Introducing the first fully digital end-to-end FICA system

Featured

KYCFactory is the first fully digital end-to-end electronic FICA/AML solution that requires no supporting documents, whether a business is onboarding a consumer or a business.

As a chief provider of customer verification and risk management services, pbVerify understands time is too valuable to spend on onerous KYC processes.

The pursuit of compliance today, particularly in the financial services industry with its stringent regulation milieu, has many businesses troubled. It is something that consumes an enormous amount of their time – not to mention energy and resources.

Perhaps one of the biggest headaches, is the Financial Intelligence Centre Act, (FICA) which came into effect in 2003 after being introduced two years prior, with the aim of combatting financial crimes such as money laundering, tax evasion, and terrorist financing activities.

More recently, in May 2017, even tighter regulation was introduced with the FIC Amendment Act. Essentially, FICA makes sure that institutions know exactly who they are doing business with – i.e. Know Your Customer, or KYC.

Because the pbVerify team understands how valuable time is in today’s business world, we have introduced a revolutionary new FICA product that offers businesses a fast and easy means of ticking all the compliance boxes when building customer-facing onboarding systems: KYCFactory.

Fully digital FICA compliance

Launched this year and developed by our pbVerify software team, KYCFactory is the first fully digital end-to-end electronic FICA/AML (Anti-Money Laundering) solution on the market that requires no supporting documents, irrespective of whether a business is onboarding a consumer or a business.

KYCFactory’s consumer verification comprises configurable, automated processes, including a slick new online 3D liveness test that biometrically matches the person to their national identity document photo, identity data, and alive-deceased data while retrieving their address from over 100 trustworthy SACRRA sources.

Thanks to SigniFlow’s advanced digital signature and workflow automation software, KYCFactory offers businesses the ability to workflow the KYC process, including all requisite information, to multiple people who may need to sign a declaration in observance of the applicable laws.

In accordance with the FIC Amendment Act of 2017 (which accountable institutions had to comply with by April 2019), KYCFactory takes care of compliance for all juristic persons via a brand-new approach to FICA verification – an electronic declaration that caters for Directors, Signatories and UBOs (Ultimate Beneficiary Owners).

Sanctions screening

KYCFactory incorporates pbVerify’s new Sanctions, PEP and PIP (Politically Exposed and Influential Persons) reporting tool, which enables businesses to manually screen prospective clients and perform enhanced due diligence on anyone, from any country.

This service instantly reports on over 2.5 million detailed PEP profiles and detects individuals, organisations and vessels linked to more than 50 risk categories, including Sanctions, Foreign Officials, and State-Owned Enterprises.

The second part of our Sanctions screening service relates specifically to sanctions and embargoes – i.e. political trade restrictions put in place against target countries to maintain or restore international peace and security. KYCFactory automates reporting on business with individuals who pose a threat and are listed on OFAC (The Office of Foreign Assets Control) Mission. Read more here.

Total technology             

In addition to the aforementioned technology that makes KYCFactory the world-class, comprehensive FICA solution it is, other platforms used to authenticate customer identity beyond a shadow of a doubt include:

  • Department of Home Affairs ID Photo Biometric Verification
  • Google Geolocation & Street View
  • CIPC Company & Director Verification
  • SACRRA Address Source Validation
  • Social Media for Business (Instagram, Facebook & LinkedIn)
  • Website Verification (SSL Authentication)

KYCFactory is available via API & integrates seamlessly with business systems, according to individual KYC and compliance management methods and policies.

Say goodbye to time-consuming manual & paper-based FICA processes, and find out how headache-free compliance can be: Give us a call on +27 (0)10 300 4898 or email support@pbverify.co.za.

pbVerify is a registered Credit Bureau in terms of section 43 of the National Credit Act 34 of 2005. Its data-systems, data-security and data-processing protocols are audited annually in accordance with the NCA. pbVerify follows strict ISO9001:2015 quality management processes that are audited and internationally certified by TUV Rheinland Germany. pbVerify engineers are certified in ISO27001 IT Security Management.

REFERENCES

  1. Fic.gov.za – Financial Intelligence Centre Act (Act No. 38 of 2001) [PDF]
  2. SigniFlow – KYC
  3. The Banking Association of South Africa – Financial Intelligence Centre Act
  4. SABRIC – FICA (KYC)        
  5. Law Society of South Africa – FIC Amendment Act published
  6. Financial Intelligence Centre – Who are we?
  7. BBrief – FICA amendments deadline fast approaching
  8. International Compliance Association – What is compliance?
  9. Financial Action Task Force – Who we are

Airtight security introduced for airline boarding passes

Featured

airport-1515431Because airline boarding passes can be issued up to 24 hours before a flight departs, and due to security gaps in existing boarding pass technology, fraudsters with even limited technical know-how could tamper with and gain access to the information they contain.

The problem

While measures around privacy and security within the air transportation industry have remained largely unchanged over the years, fraudsters’ modi operandi have not. In fact, fraudsters have become more sophisticated with the rise of digital and the proliferation of data – putting both airlines and their passengers, today more than ever, at significant risk.

Airline boarding passes, in particular, have seen numerous systems put in place over the past decade, to help authorities and airline officials identify fake boarding passes, with most of these relying on advanced printing techniques.

The bar-coded boarding pass (BCBP) became widely available in 2010 and comprises a 2-dimensional (2D) bar code printed on a paper boarding pass or sent to a mobile phone for electronic boarding passes (e-boarding passes).

The BCBP standard was originally published in 2005 by the body responsible for global standards for airlines’ safety and security, the International Air Transport Association (IATA), which updated it in 2008 to include symbologies for mobile phones, and again a year later to include a field for digital signatures in mobile bar codes.

While the move to BCBP has made travelling more convenient, in many instances, for travellers who are able to use mobile boarding passes, the technology behind it has not eliminated the risk of ticket fraud or identity theft, because data is not encrypted.

Not only does unencrypted travel material leave it susceptible to being tampered with and being used unlawfully and dangerously, it also leaves passengers wide open to identity fraud, given that airline tickets contain a great deal of personally identifiable information (PII).

SigniFlow Americas CEO, Laila Robak, explains: “Besides the risks involved with ticket fraud, even companies that apply digital signatures to its boarding tickets do so only from a ticket integrity point of view. However, there is still unencrypted data within those tickets, and anyone with access to the bar code has access to the passengers’ data, creating a risk of identity fraud, which is certainly a security and compliance concern.”

The solution

With a team of cryptographic experts and experienced engineers behind it, the SigniFlow solution, which operates in a cryptographic signing environment, is a natural fit to build, develop and enhance the available technology behind boarding passes, and to irrevocably seal the data they contain.

According to IATA’s BCBP Implementation Guide, which outlines the existing barcoded boarding pass solution: “Bar Code on Printed Boarding Pass: the default Bar Code presented on printed boarding pass is a 2-dimensional Bar Code in PDF417 standard containing a structure data message (SDM). On the request from the Airlines version 7 extend the standards to allow Aztec, Datamatrix or QR code formats on printed boarding pass those formats are currently used on Electronic (Mobile) Boarding Pass only.”

SigniFlow Director of Development Eugene Smit explains: “SigniFlow’s microservice architecture allows for signing, encrypting and verifying data on all boarding passes, enabling the generation of datastreams, signature streams or image-based bar codes, such as Aztec, QR, PDF417 and Datamatrix.

“The system produced by SigniFlow, allows a ticket\pass generator to issue a unique private key for the signer, using our microservices, and the signer is then able to sign any datastream, and use complimentary methods to produce bar codes of the data.”

SigniFlow offers two solutions, both of which extend on and secure existing boarding pass technology:

  • The Full Package solution: SigniFlow integrates with the airline’s existing system. When passenger data is inputted, SigniFlow collects the data string, creates the 2D bar code (Aztec, PDF417, QR, Datamatrix), embeds the data string, then encrypts and signs with an ECC (Elliptic Curve Cryptography) certificate, after which it is sent back to the airline for the boarding ticket.
  • Data string encryption & signing: In this case, the airline continues to use its current 2D bar code generation system, and SigniFlow integrates via API to collect passengers’ data, encrypt and sign the string, and then send it back to the airline, which will embed it in the bar code.

Either way, explains Robak, the idea is to provide not only the required digital signature itself, but also encryption of the data, so that only electronic devices – terminals and readers – will have the ability to recognize authenticity, and to decipher the embedded data.

“We also provide the instruction and processes to the certified authorities for access to the public key through either a key distribution to its devices, in case of no network connectivity, or the public key to be included in their key store system where devices can access it and recognize/decode the data.”

The differentiator

Not only is the SigniFlow solution steeped in cryptography, which eliminates tampering and identity theft risks altogether, it also offers seamless integration into companies’ systems.

Because the solution allows companies to add security component to tickets without having to replace their existing systems, but rather by simply adding a new security module, it is simple and safe, and SigniFlow enables them to be compliant with several industry, national and international standards.

“Stronger policies in national security have been enforced in many countries and companies that issue tickets, whether for air travelling, other transportation methods or entertainment, also need to comply with data privacy standards, such as the GDPR. By using our solution they can target both,” says Robak.

How it works

  • Secure cloud HSM where the keys are stored
  • SigniFlow Hybrid server deployed within client control
  • Signing request issues to the SigniFlow Hybrid server
  • Verification Requests issued to the cloud HSM or to a centralized public key store

There are two main Public Key Encryption algorithms: RSA (Rivest–Shamir–Adleman) and ECC (Elliptical Curve Cryptography). While SigniFlow is compatible with both, the ECC certificate has been specifically identified by the IATA for boarding pass signing requirements.

ECC is, in simple terms, an encryption algorithm with higher capacity and lighter weight than the RSA encryption algorithm, which means you need less bits to for stronger keys. Because the keys are smaller, it means it needs less processing, leading to better efficiency and lighter “documents”. For example, the most commonly used RSA encryption algorithm size is the 2048 bit keys, which is the equivalent in security and strength to a 224 bit ECC key.

To find out more about SigniFlow’s cryptography-based solutions, visit www.signiflow.com or contact us on the relevant number below:

International Contact Centre: 002710 300 4899

South Africa: +27(0)11-516-9403

Americas: +1-603-717-4248

United Kingdom: +44(0)208-611-2681

 

[REFERENCES]

  1. IATA – Technical Peripheral Specifications
  2. US Department of Homeland Security – Credential Authentication Technology/Boarding Pass Scanning Technology
  3. IATA – Airlines Complete Move to Bar-Coded Boarding Passes
  4. IATA – Passenger Services Conference Resolutions Manual
  5. Red Goat – The Not-So-Secret Life of Boarding Passes
  6. Tech Target – Personally Identifiable Information
  7. Wikipedia – Boarding Pass
  8. com – Ticketprinting.com Security Features
  9. Wandera – Are Airlines Putting Your Data at Risk?

Local digital signature company cements global alliance

itologo

Posted by IT Online on 19 November 2018.

 

South African-born digital signature and workflow solution, SigniFlow, offering socially responsible product for business process automation, has landed on American shores.

A woman-owned small business based in New Hampshire, SigniFlow Americas is a member of the New Hampshire Tech Alliance, an affiliation committed to nurturing a technology ecosystem by building partnerships, enhancing knowledge, and shaping public policy.

The woman behind the new digital signature solution is Laila Robak, a Brazil-born entrepreneur with a passion for information technology and the power it has to transform and improve lives.

“We are very excited about the launch of SigniFlow Americas, and with Laila at the helm, this business is destined for greatness. We are proud to welcome all our Americas customers and partners to the global SigniFlow family,” says Leon van der Merwe, director of digital technologies at SigniFlow.

SigniFlow delivers enterprise-grade on-premise, private cloud and cloud solutions with a high level of integration, allowing companies to customise the solution to suit both their specific needs and their budgets. The solution provides legally valid digital signatures (cryptographic e-signing) and accepts digital certificates from almost any e-identity provider, publicly trusted certificate authorities (CAs) and privately signed public key infrastructures (PKIs).

Robak comments: “SigniFlow is a solution that can revolutionise business processes. It has various APIs that give us flexibility to create and integrate with existing systems and platforms, allowing organisations to choose from a range of options, from cloud to local deployments and hosted environments, and to use a mix of digital and electronic signatures – all while guaranteeing the legal validity of documents.”

Introducing our new self-service support hub for API customers

Featured

API integrationpbVerify has created an API development portal with tools that could help save days in developing time.

In our ongoing quest to optimise business operations, fine-tune digital processes and, ultimately, make our customers’ lives easier, pbVerify has added a developer’s portal for our API customers.

An easy-to-use set of tools for developers, the API Development Portal offers a library of API integration documents and general information, as well as means to test each of the API services we offer.

The new API developer’s portal allows all pbVerify API clients with valid account credentials, to access our user-friendly Swagger interface for all RESTful  Web services.

The main function of the interface is to allow API customers to test the RESTful/JSON services they have access to, giving developers access to online documentation and an instant understanding of how to integrate, and to see the JSON responses and payloads they will get from each  Web service. Using pbVerify’s new Development Portal, customers can now:

  1. Test RESTfull/JSON services live with built-in testing tool per API call.
  2. Import all RESTful/JSON services into postman with pbVerify’s Swagger file.
  3. View all extended Web services documentation.
  4. View Terms and Conditions.
  5. Directly contact Development support.

The face of pbVerify’s  Service-oriented Architecture (SOA) program, the API Development Portal aims to provide a top-class developer experience for our Web services.

NOTE: API tools are currently only available for REST/JSON services. Certain pbVerify products, such as Consumer Credit Check and Bank Code Verification are still in our SOAP service. Documentation for these will need to be obtained from pbVerify’s support service.

Geospatial tech solves FICA, KYC challenges

Featured

geospatial image.PNGpbVerify’s ground-breaking KYC API transforms laborious manual processes into fast, effective and secure verification.

In our ongoing quest to build a digital future based on holistic online solutions to help our clients maximise operational efficiency, pbVerify has developed a Digital KYC API like no other.

Designed for institutions accountable to the Financial Intelligence Centre Act (FICA) – specifically its know your customer (KYC) requirements – our Digital KYC API (application programming interface) takes the pain out of the on-boarding process for both accountable institutions, and their customers.

pbVerify’s API transforms an onerous, time-consuming and expensive manual process into a convenient, fast-moving and inexpensive online one.

KYC hurdles

KYC, a risk-based assessment of customers (individuals and businesses), is an integral part of FICA which makes it incumbent on accountable institutions to carry out extensive due diligence on all financial services applicants.

This typically involves a list of documents, including minimum requirements such as proof of residence and proof of identification for individuals; and evidence of shareholding, director information and company history for businesses  (either originals, or sighted by an institution employee).

Steeped in red tape and paper documents, the manual KYC process has long been the bane of institutions and potential customers alike. Not only is it costly and time-consuming, it can be incredibly frustrating, given South Africans’ unique circumstances.

Moonstone, a Stellenbosch-based independent support network for financial service providers, cites residential transience and “an inefficient postal service” as aggravating factors in the KYC process.

API answer

Instead of spending unnecessary time and money trying to acquire the list of documents and physical verification required by FICA’s KYC rules, financial institutions can now – by running pbVerify’s Digital KYC API – get identification and residential verification directly from the HANIS (Home Affairs National Identification System) and SACRRA (South African Credit & Risk Reporting Association) databases, respectively, instantly and online.

Coupled with advanced algorithms, which were built to eliminate all the challenges South African address databases face, this makes pbVerify’s latest solution the most powerful one on the market.

In a nutshell, the KYC API works like this:

  1. Applicant requests an account with a registered credit provider.
  2. Applicant completes the credit provider’s online form, linked to the pbVerify KYC API.
  3. Applicant’s identification information (names and ID number) are instantly verified against the HANIS database.
  4. Applicant’s address (residential information) is verified against the SACRRA database, based on two parameters set by the credit provider, i.e. over what period – 3, 6, 12, 24 or 36 months; and how many address matches required, obtained from other credit providers.
  5. If the Digital KYC API returns the applicant’s address data as matching the database, as per credit provider’s criteria, the system automatically approves the KYC process.
  6. The system sends a response to the compliance department, indicating whether or not the consumer is FICA compliant.

API differentiator

What sets pbVerify’s KYC API apart from other digital KYC verification products on the market, is the advanced method is uses to not only effectively, but to irrefutably verify applicants’ information.

Our API uses geospatial technology, as well as multi-paradigm geodistance algorithms, to determine and compare address data between data received from applicants, and data on file from at least one hundred registered credit providers across South Africa.

Essentially, our technology loops through credit provider data to find similar address matches, within the said specified time parameter (3 to 36 months), within a few metres of the pinned geolocation of the applicant’s input.

One of the biggest challenges in South Africa when it comes to address verification by credit providers, is the fact that many citizens live in townships and townhouse setups, where the address does not conform to the standard street address format.

To overcome this challenge, pbVerify’s algorithm pinpoints the applicant’s address via geospatial location, strips all anomalies and/or conflicting information from the address, and finds other credit providers that have similar address details. Only if these are also within a few metres of the applicant’s original input, will the API accept the address and report the credit provider sources where it was found.

In other words, only if enough data exists to satisfy your unique KYC requirement-settings, will the API return positive results, together with the source of the data matches, e.g. Vodacom, Edgars, FNB Home Loans, etc.

Apart from the immediately evident advantages of replacing manual with digital – primarily time and cost savings – pbVerify’s Digital KYC API underpins POPI (Protection of Personal Information) Act compliance, it adds another dimension in terms of security, and it removes the probability of human error.

 

[REFERENCES]

  1. gov.za – Financial Intelligence Centre Act, 2001 (Act No. 38 OF 2001)
  2. Financial Intelligence Centre – The FIC Act
  3. Financial Intelligence Centre – Frequently asked questions
  4. Moonstone – KYC– Knowing your client or killing your client?
  5. FNB – KYC/FICA information portal
  6. Investec – KYC Requirements

 

The future of digital onboarding is here

Featured

An integration between two of pbDigital’s software platforms makes it possible for financial institutions to digitally onboard customers in record time.

A recent integration between SignFlow and pbVerify has created a platform for digitally onboarding customers that is about to change the way credit is granted –in terms of risk management, compliance and convenience.

Although pbVerify has offered digital onboarding – an advanced customer activation product designed for financial institutions – for some time, never has this tool been as powerful as it is now, with the incorporation of SignFlow digital signatures.

Digital onboarding was introduced specifically to A) improve the customer experience by making it easier for them to activate and use financial services products, and B) give financial institutions a more secure and scalable means of growing their business.

That said, it makes no sense for institutions and their customers to have to switch back to manual halfway through the digital process of onboarding, to finalise the process with signatures – the old way of doing things.

Since pbDigital is all about innovation, meet the new way of doing things…

Now, with pbVerify’s integration with SignFlow, you can say goodbye to the expensive and onerous manual methods associated with finalising the process of customer onboarding – printing of forms, signing by hand, scanning, uploading and emailing – and say hello to a new fast and fail-safe system that allows institutions to onboard customers entirely online, in a fraction of the time and at a fraction of the cost.

No longer do red tape and geographical circumstances play a part in how long it takes to finalise the onboarding process. With SignFlow, it is simply a case of sending the completed online form to the designated signatory or signatories for approval – all via a secure, legal online platform. No more physical records, no more running around, no more waiting – and, most importantly, no more jeopardising of customer data.

Compliance & security

In today’s legal milieu, with the Financial Intelligence Centre Act (FICA) of 2001 and the Protection of Personal Information (POPI) Act of 2013 binding businesses to stricter data protection criteria than ever before, there is no margin for mistake.

With pbVerify and SignFlow behind your onboarding process, FICA and POPI compliance concerns are a thing of the past.

These software platforms – now integrated into one seamless onboarding solution – offer financial institutions an efficient and guaranteed means of making sure business processes and IT systems comply with the law when dealing with customer data.

 

This is how our new onboarding solution works, in a nutshell:

Front-end: Customer Online App

  1. The customer fills out pbVerify’s intelligent digital onboarding form (complete with auto-population and including Home Affairs/CIPC verification, as applicable).
  2. Details of the designated signatory or signatories (approver/s) are entered.
  3. The signatory/signatories are notified pbVerify has received a customer activation form, of which they are the listed party/parties responsible for sign-off.
  4. The said party/parties follow the link provided, and sign the application form online using SignFlow.
  5. The application process is complete.

Back-end: Admin/Credit Control

  1. Once the customer has completed the application, admin/credit control will get notified of a pending application and can log in to the admin portal, in order to run the required credit and compliance checks.
  2. The digitally-signed agreement/contract can be downloaded online for review and compliance validity confirmation.
  3. If required, different checks can be generated such as CIPC, Bank Code Updates and Full Credit reports.
  4. Once checks are done, the system can notify the relevant department of the application status and pending credit facility.

NOTE: All internal checks are scoped according to customer-specific scope and requirements. This is all customisable, according to business’ specific needs.

Welcome to the future of digital onboarding – an error-free, fast, secure way of procuring new customers.

 

ABOUT OUR COMPANY

pbVerify and SignFlow are products of pbDigital, a division of customer communications firm PBSA.

About pbDigital

pbDigital is the software division of PBSA, which specialises in a range of software products designed to help clients communicate more efficiently with their customers.

pbDigital’s software offerings can be classified according to the following categories:

  • eSign document workflow, digital signature and PKI integration solutions (SignFlow https://www.signflow.co.za/)
  • Credit risk management, data & credit bureau API integration and customer on-boarding
  • Enterprise content and document management
  • Business process automation software with multi-channel output tools and workflow

 

About PBSA

With a rich history of innovation dating back over 90 years, PBSA (formerly Pitney Bowes SA) is a leading customer communications company, offering software, equipment and services to help companies improve operational efficiencies and connect with their customers in more meaningful ways.

Based in Midrand, Gauteng, PBSA understands both hardware and software solutions and is optimally positioned to provide a secure, committed support infrastructure to its Southern African customer base. The company’s solutions help companies engage customers, gain business insight, manage document workflow and ultimately optimise overall business performance.

PBSA believes innovation and growth go hand-in-hand with long-held ideals such as collaboration, integrity and accountability.

PBSA embraces the fast-changing world of technology, which today sets the tone for the business going forward. The company has transformed – and continues to transform – from a purely paper-based to an integrated digital business that serves the market through its own time-honoured patented technology and an extensive network of channel partners.

Everything the company does has one goal – to help its clients communicate more effectively with their customers.