For users with a KYB and/or KYC provider integration enabled, the BAO Back Office provides evaluations for each individual or business party included in the application. Using the Parties tab, you can view each party's evaluation within the Know Your Business or Know Your Customer section. BAO supports integrated KYB/KYC functionality from the following service providers:
-
Alloy (KYB/KYC)
-
LexisNexis (KYB)
-
Socure (KYC)
Note
Each of these providers has a unique feature set. Work with your BAO representative to determine which provider best meets your FI’s needs.
You can use integrated Alloy functionality to verify all parties/entities included in a business account application. The following chart details the flow of an application through the BAO portal using Alloy as your KYB/KYC provider.
Each party/entity sent to Alloy for verification goes through a specific set of workflows, called a Journey. Using Journeys, your FI can configure multiple workflows to automatically run in sequence, without having to do any manual processing. Refer to Journeys Overview in the Alloy documentation for more information on creating a Journey or a Workflow.
The following chart demonstrates the Journey for BAO applications.
You can re-run Alloy Journeys (using the Re-Run Alloy KYB/KYC option in the Actions dropdown) and run applicants in the Parties section through Alloy KYB/KYC through the Know Your Business and Know Your Customer sections of a BAO application.
Within BAO, each field in the Details tab is populated from data received in the responses from Alloy. The following sections provide details about the Alloy information displayed in the BAO Back Office.
Within this section, there are two types of "completed_evaluation": one evaluation identifies whether the evaluation for the party is complete (Party outcome), while the other evaluation identifies if all parties' outcomes are complete (Complete Outcome). Both the Party outcome and Complete Outcome fields list whether the party/application was approved, denied, or sent for manual review. After all of the KYB/KYC policy conditions in BAO have been Satisfied (meaning all of the party evaluations are approved), then the Complete Outcome will be marked as approved.
The KYB/KYC Details section contains specific values returned for each party/entity in the Alloy evaluation response. You can access and review each entity’s information within each BAO application or on the Alloy website.
For more information, refer to the Understanding the Entities page within the Alloy documentation.
2A — Vendor
This value displays the KYB/KYC vendor your BAO instance is integrated with.
2B — Group Token
This value, always prepended with “G-“, is the value that identifies all of the parties involved in an Alloy Journey.
2C — Entity Token
This value, prepended with a “P-“ for persons and a “B-“ for businesses, is the unique value representing the party/entity within the Alloy system.
2D — Evaluation Token
This value, prepended with a “L-“ for live data or with an “S-“ for sandbox (test) data, is the unique value representing the evaluation results within the Alloy system.
2E — Status
This value will be completed for all queries that have successfully returned an evaluation response.
This section contains the full raw response returned from the call to Alloy for each party/entity.
Tip
Alloy includes detailed analytics on evaluations that have been performed. For more information, refer to Evaluation: Analytics Overview in the Alloy documentation.
Q2 BAO allows for integration with LexisNexis Business InstantID. InstantID compares your business data to public records and proprietary identity data. By considering name or address changes and data input errors, the comparison logic can help reduce false positives and improve accuracy. You can configure certain search options to best suit your needs.
InstantID validates the following input data:
-
Issued SSN/FEIN/EIN
-
Legitimate address
-
Dialable phone number
-
Date of birth
-
Driver license number
InstantID verifies that the following input data belongs to a single identity:
-
SSN/FEIN/EIN is linked to the name and address
-
Phone number is linked to the name or address
-
Name is linked to the address
-
Address is the current address
-
DOB is linked to the name
InstantID identifies compromised or suspicious identities, such as:
-
Multiple identities associated with a single SSN or address
-
SSN deceased or issued prior to the date of birth
This page displays the information returned from the Know Your Business query and includes the following information:
-
Business Verification Summary—The summary of the KYB Request is displayed. For example, the input business name, address, phone, and FEIN are verified on a business record.
-
Score Reason Codes—The Reason Codes and their corresponding descriptions are displayed in this section.
-
Indicators—The following risk indicators are displayed in this section:
-
Name Mismatch
-
FEIN Mismatch: FEIN (Federal Employer Identification Number)
-
Residential Business
-
Global Watchlist Indicator
-
Address Mismatch
-
TIN Mismatch
-
OFAC: Optional results from a check of OFAC (Office of Foreign Assets Control) and other government screening lists.
-
PEP: Politically Exposed Person is an individual with a prominent public post or a public function. The PEPs fall under the category of high-risk customers by the financial institutions and thus need additional KYC.
-
Phone Number Mismatch
-
For more information, refer to the LexisNexis documentation.
Once contracted with Socure, Q2 BAO will create a sub-account and users for the financial institution in the Socure dashboard at https://admin.socure.com/. This dashboard will provide an overview of the decisioning for every one of the applicants that come in using the Q2 BAO process.
Socure’s ID+ service uses data points such as name, physical address, phone number, email address, IP address, and other information to confirm that an identity belongs to the person entering it, and to what extent that identity poses any potential fraud risk.
The following information is sent to Socure ID+:
-
First name of the primary and/or other business party
-
Last name of the primary and/or other business party
-
Address of the primary and/or other business party
-
City of occupancy for the primary and/or other business party
-
State of occupancy for the primary and/or other business party
-
ZIP of occupancy for the primary and/or other business party
-
Country of occupancy for the primary and/or other business party (always sent as “US")
-
Social Security Number of the primary and/or other business party
-
Date of birth of the primary and/or other business party
-
Email of the primary and/or other business party
The Know Your Customer (KYC) module in SocureID + performs the checks to confirm the name, address, DOB, SSN, and phone number and provides a Boolean indicator of whether provided information was verified or not. KYC also sends back reason codes which led to the results provided.
The Sigma Fraud module in Socure ID+ returns a Sigma Fraud Score which is a number between 0 and 1 that helps predict the probability that the identity being presented is fraudulent. Larger scores indicate higher risk. The Sigma Fraud score is a three-decimal number (0.001 to 0.999). With Standardized Scores, 0.990 always represents the top 1% of the riskiest applicants (0.980 represents the top 2%, 0.950 the top 5%, etc.).
The Email Risk module in SocureID+ returns an Email Risk Score and an Email Correlation Score. The Email Risk Score provides a risk analysis of the email address based on predictors. The optional Email Correlation Score indicates the connection strength between the email address and the identity presented.
The Phone Risk module in SocureID+ returns a Phone Risk Score and a Phone Correlation Score. A Phone Risk Score provides a risk analysis of a phone number based on Socure's proprietary predictors. The optional Phone Correlation Score predicts how strongly the identity presented belongs to the phone number supplied.
The Address Risk module in SocureID+ returns an Address Risk Score and an Address Correlation Score. An Address Risk Score is calculated by analyzing predictors such as single- or multi-unit designation and suspended mail activity. The Address Correlation Score, available as an option, provides a score indicating how strongly the identity presented belongs to the address supplied.
Global Watchlist for ID+ leverages a team of compliance and risk experts, engineers, data scientists, and sophisticated analytic techniques with continuous improvement feedback loops to verify the involvement of entities considered to pose a high risk of money laundering, terrorism, corruption, drug trafficking, or other criminal activity in account opening or transactional flows.
Socure maintains an Alert List of known fraudulent users and specific identifying traits, as reported by Socure and its customers. Submitted data is checked against that list according to variable matching logic and processing.
The Decision module returns a simple, interpretable recommendation for a transaction based on an underlying logic that defines intermediary outcomes when certain criteria are met. If the recommended decision is reviewed, resubmit, refer, or reject, the reason codes and scores, if applicable, that triggered the decision are displayed.
-
Recommendations—The type of KYC and the respective recommendations are displayed, allowing for decision-making processes in the system. The decision module displays a simple interpretable recommendation for a transaction.
-
Scores—The scores related to the Email Risk, Address Risk, Phone Risk, Global Watchlist, and Alert List modules are displayed. A Score is a number between zero to one that helps predict the probability that the identity being presented is fraudulent. Larger scores indicate higher risk.
Note
Socure maps the Score to a two-decimal number (0.01 to 0.99).
-
Reason Codes—The Reason Codes and their corresponding descriptions are displayed in this section.
-
Social Security Details—The SSN-related details are displayed such as SSN Issue Date, SSN Issue Year, and SSN Status.
-
Indicators —The following risk indicators are displayed in this section:
-
Name Mismatch
-
FEIN Mismatch (Federal Employer Identification Number)
-
Residential Business
-
Global Watchlist Indicator
-
Address Mismatch
-
TIN Mismatch
-
OFAC—Optional results from a check of OFAC (Office of Foreign Assets Control) and other government screening lists.
-
PEP—A Politically Exposed Person is an individual with a prominent public post or a public function. The PEPs fall under the category of high-risk customers by the financial institutions and thus need additional KYC.
-
Phone Number Mismatch
-
To test the Socure integration, please navigate to the following link when your financial institution has access to the Socure portal (when someone is issued a login); however, please note your financial institution can generally use most fake data to trigger an “accept” response by the Socure sandbox decisioning: https://developer.socure.com/guide/sandboxtest.
For more information, refer to the Socure documentation.