I run in circles that use the acronym KYB, or “Know Your Business.” But I realize that many of you don’t use this acronym every day, so I thought I would explain it.
Let’s say that you encounter a business such as ByteDance or HiveLLM or Lorem Ipsum and you want to know more about it.
“KYC and KYB let companies make sure they’re dealing with real people, and that the business is legitimate and not a front for another company—or for a drug cartel or terrorist organization.”
Even if you’re not dealing with extremist terrorists, you may want to have a better understanding of where the business is and/or who runs the business. Remembering that the legal owner of the business may not be the one who is actually operating it. For example, the Mob Museum documents the original ownership of the late Tropicana Hotel in Las Vegas:
“Miami hotelier Ben Jaffe (part owner of the Fontainebleau in Miami Beach) owned the land on which the casino would sit, but Conquistador Inc. would build and operate the resort.
“It just so happened that Conquistador’s owner, “Dandy” Phil Kastel, had a long and fruitful partnership with Frank Costello, perhaps the nation’s most infamous gangster in the spring of 1957…. And it almost goes without saying that most ‘Miami hotel men’ who came to Las Vegas in this era were more than familiar with Meyer Lansky, another famous gangland name.”
Unfortunately for Costello, people soon knew HIS business:
“On May 2, 1957, while entering a New York apartment building, Costello was shot and wounded by Vincent “the Chin” Gigante on orders from rival Mafia boss Vito Genovese. Written on a piece of paper found by police inside Costello’s coat pocket was the exact gross win from the Tropicana as of April 27, 1957 — $651,284, less $153,745 in markers (loans to players), with the proceeds from slot machines at $62,844. The note mentioned $30,000 for “L” and $9,000 for “H,” likely money to be skimmed on behalf of Costello’s underworld partner Meyer Lansky and perhaps for Mob-connected Teamsters union boss James Hoffa. It was a big national news story.”
It’s best to know your business BEFORE it’s splashed all over the media.
“Beyond the five wire fraud counts, the grand jury also indicted him on one count of falsifying documents related to a campaign flier. The mailer from “Conservatives for Dennis” endorsed Flanagan….[He attributed] “the source of the Mailer to a false persona, ‘Jeanne Louise,'” whom he created for the endorsement….In October 2023, he admitted to OCPF that Jeanne Louise “was fake” and he was the source of the mailer.”
There is so much effort to identify voters. What about identifying the sources of political endorsements?
I’ve noticed that my LinkedIn posts on jobseeking perform much better than my LinkedIn posts on the technical intricacies of multifactor identity verification.
But maybe I can achieve both mass appeal and niche engagement.
Private Equity Talent Hunt and Emma Emily
A year ago I reposted something on LinkedIn about a firm called Private Equity Talent Hunt (among other names). As Shelly Jones originally explained, their business model is to approach a jobseeker about an opportunity, ask for a copy of the jobseeker’s resume, and then spring the bad news that the resume is not “ATS friendly” but can be fixed…for a fee.
The repost has garnered over 20,000 impressions and over 200 comments—high numbers for me.
It looks like a lot of people are encountering Jennifer Cona, Elizabeth Vardaman, Sarah Williams, Jessica Raymond, Emily Newman, Emma Emily (really), and who knows how many other recruiters…
…who say they work at Private Equity Talent Hunt, Private Equity Recruiting Firm, Private Equity Talent Seek, and who knows how many other firms.
If only there were a way to know if you’re communicating with a real person, at a real business.
KYC and KYB let companies make sure they’re dealing with real people, and that the business is legitimate and not a front for another company—or for a drug cartel or terrorist organization.
So if a company is approached by Emma Emily at Private Equity Talent Hunt, what do they need to do?
The first step is to determine whether Emma Emily is a real person and not a synthetic identity. You can use a captured facial image, analyzed by liveness detection, coupled with a valid government ID, and possibly supported by home ownership information, utility bills, and other documentation.
If there is no Emma Emily, you can stop there.
But if Emma Emily is a real person, you can check her credentials. Where is she employed today? Where was she employed before? What are her post secondary degrees? What does her LinkedIn profile say? If her previous job was as a jewelry designer and her Oxford degree was in nuclear engineering, Emma Emily sounds risky.
And you can also check the business itself, such as Private Equity Talent Hunt. Check their website, business license, LinkedIn profile, and everything else about the firm.
But I’m not a business!
OK, I admit there’s an issue here.
There are over 100 businesses that provide identity verification services, and many of them provide KYC and KYB.
To other businesses.
Very few people purchase KYC and KYB per se for personal use.
So you have to improvise.
Ask Emma Emily some tough questions.
Ask her about the track record of her employer.
And if Emma Emily claims to be a recruiter for a well-known company like Amazon, ask for her corporate email address.
Currently, passengers must verify their identity at multiple checkpoints throughout a single journey, leading to delays and increased congestion at airports. To address this challenge, Facephi has developed technology that enables identity validation before arriving at the airport, reducing wait times and ensuring a seamless and secure travel experience. This innovation has already been successfully tested in collaboration with IATA through a proof of concept conducted last November.
The idea of creating an ecosystem in which identity is known throughout the entire passenger journey is not new to Facephi, of course. I remember that Safran developed a similar concept in the 2010s before it sold off Morpho, MorphoTrust, MorphoTrak, and Morpho Detection. And I’ve previously discussed the SITA-IDEMIA-Indico “Digital Travel Ecosystem.”
But however it’s accomplished, seamless travel benefits everyone…except the terrorists.
This ad displayed in a smartphone game I was playing and linked to a downloadable app in Apple’s App Store. Possibly Google’s and Samsung’s official stores offer this app also.
You know, the authorized places to get apps—for our own protection.
So what’s the big deal about “no KYC” apps? CoinLedger explains. Note: this post is constantly updated to reflect regulatory changes. The text below was captured this morning.
“KYC stands for Know Your Customer. This refers to a set of standards and regulations that allow financial institutions to verify a customer’s identity. KYC laws were originally put into place to protect against money laundering and terrorist activity.
“Exchanges that abide by KYC policies will ask you for information like your name, address, and a copy of government-issued ID upon signup….
“MexC is a cryptocurrency exchange founded in 2018 and headquartered in Seychelles.
“You can get started using the platform with no KYC. However, MecX does require KYC for certain types of transactions, such as crypto-to-crypto and derivative trades.
“For years, MexC was one of the most popular no KYC exchanges in the United States. However, MexC stopped offering services to US customers in 2023. Trying to get around this restriction with a VPN may lead to you losing access to your crypto.”
News about iProov. According to Metropoler, the company discovered a dark web group in Latin America.
The group is
“amassing a substantial collection of identity documents and corresponding facial images, specifically designed to defeat Know Your Customer (KYC) verification processes. Rather than traditional theft, these identities may have been obtained through compensated participation, with individuals willingly providing their image and documentation in exchange for payment.”
To uncover such fraudulent activity, a mere government ID to selfie comparison is not enough, since both are from a real person. You need more sophisticated checks such as liveness detection, which iProov offers. You can find iProov’s ISO 30107-3 Presentation Attack Detection Level 2 confirmation letters on iBeta’s page.
But why?
Why would anyone sell their identity, either legitimately (to the World ex Worldcoin folks) or illegitimately (to this dark web outfit)?
Sadly, desperation. If you have a basic need to eat, who cares who is using your ID and what they’re doing with it?
As some of you know, AML stands for Anti-Money Laundering. It ensures that money given to Johnny Angel doesn’t end up in the hands of Vladimir Putin. This impacts financial institutions:
“Banks had to follow government regulations (know your customer, anti-money laundering, know your business), even in the midst of a worldwide pandemic.”
But AML goes far beyond banks because of its national security implications. Which means the military has to get involved.
Therefore DARPA has entered the picture, with its Program Announcement (posted on SAM as DARPA-SN-25-23) for something DARPA calls “Anticipatory and Adaptive Anti-Money Laundering,” or A3ML.
“The program seeks to develop sophisticated algorithmic methods that can analyze financial transaction graphs and detect suspicious patterns more effectively than existing manual processes. This initiative represents a significant shift towards proactive and predictive financial crime detection methodologies.”
Of course, the introduction of the word “predictive” raises alarm bells, based upon activities outside of banking. At best, police potentially waste a lot of time investigating every single broken tail light. At worst, Muslim lawyer Brandon Mayfield becomes a suspect for a crime he didn’t commit.
Hopefully the people pursuing A3ML can minimize bias.
It all started with “Know Your Customer,” a shorthand phrase used by financial institutions and related entities who need to know who their customers are.
But then various governments, industries, and entities got into the act with their own variants, such as “Know Your Business.”
I was curious about how many of these “know your” variants I’ve discussed in the Bredemarket blog. Here’s what I found:
Bank of America, Euclid Avenue, Ontario, California.
Here’s a sign of the times from Ontario, California. The sign at the end of this video appears on the door of a bank branch in downtown Ontario, and basically says that if you wanted to go to THIS branch on Saturday, you’re out of luck.
Of course, that assumes that you actually WANT to go to a physical bank branch location. Unlike the old days, when banks were substantive buildings that you visited to deposit and withdraw money, now banks can be found in our smartphones.
What locational, technological, and organizational changes have taken place at banks over the last 50 years? And now that you can open an account to buy crypto on your smartphone, does your financial institution’s onboarding solution actually WORK in determining financial identity?
Three changes in banking over the last fifty years
Over the last fifty years, banking has changed to the point where someone from 1973 wouldn’t even recognize “banking” today. Stick around to see a video from a company called “Apple” showing you how to use a “wallet” on a “smartphone” to pay for things even if you’re not carrying your “chip card.” Karl Malden would be spinning in his grave. So let’s talk about the three changes:
The locational change.
The technological change.
The organizational change.
The locational change: from stand-alone buildings to partitioned grocery store sections
When I was growing up, a “bank” (or a “savings & loan,” which we will discuss later) was located in a building where you would go on weekdays (or even Saturdays!) and give money to, or get money from, a person referred to as a teller.
There was this whole idea of “going to the bank,” perhaps on your lunch hour because you couldn’t go to the bank on Sunday at midnight, could you?
The first crack in the whole idea of “going to the bank” was the ability to bank without entering the door of the bank…and being able to bank on Sunday at midnight if you felt like it. Yes, I’m talking about Automated Teller Machines (ATMs), where the “teller,” instead of being a person, was a bunch of metal and a TV screen. The first ATM appeared in 1967, but they didn’t really become popular until several years later.
For the most part, these ATMs were located at the bank buildings themselves. But those buildings were costly, and as competition between banks increased, banks sought alternatives. By 1996, a new type of banking location emerged (PDF):
The largest U.S. commercial banks are restructuring their retail operations to reduce the cost disadvantage resulting from a stagnant deposit base and stiffer competition. As part of this effort, some banks are opening “supermarket,” or “in-store,” branches: a new type of banking office within a large retail outlet. An alternative to the traditional bank office, the supermarket branch enables banks to improve the efficiency of the branch network and offer greater convenience to customers.
To traditionalists, these bank branches looked pretty flimsy. Where are the brick and (fake) marble walls that protect my cash? Heck, anyone can walk into the store and just steal all my money, right?
Well, these newfangled bank branches apparently WERE able to protect our cash, and the idea of banking right in the grocery store proved to be very popular because of its convenience.
But the changes were just beginning.
The technological change: from store sections to smartphones
As banks changed where they were located, there were technological changes also.
During the 1990s, more and more people were using home computers. As the computers and their security became more and more sophisticated, some people asked why we needed to “go to the bank” (either a stand-alone building or a partitioned area next to the cigarettes) at all. Why not just bank at the computer? So PC banking emerged.
The term “PC banking” refers to the online access of banking information from a personal computer. A solution for both personal or business banking needs, this type of financial management allows you to conduct transactions using an Internet connection and your computer in lieu of a trip to the local bank branch or the use of an ATM. PC banking enables an account holder to perform real-time account activities and effectively manage finances in a way that avoids the hassle of daytime bank visits and eliminates the postage required to pay bills by mail.
Ah yes; there was another benefit. You could use the computer to pay your bills electronically. The U.S. Postal Service was NOT a fan of this change.
As we crossed into the new millennium, the online banking ideas got even wilder. Cellular telephones, which followed a modified version of the “Princess phone” form factor, became more complex devices with their own teeny-tiny screens, just like their larger computer cousins. Eventually, banks began offering their services on these “smartphones,” so that you didn’t even need a computer to perform your banking activities.
Imagine putting the video below on 8mm film and traveling back in time to show it to a 1973 banking customer. They would have no idea what was going on in the film.
But are PC and smartphone banking secure? After all, smartphones don’t have brick or (fake) marble walls. We’ll get to that question.
The organizational change: from banks to…who knows what?
The third change was not locational or technological, but a change in terms of business organization. Actually, many changes.
Back in 1973, the two major types of banks were banks, and something called “savings & loans.” Banks had been around for centuries, but savings & loans were a little newer, having started in 1831. They were regulated a little differently: banks were insured by the FDIC, S&Ls by the FSLIC.
Everything was all hunky dory until the 1980s, when the S&Ls started collapsing. This had monumental effects; for example, this PDF documenting the S&L crisis is hosted on the FDIC website, because the FSLIC was abolished many years ago.
After savings & loans became less popular, other “banks” emerged.
Members-only associations called credit unions had started in 1864, and in the United States they had their own government-sponsored insurance, separate from the FDIC and FSLIC.
But there was one similarity between banks, savings & loans, credit unions, and payday loans. They all dealt in U.S. dollars (or the currency of the nation where they were located).
Enter the crypto providers, who traded cryptocurrencies that weren’t backed by any government. Since they were very new entrants, they didn’t have to make the locational and technological changes that banks and related entities had to make; they zoomed straight to the newest methods. Everything was performed on your smartphone (or computer), and you never went to a physical place.
Now, let’s open a financial account
Back in 1973, the act of opening an account required you to travel to a bank branch, fill out some forms, and give the teller some form of U.S. dollars.
You can still do that today, for the most part. But it was hard to do that in the summer and fall of 2020 when Bredemarket started.
Bredemarket pretty much started because of the COVID-19 pandemic, and those first few months of Bredemarket’s existence were adversely affected by COVID-19. When I wanted to start a bank account for Bredemarket, I COULDN’T travel to my nearby bank branch to open an account. I HAD to open my account with my computer.
So, without a teller (human or otherwise) even meeting me, I had to prove that I was a real person, and give my bank enough information during onboarding so that they knew I wasn’t a money-laundering terrorist. Banks had to follow government regulations (know your customer, anti-money laundering, know your business), even in the midst of a worldwide pandemic.
This onboarding process had to be supported whether you were or were not at a physical location of a financial institution.
Whether you were conducting business in person, on a computer, or on a smartphone.
Whether you were working with U.S. dollars or (as crypto regulations tightened) something named after a dog or an entire planet or whatever.
How can you support all that?
Liminal’s “Link™ Index for Account Opening in Financial Services”
Back in 2020 when I was onboarding the new-fashioned way, I had no way of predicting that in less than two years, I would be working for a company that helped financial institutions onboard customers the new-fashioned way.
At the time, I estimated that there were over 80 companies that provided such services.
According to Liminal, my estimate was too low. Or maybe it was too high.
Liminal’s July 2023 report, “Link™ Index for Account Opening in Financial Services,” covers companies that provide onboarding services that allow financial institutions to use their smartphone apps (or web pages) to sign up new clients.
Account opening solutions for the financial services industry are critical to ensuring compliance and preventing fraud, enabling companies to effectively identify new users during customer registration and deliver a seamless onboarding experience. The primary purpose of these solutions is to facilitate mandatory compliance checks, with a particular emphasis on the Know Your Customer (KYC) process.
If I can summarize KYC in layperson terms, it basically means that the person opening a financial institution account is who they say they are. For example, it ensures that Vladimir Putin can’t open a U.S. bank acccount under the name “Alan Smithee” to evade U.S. bans on Russian national transctions.
Remember how I found over 80 identify proofing vendors? Liminal found a few more who claimed to offer identity proofing, but thinks that less than 80 firms can actually deliver.
Around 150 vendors claim to offer account opening compliance and fraud solutions in banking, but only 32 (21.3%) have the necessary product features to meet buyer demands.
Now I have not purchased the entire Liminal report, and even the Executive Summary (which I do have) is “privileged and confidential” so I can’t reprint it here. But I guess that I can say that Liminal used something called the “Link Score” to determine which vendors made the top category, and which didn’t.
I’m not sure how the vendors who DIDN’T make the top category are reacting to their exclusion, but I can bet that they’re not happy.
Writing about Financial Identity
As you can gather, there are a number of issues that you have to address if you want to employ identity proofing at a financial institution.
And if you’re an identity firm or financial institution, you need to provide the right information to your customers, and write it in a way that will motivate your customers to take the action you want them to take.
Speaking of motivating customers, are you with an identity firm or financial institution and need someone to write your marketing text?
Someone with 29 years of identity/biometric marketing experience?
Someone who consistently tosses around acronyms like ABM, FRVT, KYB, KYC, and PAD, but who would never dump undefined acronyms on your readers? (If you’re not a financial/identity professional and don’t know these acronyms, they stand for anti-money laundering, Face Recognition Vendor Test, Know Your Business, Know Your Customer, and Presentation Attack Detection.)
Someone who will explain why your customers should care about these acronyms, and the benefits a compliant solution provides to them?
If I can help you create your financial identity content, we need to talk.
Bredemarket 