Know Your Customer, Why It’s Important

Posted inCyber Security, Information Security, Security

Often, when you hear the words “know your customer,” you think about customer service representatives verifying identity before giving out personal account information. Banks, credit card companies and other financial institutions will ask a plethora of questions before divulging information. Utility companies, retailers and anyone who processes credit card transactions will ask a set of verification questions as well. But “know your customer” doesn’t just protect consumers’ sensitive information, it also protects the company from a potential cyber attack.

It’s important to practice cyber security with customer due diligence. In general, the more access that you gain into any company, the more successful you can become at a hack. Gaining access can be done by infiltration, which can happen with a bad inside actor. For example, if you’ve ever watched a spy movie, it is common for the criminal to gain access to a building by getting a job at a business located there, or posing as a vendor. Once inside access has been gained, getting to other parts of the building becomes much easier.

It works the same way with a cyber attack, which is why businesses must verify all people who enter their place of operations. It is common for some businesses to have vendors, sales people, interviewees and clients in and out of their building all day long. Someone invariably rolls out the red carpet for some of these people, giving them access to conference rooms and possibly access to WiFi. They are provided with information and documentation and assume that it’s protected because it’s under an NDA, when that may not actually be the case because that won’t stop a criminal.

Similarly to gaining access to a building, when a hacker has access to your WiFi, every machine on the network becomes exposed. So it is really important to verify that people are who they say they are. Be wary of potential new-hires who are too interested in the particulars of your stack and what you are doing. Same with clients, it is extremely important to have due diligence when embarking on journey with a new customer. Verify that the person is who they say, that they actually work for the company they supposedly represent, that they are qualified and have permission to sign an agreement.

Customer verification is vital to the security of your business, as well as deep employee verification. When you are making accounts for systems and giving people access, you must know that they are credible and legitimate. It goes back to what was stated above, once someone gains access, getting deeper access becomes much easier. On top of that, you want to ensure that you are not accepting or taking out money that has a criminal origin.

There are a few ways you can verify someone is who they say they are. Obviously, if they are in front of you with a state or federally acceptable form of identification, you can verify they are who they say they are. If you are unsure if a state ID or passport is real, there are websites you can use to see what each state ID looks like, the markings it has, holograms and watermarks, etc. Once someone is verified in person, you can send them a private link to set up an account later. There are methods where you can allow people to upload licenses or photos of themselves holding a license. There are companies you can contract with to do light background checks on people to ensure they are who they say they are, that they have not been convicted of certain felonies.

There are ID solutions that are in use with banks and insurance companies, for example, which allow them to verify identities. A licensed photo as well as a separate photo needs to be uploaded so a comparison can take place. There could be a comparison against databases, the license is read to look for anything out of the ordinary and to ensure that the record matches the person, the license hasn’t been flagged previously, etc.

Still, as good as these systems have become, nothing it going to out perform a deep manual verification process. When you are dealing with a product that is high security, or if you’re bringing people into the office where they’re going to see things they normally wouldn’t see, you really need to have physical eyes on the verification process. Deeper due diligence is crucial in certain cases, and while most of these processes are all automated anyway, ensuring that a trusted person within your organization makes the final decision is really important.

Know your customer plays a big role for businesses for a lot of reasons, cyber security is one of them. Even if you’re using an ID system and online background checking, creating a deeper level of due diligence is important. Going through a full background check to ensure that the person you’re dealing with is who they say they are is vital before giving access to your business facilities or account information. Protect yourself and your business. Make sure you truly know your customer before granting access to any sensitive and proprietary information.

About the Author

PWV Consultants is a boutique group of industry leaders and influencers from the digital tech, security and design industries that acts as trusted technical partners for many Fortune 500 companies, high-visibility startups, universities, defense agencies, and NGOs. Founded by 20-year software engineering veterans, who have founded or co-founder several companies. PWV experts act as a trusted advisors and mentors to numerous early stage startups, and have held the titles of software and software security executive, consultant and professor. PWV's expert consulting and advisory work spans several high impact industries in finance, media, medical tech, and defense contracting. PWV's founding experts also authored the highly influential precursor HAZL (jADE) programming language.

Contact us

Contact Us About Anything

Need Project Savers, Tech Debt Wranglers, Bleeding Edge Pushers?

Please drop us a note let us know how we can help. If you need help in a crunch make sure to mark your note as Urgent. If we can't help you solve your tech problem, we will help you find someone who can.

1350 Avenue of the Americas, New York City, NY