KYB - image - 1

Enhanced Customer Due Diligence and Beneficial Ownership

In the past, the team at GDC has written blog articles on customer due diligence (CDD) as the backbone of any Know Your Customer (KYC) compliance program to fight fraud such as money laundering. However, over the past several years, we have seen a trend of regulatory agencies putting increased pressure on financial institutions to improve their customer due diligence programs. These programs help minimize compliance violations and prevent financial crimes such as money laundering. These programs are applied to both consumers and corporate banking clients. For those customers that are deemed “high risk”, enhanced (or sometimes denoted as expanded) customer due diligence (eCDD) processes are applied.
More detailed enhanced customer due diligence is especially important for business accounts, trusts, and high-net-worth (HNW) accounts, and has become a focus for regulators, governments, and agencies to slow the funds for criminals, terrorists, and tax cheats looking to hide funds and assets to avoid detection and arrests. These programs, like regularly verifying customer identities, are also used to help firms improve their fraud detection and prevention efforts such as identity theft or financial fraud. This is an ever-growing problem as companies do more and more transactions through multiple digital channels.
One such aspect of this more detailed enhanced customer due diligence is determining “beneficial ownership” of the business entity. Beneficial ownership information identifies the individuals that directly or indirectly own or control a legal entity of the firm. It is defined as an individual who directly or indirectly owns 25% of more of a legal entity customer (defined as “ownership”) or individuals that have the responsibility to manage or direct a legal entity customer, such as a senior manager or executive officer (defined as “control”). Beneficial ownership analysis and monitoring is designed to discover and prosecute criminals, kleptocrats, and other bad actors that look to hide illegal proceeds in the financial system anonymously. The newer beneficial ownership rules and increased scrutiny are designed to help financial institutions and law enforcement gain access to more detailed information.
High profile media cases such as The Panama Papers have helped keep the focus on eCDD and beneficial ownership as they helped to provide a behind-the-scene view of the legal practices, transaction flows and (lack of) documentation used by large corporations and high-profile individuals to avoid regulatory compliance.
With the increasing regulations, Knowing Your Customer is only one part of Customer Due Diligence; Knowing Your Business (KYB) is just as important. As the volume of digital transactions increases, antiquated, manual processes just won’t keep up. Over the next few months, we will continue to explore the topic of enhanced Customer Due Diligence and what customers can do to keep up.


2+2 for Global Compliance – Your Expectations are Unreasonable

Due to increasing data requirements and best practices encouraged by various government and financial directives (like the 4th Money Laundering Directive – 4MLD) concerning customer due diligence in the UK and European Union, GDC has had many requests to provide enhanced levels of electronic identity verification combined with Watch List/PEP and Sanctions checks to meet these compliance needs.

While some customers are satisfied to have input-data verified against a single authoritative data source, many others require checks to be verified against multiple authenticated, in-country data sources of varying data types.  This difference between the single and multi-source checks has come to be called 2+2 vs. 1+1 – electronic Identity Verification (eIDV).

The data elements available in the source may vary – for example, below you see two sources described: one Credit and one Government each with three elements to match.

However, the source is typically of a single type, which is not a fit for the new EU compliance regulations (See post on 4MLD).  The types of data source that can be matched for either a 1+1 or 2+2 are:


1+1 Identity Verification

GDC’s Worldview platform has been providing 1+1 electronic identity verification since its inception. Customers and partners typically work in the fraud or e-Commerce space mostly with high-volume transactional use cases.  Their goal is to reduce friction in a process (customer onboarding, sales, etc.), increase speed and efficiencies and cut cost.


Most of what is gained in a 1+1 is efficiency and cost savings but there are compliance and regulatory rules met with this 1+1 check.  In the example below, we check the input of name, DOB and address against a single credit source and we may receive either of the matches listed in the OR and achieve a pass.

2+2 Identity Verification

By definition, GDC sees a 2+2 request as matching 2 different definitions of input against 2 different data sources.  For GDC to fulfill a 2+2 request, we check to a minimum of 2 different sources.

Thus to accomplish a 2+2 request  GDC is sending to a single request to a data provider which controls multiple unique sources (for example, a single partner with both an Electoral Role sources or a Public Utility source) or to multiple “best available” providers in country with unique data sources.


As a rule GDC requires a match based on two input elements verified against two independent data sources. For example, a match could be made on COMPLETE NAME plus DOB in a credit data source (1) and  COMPLETE NAME plus ADDRESS in a government (2) data source.

So Why are Your Expectations Unreasonable?

The rules sound simple enough, so you are probably thinking to yourself, what do you mean we have unreasonable expectations?

Country/Source Coverage

Country and source type are the two most important considerations in assessing potential match rates, across the world, data sources and data privacy regulations vary greatly. What works well in the United States and the United Kingdom does not neccessarily work in France and Poland.
In our many conversations with prospects, customers, and partners, the 2+2 topic immediately moves to:“Our compliance officers require the same levels and inputs for all countries: 2+2 checks with credit and government sources for Countries XYZ and we need a match rate of 70% or higher.”
This approach is not country-specific, and creates a challenge when trying to apply the same mindset to countries around the world.  For example, while matching COMPLETE NAME+ADDRESS and COMPLETE NAME+DOB in the Unites States returns great results, matching both a Credit and Government source in France is not possible. It is, however, likely to produce a 50% or better match rate in Australia, where there are multiple credit and government sources to leverage.

Why is France a challenge? The French data sources are tightly controlled and not available for access – further France does not really have a credit bureau open for query. However, matching COMPLETE NAME and DOB in two different telco sources in France is possible.
What is the take-away? In thinking about data sources, there is a major difference between “unique and from independent sources”vs. “unique and from Credit or Government”. Furthermore, 2+2 may be achievable with COMPLETE NAME and ADDRESS in a “telecom/mobile” source in Spain and a “commercial” source in Spain, but with no credit and very little government data source access. Thus, you cannot expect to use all the same inputs in every country ALL over the world and achieve the same match rate results.

What are the options?

So, looking across the globe there are three elements you can control inside an electronic 2+2 identity verification to improve or optimize match and pass rates for your compliance use cases:
• Improve the quality of the input elements to match
• Tightening or loosening the rules on matching criteria
• Continue to add additional data sources to increase coverage and thus potential match rates

Improve the quality of the input elements to match upon

Data quality is a challenge in most organizations and if you are not able to produce input elements for matching in eIDV requests you will severely impact potential match rates. For example, GDC typically uses address verification, standardization and correction to enhance the quality of input address data and allow for more accurate matching on street/thoroughfare, house number, postal code and locality/city input elements.

Tightening or loosening the rules on matching criteria

After the quality of the input data the next piece that can be considered is the actual definition of a match and a pass. This is a good bit of what has been hinted at in the title around expectations. The most common place we see for making rules less stringent is in name matching. In many countries matching on a given/first name can be a supreme challenge, but many of these same countries will allow for higher match rates on first initial, sur/last name, full address and even date of birth. Matching first initial+last name or even a fuzzy match or distance match in place of the often-mandated exact match will sometimes drastically improve match rates.

Continue to add additional data sources to increase coverage and thus potential match rates

The final piece of the puzzle is the data sources themselves. If you are using two data sources and each cover 35% of the population your best result is 70%, but is more than likely closer to 30%. This does not consider the 2+2 rules that might require an exact match on first and last name when only 1 of the 2 sources has a first/given name available. The GDC approach is to recognize that the best match rates for 2+2 really require as many sources, that do not duplicate, as possible. These sources need to be different but ultimately 6 data sources (telco, government, credit, utility, postal, and consumer) – will produce a higher 2+2 match rate than just 2 of the data sources. Simply put, you are covering more of the adult population and thus have a better chance to match and pass.

To conclude – reasonable expectation to great expectations

When interpreting and crafting the compliance rules, such as for Customer Due Diligence, for your organization be aware and willing to utilize the data sources available within the required country, and country sensibilities and privacy regulations. Each will potentially be different. Be certain to provide the highest quality input data possible and let data quality work for your eIDV efforts not against them. Don’t be limited to 2 data sources in a 2+2 match but leverage as many as possible to get the job done. Lastly, don’t let your compliance rules hand-cuff your success with eIDV in a country – use what is available, how best it can be used to achieve success.

money laundering

4th Anti-Money Laundering Directive Prescribes Electronic Identity Verification for Customer Due Diligence

The 4th Anti-Money Laundering Directive (4MLD) came into force as an upgrade/replacement of the 3MLD (3rd Anti-Money Laundering Directive) on June 26th, 2017 with a clear goal of expanding the risk based approach established with 3MLD.  Further 4MLD expanded the requirements and general principles in the European Union which government the necessary checks required to meet money laundering and compliance guidelines.   

The overall focus for 4MLD is listed in the table below: 

Key 4MLD Focus areas of increased requirements:
Increased focus on risk based approach Required not just for Financial org. anymore
Focus on Tax Crimes Expanded Customer due diligence
Third country equivalence Politically Exposed Persons
Cross-border wire transfers Beneficial ownership

The 4th Anti-Money Laundering Directive (4MLD) came into force as an upgrade/replacement of the 3MLD (3rd Anti-Money Laundering Directive) on June 26th, 2017 with a clear goal of expanding the risk based approach established with 3MLD.  Further 4MLD expanded the requirements and general principles in the European Union which government the necessary checks required to meet money laundering and compliance guidelines.   

The overall focus for 4MLD is listed in the table below: 

(17)  Accurate identification and verification of data of natural and legal persons is essential for fighting money laundering or terrorist financing. Latest technical developments in the digitalisation of transactions and payments enable a secure remote or electronic identification.

It is this section that lays the ground work for eIDV’s requirement to meet CCD and 4MLD requirements.  Stay tuned to our next blog post where we break down the 2+2 rule set which meet the regulatory requirements for customer due diligence and discuss how your compliance team has unreasonable expectations for electronic Identity Verification. 

Colombia Identity Verification

Shared Visions – Identity Verification in Latin America

One of the best parts of my job at GDC is meeting founders of data services companies around the world. In many cases these founders have created unique identity focused solutions targeted for use within their local markets. Their customers are banks, insurance firms and in some cases the government. In some cases I will find entrepreneurs who have begun to look at expansion to other countries that are proximate to their home country. In every case when I sit down with founders and share our global mission they start off with a skeptical view but then quickly become very interested in how we have been able to achieve the progress made thus far. Most importantly they want to find a way to participate in making our global vision a reality. The most recent example of this was during a sourcing trip to Colombia.

Our goal was to meet with a number of possible data sources to help significantly improve our ability to provide Colombian identity verification within a 2+2 compliance framework. We spent three days meeting with various providers to get a sense of what was available and whether we could find local partners with the right alignment. One provider stood out from the rest because of the vision of the founder.

Daniel is one of Colombia’s pre-eminent tech entrepreneurs. He’s built a 100+ employee company that manages varying aspects of digital data and cyber security for the Colombian government. The data his company works with is the de-facto source data for Colombian consumer and business ID. This is Daniel’s third company and he is very clearly a knowledge base for all things identity in Colombia. He has a vision for growing a strong business throughout Latin America.

The conversation started on a familiar path. I spent time talking about GDC, what we do, how we do it and what we look for in data partners. Daniel spent time describing his business and what they were focused on in the market. He described how he helps to manage the core data provided by the government to deliver identity based services to the market. As I was listening I realized we had found a key source provider. At the end of his piece he directly states I’ve studied what you do and we would like to explore using your platform for your services in other countries. In that moment the conversation flipped from my focus on data sourcing to looking at his company as more of a bi-directional partnership which is the goal of the “Consortium” aspect of GDC. We saw value in Daniel’s ability to provide Colombian identity verification through his API and he saw value in our ability to provide identity verification for Mexico, Argentina and other countries through our API.

Our meeting ran over the 60 minutes we had mutually allotted for. We spoke of the challenges in the Colombian market, the need for identity verification to counteract fraud and the compliance requirements (4AML and GDPR) of banks and other financial service institutions that created a framework for identity verification in other countries.  We continued the communications via email and we will begin sharing technical details with each other after the holidays. Within a few months we will have his service up and running within our Worldview platform. We will continue to shape the offering utilizing feedback from our Latin American customers. This process will produce the best results and service for Colombia identity verification globally. Alongside our solutions for Mexico, Argentina, Brazil and over 40 additional countries we will continue to expand our coverage globally.

Whether it is Ricardo in Brazil, or Mariana in Argentina or Daniel in Colombia, the story is the same. Shared visions of how identity verification can help enable consumers and businesses transaction globally. Each provider brings their data and local expertise and together we help solve problems globally. Founders working together to achieve a common goal.

Shared Visions - Colombia Identity Verification

Shared Visions – Colombia           Identity Verification


Best Practices for Improved Accuracy in Electronic Identity Verification in Argentina and Brazil

I spent the past week visiting data partners in South America. It was a good week of sharing information about the needs of the market such as 2+2 Compliance checking and KYB (Know Your Business). Trips like this always provide us with additional learnings about how solutions work best and what are the best practices for getting the best match rates in countries like Brazil, Argentina, Chile and Columbia. In this posting I will cover a few things learned regarding Brazil and Argentina.

I started the trip in Brazil. While meeting with one of our key data providers we discussed The Maria Problem and how it can skew results. I wrote about the Maria Problem in the past when discussing Portuguese Identity Verification. It was not a surprise to learn that the same problem exists in Brazil given their cultural and language ties. The problem simply stated is that most women in Brazil have a first name as Maria. Many women don’t use the Maria in most applications and forms rather they use their second name to differentiate themselves. Most Brazilian (and Latin American) names consist of four names. A surname, a second surname a maternal name and a paternal name. In most data entry responses you will find that a second surname along with either the paternal and/or maternal name are used in combination. Doing a matching exercise on this type of information will yield varied results which is why it is either important to know how to tune your rules to compare on the combinations of first and second surname to try and achieve a match. Our local provider knows this problem and his systems are coding to address this as data passes through his system.

Argentina was the next stop on the trip. A new learning there relates more to data hygiene to produce a better match. In particular to Buenos Aries (the largest city in the country) the zip code in the past was a four digit number. Recently they have added and additional four digit alpha code onto the four digits to make the information more accurate due to the growth and density of the city. Most government databases now use the eight digit code versus the four digit code so, when na address is used as part of a identity check, it is likely that it wont validate against a government database without the address having gone through a hygiene process that enriches the additional four digit alpha code. Our local provider does this as part of their standard data normalization process and this yields a better match result.

In both countries a great deal of time was spent making sure that our data providers could provide a 2+2 check at a high impact match rate. While data hygiene is part of this equation having good data sources that are Government, Credit or Commercial is also important. The most important is to know how your input data will be best compared with the data sources. Simple things like the above will significantly impact the results of your electronic identity check.


From Russia with Love – How Do Russians Acquire an Identity? – Part 2

In part 1 of our series, we remember that the Lektor decoder was so valuable to MI6 that they tried to get their hands on it.  It was in fact part of a trap in which a cipher clerk, Tatiana, and Bond would steal the decoder. After it was stolen, SPECTRE came after them in an assassination attempt to get the Lektor and sell it back to the Soviets.

Just like the Lektor is highly valuable and sought after, so are Russian passports, the physical proof one is who they say they are.  Now let’s look at the importance and requirements for Russians to maintain and prove their identity.

Once a Russian citizen reaches the age of fourteen, the citizen then is required by law to carry an internal passport which is issued by the Ministry of Internal Affairs for the Russian Federation. These passports are only issued to Russian citizens. These passports are very similar to travel documents issued to Russian citizens; however, the internal passport will have no Latin lettering anywhere in the passport – it is only meant to be used within the Russian Federation and is not a valid document to travel outside of the country. Inside of the internal passport, Russians have all of the necessary information which follows them through the rest of their lives. Passports are meant to be updated at all important life events.

The first page of the document states the name, sex, date and place of birth of the citizen. Following this, there are pages which document required information about each Russian citizen. Russian citizens are required to register themselves in the place that the live. This registration is maintained within the internal passport. After the age of 18, males are required to serve military service or receive a deferment for study – this information is also included in the internal passport. If a citizen is married, the registration of their marriage is located within the passport. If a citizen has children under the age of fourteen, their identities are registered within their parenrussia-nesting-2ts’ passports. Within the internal passport, citizens also keep their driver’s license and any other documents required within the Russian Federation – these would vary based on the person’s profession, age, or special talents.

On the eighteenth page of the internal passport, information is found about the citizen’s blood type and tax identification number.

Internal passports must be renewed at certain points in the life of a citizen in the Russian Federation. The first required renewal is at age twenty. After that, the passport must be renewed again at age forty-five. After the age of forty-five, the internal passport is good for the rest of the life of the citizen

Citizens of the Russian Federation who serve in the armed forces are given additional information in their passport that register their military service history as well as the place of their service.

Citizens of the Russian Federation who enroll in higher education usually enroll at the age of seventeen or eighteen, after their graduation from secondary school. Upon enrolling in a institute of higher learning, a student is issued another form of identification meant to be used in conjunction with their internal passport – this is called a “Student Ticket” or студенческий билет. This document is meant to be used on campus for student privileges around facilities on campus such as libraries, sports facilities, and cafeterias. Most universities in Russia operate on a closed-campus system; in order to enter the dormitories, students are usually given a separate piece of identification called a “Permission” пропуск which must be displayed with the Stufrom russia with lovedent Ticket in order to enter dormitories or classroom buildings on campus. The Student Ticket is also used by university students around town to receive student discounts on services like public transportation or for discounted entry into museums and movie theatres. Each year of a student’s studies, the Student Ticket is updated to show the year that the student is enrolled. This is done by the leader of the department affixing his or her signature and a stamp from the university on one page of the Student Ticket. The other page of the Student Ticket gives a photo of the person and their name.

Russians who travel outside of the Russian Federation are required to have an international or external passport for travel. This passport is very similar to the internal passport in every sense, except that the internal passport does not use biometric information and the internal passport does not have any Latin lettering. The biometric information in the external passport includes fingerprint, handwriting sample, height, weight, eye color and voice. The international passport includes a firstrussia-map-1 page which states the citizen’s name in Cyrillic and Latin lettering as well as the place and date of birth, sex, and passport number – which is different from the internal passport number. These passports are issued by the Ministry of Foreign Affairs and are also overseen by the Federal Immigration Service. Russian citizens must renew external passports every ten years. The rest of the passport’s pages are blank for visas to foreign nations. Currently, only twenty-eight percent of Russians have an external passport according to

As you can see from the past two posts, Russian identity is complex, even more complex in the digital age.  Let the Global Data Consortium’s Worldview platform be your Lekto decoder to know your customers.



From Russia with Love – How Do Russians Acquire an Identity? – Part 1

The 1963 James Bond action thriller, “From Russia with Love”, starring Sean Connery, see Bond willingly falls into an assassination ploy involving a naive Russian beauty in order to retrieve a Soviet encryption device that was stolen by SPECTRE.  The Lektor decoder, at it was called, was a highLektor decoderly sought after decoding machine, used by Soviet Intelligence to de-compile coded and highly sensitive documents.

Decrypting a Russian name can be highly complex and sought after as well, especially in the electronic identity space.  Let’s examine exactly how and what is in a Russian name – one of the verifiable attributes of a digital identity.

A Russian begins to acquire an identity before he or she is ever born. The first element of a Russian’s identity is his or her name – two parts of the name are determined before the Russian is even born. First there is the family name (фамилия) which is taken from the father. At marriage, Russian women take their husband’s last name. The last name, if it is a Russian last name, is changed to show gender. Russian male last names ending in -skij (ский) will change to -skaya (ская) for a woman. Russian last names ending in a consonant for men will add an a or ya (а/я) to show the female version of the name. If a family name is not Russian (Jewish, Estonian, German, Latvian, etc.) then the last name will not changeThe second part of a Russian’s name determined before birth is the middle name or patronymic (отчество) this name is also derived from the father and translates as son of or daughter of. All Russians who share the same father will have the same patronymic, again changed to show gender. This name is derived from the father’s name with the addition of a suffix -ovich/evich (ович/евич) for sons and –ovna/evna (овна/евна) for girls.

The first name that a Russian gets is chosen entirely by the parents or family and can show particular traditions within a family. For example, if a family is very religious, they may choose to name their child after the saint for that day on the Russian Orthodox calendar. Russians may also name the child after significant family members, writers, people of renown in Russian culture, or after favorite russian nesting doll musicians. Some Russians who are more western choose to give their children more European names like Rutger or Margarita. From the first name, many diminutive or nicknames can be formed. These are usually only used within family or friend groups. Male and female names that have the same roots will form the same diminutives. For example, a man named Evgenij (Евгений) and a woman named Evgeniya (Евгения) will both have the same basic diminutive of Zhenya (Женя). This name can then be further diminutivized by adding further suffixes and creating names like Zhenochka (Женочка).

The Global Data Consortium’s Worldview platform has one of the most unique and privileged access solutions to identify Russian individuals.  As with the Lektor decoder, it can be one of the most sought after solutions to help fight fraud in the international digital world.

Be on the lookout for Part 2 of our series – How Do Russians Acquire an Identity?


Singapore: “Chili Crab” or ID?

The island nation of Singapore is known for many things.  Specifically, it is a “melting pot” of sorts including a mixture of cultures, languages, alphabets and nationalities. The city state is known for its cuisine, especially for its famous dish, the “chili crab.” Just like the food, the people are a fusion of all who come to reside there – Chinese, Indonesian, Malaysian and the list goes on.  One thing is for certain, the needs for identity verification are as dynamic and diverse as the cultures.  For those of you looking for the best places for “chili crab” in Singapore you can look here.

Chili Crab

Chili Crab

First, let’s take the Singapore national ID card.  The ID card represents the melding of peoples in the way it represents individual’s identity attributes.  Document validation, to verify identity, will tell you accurately that the format is correct (but not necessarily verified).  When a National ID/Passport scan or image is sent to the Document Validation provider they perform an automated analysis checking the validity of the information on the document ensuring the information makes sense and goes together, and that none of the images or data is forged. A Document Validation service provider may check the following data points:

  • Full Name
  • Nationality
  • Date of Birth
  • Photo
  • Gender
  • Document Expiration Date
  • Passport MRZ (Machine Readable Zone – two 44 character rows that convey the data on the Passport)
  • In the case of Singapore, the national ID includes elements very like a passport given the nature of the multicultural country.
  • Full Name – English then Native
  • Race – Example Chinese
  • Birth Date
  • Country of Birth – China, Singapore

Document Validation providers may also check characteristics of a document to ensure it has not been forged or altered.   This can include checking the background print, micro text, whether the document photo has been replaced, whether the fonts used are consistent and correct, and other authenticity checks.  These checks generally require manual review and often supplement automatic checks of the document data points.

However, verifying the data associated with a National ID against trusted sources is a different matter. For example, let’s look at one of the elements on the National Registration Identity Card – race. Surprisingly, Singapore allows TWO RACES in accordance with their race diversity disclosures.  



This is called “double-barreling” which applies to all babies born as of January 1st, 2011.  The ID card represents the melding of peoples in the way it represents race.

Here’s how it works.  Your race must be a logical combo of your mom’s and dad’s races. e.g. Malay-German or Malay-Caucasian. The race in front is regarded as the dominant one e.g. in the above example, “Malay” is the dominant race.  All siblings from the same parents must have the same race, if the kid gets married to someone else of mixed parentage, only the dominant race counts for both.

Next, let’s examine the card and how it represents the melding of peoples in the way it represents names. If you are of origin in another country – perhaps China, but have a Latin English name you will see both the English name and the Chinese name listed on the card in the order – English to Chinese. In other cases, the name may only be the traditional Chinese name, and it can vary and exposes a challenge of using only document verification.  

Name and race are two examples of the challenges of validating identity using document checks without electronic identity verification.

 The best solution is to combine document validation/authentication (Doc check) and electronic identity verification (eIDV).  This both checks the characteristics of the document and the accuracy of the data on it.  Combining Doc check with eIDV check for countries like Singapore will allow you to accurately and correctly verify one’s identity.  

Portugese Flag

Portugal: A Population of Global Explorers and Diasporas

Vasco da Gama Bridge

Vasco da Gama Bridge

I am sitting in a nondescript office in the harbor sector of the city of Lisbon looking out at the beautiful Vasco da Gama Bridge. This bridge is the longest bridge in Europe spanning over 12 kilometers across the Tagus River in Lisbon. While this bridge is a modern wonder, the discussion taking p
lace inside the office is also a bit of a wonder in the world of global identity verification.

I am reviewing the results of a test file with our Portuguese Data expert. We had originally processed his file and achieved somewhat lower results than desired. The timing of the file processing and my trip to Portugal allowed for me to sit down directly with him and a colleague to review the results and better understand why the results were so low.

One of the first things we discovered about the data is that a percentage of the data was made up of foreign names meaning non-Portuguese in origin. As a result, these people were likely not citizens of the country but might still be residents. Portugal is unique in Europe because it has a large and growing population of ex-pats who retire there from the United Kingdom and France. The way our expert described it is that Portugal was a country where “many people are passing through”. Some stay for a little time and some stay forever. Given the temperatures, the beauty of its beaches and the great cost of living I completely understand this.

So while we could not accurately validate those people with our Portuguese Identity Verification we were able to architect within our system to run those people who did not validate in Portugal through our UK and then French Identity Verification providers all within the same system. This “waterfall” approach allowed for us to gain some immediate lift in the results and better validate the ex-pats that had settled in the region.

The next data validation challenge that was unique to Portugal (and likely unique to Brazil) was what I dubbed “The Maria Effect”. A large number of the women in Portugal are named Maria. This is a statement made by a guy who has spent more than 20 years working with consumer data in Portugal so I am going to choose to believe this statement of fact. Many of the Marias have secondary first or middle names which create differentiators (example: Maria-Theresa). Additionally the last name of her family and/or the last name of her husband might be used when completing some types of documentation thus Maria becomes possibly Maria Theresa de Salvo Carlos de Herrera. This a complete legitimate full name. At 32 characters this name likely would not even fit into most online data entry fields but that is the smaller of the concerns. Maria may also express her name as any combination of the above depending on how she choosing to distinctly represent herself. So she might be Theresa de Salvo or Theresa de Herrera or Theresa Carlos de Herrera. In all of these examples Maria may be substituted for Theresa creating a database of Marias that may or may not link back to a known identity in Portuguese data systems. This is where customized and localized fuzzy matching and rules logic are needed to ensure the best possible match result when attempting a identity verification for this country.

The next example of local data uniqueness is the “da Effect”. Many last names in Portugal have a preposition of da or de associated with them. Names can thus be represented in systems as Vasco da Gama or Vasco Gama. In both cases they are the same person. Many identity verification systems may choose to work with a hard 1:1 match and thus this would not generate a match on this particular name. Other systems may elect to drop the da/de as extraneous characters and not recognize them as part of the last name thus corrupting the name and likely generating a poor response.

After reviewing all of these examples we were able to ensure that we tuned our inputs to properly parse data going into our platform for Portuguese nuances. This allowed for us to create a better result and improve the overall match rates. This in turn helps satisfy our customer’s needs which at the end of the day was the goal of the conversation.

The above is a great view on how hyper-local knowledge and skills will produce quantifiably better results for global eKYC and identity resolution efforts. Whether it is mobile customer onboarding at BBVA or HSBC; or fraud risk analysis at Kreditech of fulfillment of European 4th Money Laundering Initiative compliance regulations between customer transactions. At GDC we enjoy learning these nuances from our local partners and much like the vision of da Gama we seek to spread this knowledge throughout the world.


The GDC Way on Data Partnerships

Quick note: GDC is expanding the country reach of our real-time global electronic identity verification platform. Today we have over 45 partnerships with best in-country providers of identity data, each integrated into our system. We are growing to 150+ as quickly as possible. In this post, I’m writing about our approach to building deep relationships with our data partners. If you are the owner or controller of data that can be used for electronic identity verification in your country, let’s talk. You’ll find a link at the bottom of this post with more information.

Off the Beaten Path

I was in South America not long ago on one of my frequent international jaunts, meeting with Global Data Consortium partners. We had been corresponding with one business for some time, and its data was particularly interesting to GDC customers. I won’t name the country this time (that would be a dead giveaway), but suffice it to say this trip involved prop planes and multiple “camioneta” buses. Off the beaten path would be an understatement.

But once at my destination, I spent a full day with the business owners. I met the management team, toured their offices, talked with local clients, and had dinner with the president in his home that evening. Here’s something he told me that really stuck in my mind:

No one has ever made the effort to travel to visit us before. Everyone wants access to our data, but they only want to talk through the phone or by email. That is not how we build partnerships in my country.

He thanked me. He was legitimately touched by the gesture of my in-person visit. Needless to say, he is now a GDC data partner, an important member of our Consortium.

The Trust Factor

We have lofty ambitions at the Global Data Consortium. Our goal is to be the one point of access for business that use global electronic identity verification, offering the most countries with the deepest coverage and most data elements possible.

The foundation for this is our data partner network, those businesses that collect and maintain identity information in their home countries. They are our Consortium members, and without integrating into their services, we could not meet our goals.

Here’s the great insight at GDC: the owners of companies we want to partner with are fiercely relationship driven. Many of the businesses are still run by their founders. They are proud of what they have spent their lives building, and they don’t want to work with just anyone. They want to work with organizations they know they can trust.

So we invest in the relationships. It’s the only way to build mutual trust.

How do we do it?

The GDC Way

GDC creates clear expectations with our data partners for what their services must be able to do for our customers. We ensure high quality by testing what they have. We help them with enabling technology if they need it.

But we also make the relationship a two-way street. Not only do partners provide us with access to their data, but we also let them use the full GDC platform so they can offer a wider set of products to their own customers. This opens up new revenue opportunities for them.

That’s all part of the GDC Way.

But most importantly – and this is the thing our cohorts don’t seem to get – we take the time to meet our partners face-to-face, in their offices and sometimes even in their homes. We break bread together. We make the extra effort to get to know them and to let them know us, too.

That Extra Ounce of Effort

Sir John Templeton, the legendary investor, famously said that it’s the final extra ounce of effort that counts the most. For GDC, this seemingly minor detail of meeting our partners in person is the extra ounce of effort. It counts so much when building a real-time electronic identity verification platform that relies on a broad network of global suppliers.

It’s part of the GDC Way and a big part of the reason companies with valuable data assets choose to partner with us…to become members of the Consortium.

We recently put up a new page on the Global Data Consortium website describing how we work with our data partners. Take a look at it. For potential data partners, feel free to contact me through the form there, or send me an email at