Webinar Recap: Startup Security - Your Guide to Fraud Prevention

On October 3rd, 2023,  Smile ID and the Paystack team joined forces to bring together a team of experts to explore critical insights on protecting African startups from fraud attacks.

In this session, our security and compliance experts discussed the delicate balance between easy onboarding and fraud prevention, building solutions with compliance at the core, and how internal and external teams can work together to safeguard your business.  

Here are some key takeaways from this session to help protect your businesses.

When building accessible and secure onboarding, understanding your customer is critical. 

You want to ensure every user you’ve worked hard to acquire onboards successfully, but fraud prevention tactics are bound to introduce some friction. When building an onboarding journey, understanding your customers is pivotal. Take the time to understand what concerns them and how they interact with your product. By identifying their needs and worries, you can develop solutions that seem easy to them, even when putting up barriers to entry.

Engage with your customers directly to understand their goals and expectations. Analyse your onboarding data to fine-tune the user experience. Ope Kufoyini " - Product Manager, Smile ID

While keeping your unique customer in mind, our panellists shared some common strategies you could adopt to help strike a balance between a secure and user-friendly onboarding experience. 

• Adopt a progressive profiling approach: Progressive profiling means collecting information from users incrementally, requesting only what is necessary at each stage. Tailor the data you seek to the level of risk associated with the type of account users intend to open. This strategy minimises friction in the onboarding process while maintaining essential security measures.

   

• Use trusted sources to fill in the blanks: When adopting a progressive profiling approach, use a reliable data source to help populate customer information. When a user provides limited info, like a name or ID number, augment it by retrieving additional details from a trusted ID authority. This not only streamlines the process but also enhances data accuracy.

   

• Write clear instructions: Provide crystal-clear instructions to your customers during the onboarding process. Transparency is key. When users understand what to expect, they are more likely to cooperate and provide the required information.

For example, users should know beforehand that they need a valid ID, the ID types accepted, and they should be ready to take a selfie. When they know this before starting the process, their tendency to stop midway through their onboarding process reduces.

• Use technology to make your users' tasks easier:  Computer vision tools like Optical Character Recognition (OCR) can pull text off documents, and facial biometrics can be used to verify the user. Implementing these into your onboarding flow reduces the textual information your user needs to type in. Adding a layer of security and simplifying the user's process simultaneously.

   

• Practice risk-based authentication: Take advantage of risk-based authentication further along the user journey. When unusual activity is detected, such as unexpected transactions or actions inconsistent with typical behaviour, you can employ secondary checks to ensure that the user interacting with your platform is genuine. This reactive measure maintains security without disrupting the user experience when onboarding.

Compliance must be at the core of your operations.

Legislators set KYC and AML regulations for a reason: they provide good guidance on what practices you can implement to prevent fraud. Ingrid Ndlovu, Customer Success Lead at Paystack, highlighted that Paystack's approach to fraud prevention begins by integrating compliance into the core of its business operations, establishing a solid foundation that aligns every action with regulatory requirements and data protection.

To do this, she emphasised that you must start by understanding the legislative requirements relevant to your industry and location, arming yourself with the knowledge needed to steer your compliance efforts. Then, weave these legal prerequisites into your onboarding process, clearly communicating your dedication to compliance and user data protection from the outset. Once the precedent is established, she advised incorporating an “adaptive compliance” mindset. Legislation is not static;  be prepared to adapt your practices to comply with current regulations.

To ensure these measures are effective fraud deterrents, implement audit assessments against the specific risks relevant to your business.

Fraud risk management requires dedication from internal employees and advice from expert partners.

While everyone in your organisation needs to be trained on fraud risk management and understand how their roles contribute to safeguarding the organisation, some key players within your organisation should spearhead your fraud prevention efforts.

At Paystack, their Fraud Risk team plays a pivotal role in shaping the organisation's approach to mitigating fraud. Comprised of a review team, dispute team, and compliance team, they provide comprehensive insights that inform product and strategy decisions related to fraud risk.  For example, before launching any new product, they conduct a pre-mortem risk assessment- scrutinising potential risks and devising strategies to mitigate them. By proactively identifying risks and developing preventive measures, the organisation takes an active stance against potential threats.

In cases where a smaller business may not have a risk management team, outsourcing can be a viable option. Collaborating with a verification partner like Smile ID or a screening provider can offer specialised expertise in fraud risk management, thereby bolstering the organisation's defences.

Paystack's commitment to holistic fraud risk management extends to startups as well. Through Paystack Catalyst, the organisation offers discounts and credits to startups, granting them access to third-party tools that can aid in the early stages of their business. This support not only promotes the growth of emerging businesses but also enhances their ability to address fraud risks effectively. " - Jemima Kenyanjui - Product Lead, Paystack

Want to learn more about protecting your startups from bad actors and staying compliant?  You can talk to an expert here.