying out $25 million after video of their CFO authorizing the transaction, technologies like ours must be employed to test at the point of transaction. Our biometric product is NIST (National Institute of Standards and Technology) tested and approved, and performs ISO 19794-5 and ISO 39794-5 standards compliance tests, designed to detect deepfakes.
Going back to best practices, companies should interject biometric checks at the point of transaction to detect the possibility of a fake before authorizing the transaction.
Also, with synthetic identities, the use of remote identity verification can take the identity documents, the photos that were provided, and verify this matches the person initiating the transaction by asking them to provide a selfie or short video via their mobile device which is biometrically matched to the identity document. This is why we also add our additional products that can be layered on top of an identity verification check.
Take the example of someone stealing a Social Security Number from the dark web. This maybe a child’s or elderly persons SSN. This is then combined with a fake name and fake ID. By employing multiple layers of our modules, we can analyse any ID for tampering, match the photos to biometrics, then run the information provided through additional modules such as our electronic identity database. A fake SSN/name combination would pull up no credit or government records, there would be no telco records for this person. The address may also not match. This instantly raises a risk alert that this person may not be who they say they are. We can also profile any email or phone number provided to search for online presence. If this person has zero online presence again a flag would be raised.
With the increasing focus on data privacy, how do you anticipate consumer expectations around data protection to evolve in the coming years?
The general acceptance and expectation that companies are requesting increasing amounts of data from their customers. It is becoming the norm that a facial recognition check is required to complete a transaction. The rise of smart phones and their biometric technology to unlock or access the device has normalised this. I do not think there is a barrier of expectation for this to cross over into everyday account onboarding or transactions.
However, as this becomes more socially acceptable, there will also be a movement towards decentralizing and empowering end users to own their own data. To leverage technologies such as blockchain and web3 enabling this has already begun, and ScreenlyyID is already partnering with companies to provide these sorts of decentralised solutions.
Customers will grow to expect that although some form of authentication will be required, they will in fact be in complete control of the data they are sharing, how long it is shared for, their right to have any data deleted or not saved just viewed at the necessary time only will become increasingly prevalent.