Posts

Colombia Identity Verification

Shared Visions – Identity Verification in Latin America

One of the best parts of my job at GDC is meeting founders of data services companies around the world. In many cases these founders have created unique identity focused solutions targeted for use within their local markets. Their customers are banks, insurance firms and in some cases the government. In some cases I will find entrepreneurs who have begun to look at expansion to other countries that are proximate to their home country. In every case when I sit down with founders and share our global mission they start off with a skeptical view but then quickly become very interested in how we have been able to achieve the progress made thus far. Most importantly they want to find a way to participate in making our global vision a reality. The most recent example of this was during a sourcing trip to Colombia.

Our goal was to meet with a number of possible data sources to help significantly improve our ability to provide Colombian identity verification within a 2+2 compliance framework. We spent three days meeting with various providers to get a sense of what was available and whether we could find local partners with the right alignment. One provider stood out from the rest because of the vision of the founder.

Daniel is one of Colombia’s pre-eminent tech entrepreneurs. He’s built a 100+ employee company that manages varying aspects of digital data and cyber security for the Colombian government. The data his company works with is the de-facto source data for Colombian consumer and business ID. This is Daniel’s third company and he is very clearly a knowledge base for all things identity in Colombia. He has a vision for growing a strong business throughout Latin America.

The conversation started on a familiar path. I spent time talking about GDC, what we do, how we do it and what we look for in data partners. Daniel spent time describing his business and what they were focused on in the market. He described how he helps to manage the core data provided by the government to deliver identity based services to the market. As I was listening I realized we had found a key source provider. At the end of his piece he directly states I’ve studied what you do and we would like to explore using your platform for your services in other countries. In that moment the conversation flipped from my focus on data sourcing to looking at his company as more of a bi-directional partnership which is the goal of the “Consortium” aspect of GDC. We saw value in Daniel’s ability to provide Colombian identity verification through his API and he saw value in our ability to provide identity verification for Mexico, Argentina and other countries through our API.

Our meeting ran over the 60 minutes we had mutually allotted for. We spoke of the challenges in the Colombian market, the need for identity verification to counteract fraud and the compliance requirements (4AML and GDPR) of banks and other financial service institutions that created a framework for identity verification in other countries.  We continued the communications via email and we will begin sharing technical details with each other after the holidays. Within a few months we will have his service up and running within our Worldview platform. We will continue to shape the offering utilizing feedback from our Latin American customers. This process will produce the best results and service for Colombia identity verification globally. Alongside our solutions for Mexico, Argentina, Brazil and over 40 additional countries we will continue to expand our coverage globally.

Whether it is Ricardo in Brazil, or Mariana in Argentina or Daniel in Colombia, the story is the same. Shared visions of how identity verification can help enable consumers and businesses transaction globally. Each provider brings their data and local expertise and together we help solve problems globally. Founders working together to achieve a common goal.

Shared Visions - Colombia Identity Verification

Shared Visions – Colombia           Identity Verification

sg-place-icon

Singapore: “Chili Crab” or ID?

The island nation of Singapore is known for many things.  Specifically, it is a “melting pot” of sorts including a mixture of cultures, languages, alphabets and nationalities. The city state is known for its cuisine, especially for its famous dish, the “chili crab.” Just like the food, the people are a fusion of all who come to reside there – Chinese, Indonesian, Malaysian and the list goes on.  One thing is for certain, the needs for identity verification are as dynamic and diverse as the cultures.  For those of you looking for the best places for “chili crab” in Singapore you can look here.

Chili Crab

Chili Crab

First, let’s take the Singapore national ID card.  The ID card represents the melding of peoples in the way it represents individual’s identity attributes.  Document validation, to verify identity, will tell you accurately that the format is correct (but not necessarily verified).  When a National ID/Passport scan or image is sent to the Document Validation provider they perform an automated analysis checking the validity of the information on the document ensuring the information makes sense and goes together, and that none of the images or data is forged. A Document Validation service provider may check the following data points:

  • Full Name
  • Nationality
  • Date of Birth
  • Photo
  • Gender
  • Document Expiration Date
  • Passport MRZ (Machine Readable Zone – two 44 character rows that convey the data on the Passport)
  • In the case of Singapore, the national ID includes elements very like a passport given the nature of the multicultural country.
  • Full Name – English then Native
  • Race – Example Chinese
  • Birth Date
  • Country of Birth – China, Singapore

Document Validation providers may also check characteristics of a document to ensure it has not been forged or altered.   This can include checking the background print, micro text, whether the document photo has been replaced, whether the fonts used are consistent and correct, and other authenticity checks.  These checks generally require manual review and often supplement automatic checks of the document data points.

However, verifying the data associated with a National ID against trusted sources is a different matter. For example, let’s look at one of the elements on the National Registration Identity Card – race. Surprisingly, Singapore allows TWO RACES in accordance with their race diversity disclosures.  

Front

Front

This is called “double-barreling” which applies to all babies born as of January 1st, 2011.  The ID card represents the melding of peoples in the way it represents race.

Here’s how it works.  Your race must be a logical combo of your mom’s and dad’s races. e.g. Malay-German or Malay-Caucasian. The race in front is regarded as the dominant one e.g. in the above example, “Malay” is the dominant race.  All siblings from the same parents must have the same race, if the kid gets married to someone else of mixed parentage, only the dominant race counts for both.

Next, let’s examine the card and how it represents the melding of peoples in the way it represents names. If you are of origin in another country – perhaps China, but have a Latin English name you will see both the English name and the Chinese name listed on the card in the order – English to Chinese. In other cases, the name may only be the traditional Chinese name, and it can vary and exposes a challenge of using only document verification.  

Name and race are two examples of the challenges of validating identity using document checks without electronic identity verification.

 The best solution is to combine document validation/authentication (Doc check) and electronic identity verification (eIDV).  This both checks the characteristics of the document and the accuracy of the data on it.  Combining Doc check with eIDV check for countries like Singapore will allow you to accurately and correctly verify one’s identity.  

Portugese Flag

Portugal: A Population of Global Explorers and Diasporas

Vasco da Gama Bridge

Vasco da Gama Bridge

I am sitting in a nondescript office in the harbor sector of the city of Lisbon looking out at the beautiful Vasco da Gama Bridge. This bridge is the longest bridge in Europe spanning over 12 kilometers across the Tagus River in Lisbon. While this bridge is a modern wonder, the discussion taking p
lace inside the office is also a bit of a wonder in the world of global identity verification.

I am reviewing the results of a test file with our Portuguese Data expert. We had originally processed his file and achieved somewhat lower results than desired. The timing of the file processing and my trip to Portugal allowed for me to sit down directly with him and a colleague to review the results and better understand why the results were so low.

One of the first things we discovered about the data is that a percentage of the data was made up of foreign names meaning non-Portuguese in origin. As a result, these people were likely not citizens of the country but might still be residents. Portugal is unique in Europe because it has a large and growing population of ex-pats who retire there from the United Kingdom and France. The way our expert described it is that Portugal was a country where “many people are passing through”. Some stay for a little time and some stay forever. Given the temperatures, the beauty of its beaches and the great cost of living I completely understand this.

So while we could not accurately validate those people with our Portuguese Identity Verification we were able to architect within our system to run those people who did not validate in Portugal through our UK and then French Identity Verification providers all within the same system. This “waterfall” approach allowed for us to gain some immediate lift in the results and better validate the ex-pats that had settled in the region.

The next data validation challenge that was unique to Portugal (and likely unique to Brazil) was what I dubbed “The Maria Effect”. A large number of the women in Portugal are named Maria. This is a statement made by a guy who has spent more than 20 years working with consumer data in Portugal so I am going to choose to believe this statement of fact. Many of the Marias have secondary first or middle names which create differentiators (example: Maria-Theresa). Additionally the last name of her family and/or the last name of her husband might be used when completing some types of documentation thus Maria becomes possibly Maria Theresa de Salvo Carlos de Herrera. This a complete legitimate full name. At 32 characters this name likely would not even fit into most online data entry fields but that is the smaller of the concerns. Maria may also express her name as any combination of the above depending on how she choosing to distinctly represent herself. So she might be Theresa de Salvo or Theresa de Herrera or Theresa Carlos de Herrera. In all of these examples Maria may be substituted for Theresa creating a database of Marias that may or may not link back to a known identity in Portuguese data systems. This is where customized and localized fuzzy matching and rules logic are needed to ensure the best possible match result when attempting a identity verification for this country.

The next example of local data uniqueness is the “da Effect”. Many last names in Portugal have a preposition of da or de associated with them. Names can thus be represented in systems as Vasco da Gama or Vasco Gama. In both cases they are the same person. Many identity verification systems may choose to work with a hard 1:1 match and thus this would not generate a match on this particular name. Other systems may elect to drop the da/de as extraneous characters and not recognize them as part of the last name thus corrupting the name and likely generating a poor response.

After reviewing all of these examples we were able to ensure that we tuned our inputs to properly parse data going into our platform for Portuguese nuances. This allowed for us to create a better result and improve the overall match rates. This in turn helps satisfy our customer’s needs which at the end of the day was the goal of the conversation.

The above is a great view on how hyper-local knowledge and skills will produce quantifiably better results for global eKYC and identity resolution efforts. Whether it is mobile customer onboarding at BBVA or HSBC; or fraud risk analysis at Kreditech of fulfillment of European 4th Money Laundering Initiative compliance regulations between customer transactions. At GDC we enjoy learning these nuances from our local partners and much like the vision of da Gama we seek to spread this knowledge throughout the world.

blog_icon_brcpf

Shipping to Brazil? Every Package Must Now Include the CPF

Quick overview: If you ship packages into Brazil, you need to be aware of some important changes that require all labels be clearly marked with a tax ID number called the CPF. If you don’t have your customer’s CPF, the shipments will be returned or destroyed and you’ll be fined by Brazilian Customs. Many eCommerce merchants are not yet collecting CPF from their customers, and the new requirement could disrupt their Brazilian trade. GDC can provide it for you and help you avoid a disruption. Here are the details…

Brazil’s high import taxes caught the attention of financial media last year when Apple’s iPhone – which cost roughly US$600 when purchased in the States – was selling for nearly twice that in Rio de Janeiro.(1) Apple took some heat for marking up a high-demand product almost 50 percent above the monthly wage of Brazil’s average worker. But in reality most of that price bump wasn’t going into Apple’s pocket. It was required to pay the Brazilian tax authority.

Like many governments, Brazil uses duties to encourage the growth of its domestic industries. By levying customs taxes on imports, it creates a price advantage for local businesses to help them compete. Still, Brazilian consumers continue buying brands they can only get through imports, at times paying taxes as high as 100 percent.

Brazil Customs requires any incoming parcels be clearly marked with the recipient’s name, address and tax ID number. For individuals, that’s called the CPF (short for Cadastro de Pessoas Fisicas) and for businesses it’s the CNPJ (Cadastro Nacional da Pessoa Jurídica). Customs uses the numbers to assess the tax, and requires the recipient to make the duty payment before he/she can collect the parcel. Private courier services have become quite efficient at collecting a customer’s CPF and tax obligation before shipping the parcel to Brazil, ensuring it moves through customs quickly.

But when using the Correios for delivery (that’s Brazil’s government-run postal service) merchants and shoppers have found some loopholes to exploit. The Correios would accept a parcel without a CPF, ship it to a local post office near its final destination, and send notice to the buyer to come in to pay the tax and accept the shipment. Correios was supposed to collect duties on behalf of Brazil Customs. But their enforcement was spotty at best, and plenty of people took advantage of that.

No more. Seeing that it was losing a lot of tax revenue, the Brazilian government has mandated that Correios do a better job of collecting duties. Starting this summer, all shipments into Brazil must be clearly labeled with the recipient’s name, address, and CPF to make it past Customs. If it doesn’t have the CPF, the package will either be shipped-back or destroyed, and the sender will be responsible for paying a fine.

The problem is that many eCommerce merchants (and the technology platforms that support them) have not made the necessary changes to their shopping forms to collect the CPF. Things could get complicated for them in the coming months. Fortunately, GDC has a way to help immediately.

We specialize in finding the best in-country sources for identity and address data and integrating them into our Worldview platform. For Brazil, our service has comprehensive coverage (99 percent) of CPF and CNPJ information. We can take a combination of name, address, phone or email and provide back (in real-time) the CPF number for your shipping labels.

Brazil is a key market for many eCommerce companies. If this new requirement puts your trading business there at risk, GDC can help immediately. Feel free to reach out to me directly. Or click here to learn more about the services we offer in Brazil.

blog_icon_0317

Having Your Cake and Eating It, Too: Accessing the World’s Best Identity Data through One Source

Next week I’ll be at MRC Vegas, the big annual meeting for Merchant Risk Council. It’s a trade group for eCommerce payment and risk professionals, and everyone will be talking about how to grow their international business while minimizing the impact of fraud.

Fraud prevention and global identity verification data go hand-in-hand. But that debate has long been defined by this “either-or” mindset. EITHER you choose the best data to power your fraud prevention efforts (but you have to find all these specialized providers, do the hard work of integration, spend a bunch of money, etc.) OR you choose a single point of access that rolls a bunch of data together and gives you a single vendor to manage (but you get poorer data and it’s not updated very often).

“Either-or” has been the only option for a long time. But now there’s the option to have the best data from many different sources AND access it through one system. You can have your cake and eat it, too.

More on that in a moment.

Talk With a Global Identity Data Expert at MRC Vegas 2015

First things first. It’s easier than ever to integrate with local sources for identity information and to use it to improve your fraud mitigation efforts. If this subject interests you, and you’re going to be in Vegas next week for the conference, let’s talk.

Shoot a quick note to bill@globaldataconsortium.com or connect with me on LinkedIn.

Now, here are some of my thoughts on ways every eCommerce business should be considering locally-sourced identity data to help with fraud.

Fear of Fraud is Slowing Your Growth

Fraud is no small problem for eCommerce. Cross-border trade represents all this growth potential. Countries like Mexico, Brazil and Turkey and regions like Eastern Europe have this tremendous appetite for online buying (each fueled by an exploding middle-class with newfound disposable income). But shipping across borders presents real risks that start with this very fundamental question…

Is that person trying to buy your merchandise really a customer, or is he a thief?

The growth opportunity is exciting, but when you don’t see the actual credit card (CNP or Card Not Present) the problem of fraud is very real.

There are a lot of tools out there to help merchants figure out this question. Silicon Valley seems to launch bigger-better-faster fraud prevention startups every day. But it all must start with determining whether that customer on the other end of a computer (or, as is more often the case, tablet or smartphone) is a legitimate person or not.

Solving the problem of fraud in cross-border eCommerce starts with identity verification.

The Best Sources for Identity Data are Local Providers

The best sources for identity data are local providers, experts in their own markets who know the nuances of their home countries better than anyone else and who are committed to keeping data constantly up-to-date.

Take Mexico, for example, where the combination of paternal and maternal last names are used in the performance of an identity check. And where there are multiple identity numbers in use (RFC, IMSS and CURP). The Global Data Consortium partners in Mexico supply 361 million unique records that provide identity verification (some combination of name, national identity number, address, date of birth and more) for 110 million individuals.

It’s an enormous amount of identity data, maintained by businesses that use it for identity verification purposes within Mexico, and that invest in it by adding new data and continuously refreshing what they have.

Mexico is only one example to highlight these points: Local sources have more complete data to share, they update it more frequently and they bring to bear their local expertise to help you understand important nuances like the differences in RFC versus IMSS versus CURP.

The Problem with Accessing Local Data

The problem with accessing local data is that jurisdictional issues around privacy laws mean each country tends to put strict controls over who can do what with identity data. So the best sources are almost never global services where the data is shipped across borders and aggregated onto a big server. Most governments don’t like this data leaving their countries.

So what you want to do integrate with the in-country data of local providers via the cloud where an API call accesses the data on the local source’s servers. This gives end users exposure to more data because governments and IP owners feel more comfortable when the data never leaves the country of origin.

Of course this sort of cloud-based integration isn’t easy to do. For most eCommerce businesses, there are simply too many complexities based on communicating in different languages, surmounting legal issues, development costs to build and maintain access to various systems, and all sorts of payment headaches.

And so the “either-or” mindset kicks in. Many of the eCommerce companies decide instead to rely on aggregators of global identity data, services that bring together a lot of information but require their clients to sacrifice quality for convenience. They provide one point of access for a lot of data, but they fall far short of the standards set by in-country local sources.

Going Beyond the “Either-Or” Mindset

So here’s the question I’m testing next week at MRC Vegas…

What if you could have both?

What if you could have the best available local identity data and get it through one point of access?

That’s what we’ve done with our Worldview system. It provides:

API Management. With one point of integration –to Worldview – you get full access to the world’s best local identity providers without the development costs or headaches.

Legal + Compliance. GDC complies with the EU-US Safe Harbor Framework to protect personal data. We vet our data partners through rigorous legal and compliance checks so you don’t have to.

One Language. There are 6,500 spoken languages in the world. GDC talks with identity data partners in many of them. But you only need to know one to access their data through Worldview.

One Place to Pay. Vendor management is complex when dealing across languages, borders and currencies. GDC simplifies that for you: one payment in one currency when using Worldview.

When you go global, going local can help you reduce fraud and improve your view on who your real customers are. Get a local view on your global transactions. Try Worldview.

Is this important to your business? If so, let’s connect next week in Vegas.

blog_icon_korea

The Opportunity in Korean Cross Border Commerce

Koreans have discovered the value in cross border commerce arbitrage of many electronic products. For US and other vendors looking for new global market opportunities, the Korean market should not be ignored.

In 2013 there was 47% growth in imports to Korea due to cross border commerce activity. And, mobile commerce in Korea has been growing fast since 2011, at a compound annual growth rate of two-and-a-half times that of the United States. Korean consumers seeking ways to avoid paying for expensive global brands through brick and mortar retailers or domestic e-commerce channels now purposely shop on global platforms and willingly pay customs and duties on products to take advantage of the significant pricing disparity.

In addition, the Korean payment market has adopted a complex ActiveX payment model for buyer identity verification. Only after more than a decade later is Korea realizing the impact of that choice – forcing eCommerce players to conform to prohibitive methods to try and reduce the amount of card not present fraud in Korean e-commerce transactions. However, Korea has recently taken steps to open up the options for its payment and identity verification for online transactions.

Global merchants can take advantage of this opportunity but avoid the complex ActiveX type validation services by implementing other forms of Identity verification offered by companies like GDC and others. In addition, in the same API call you can validate the delivery address information to improve results on delivery time to the customer and reduce call center costs stemming from customers concerned with the status of their order.

Valuable New Market Opportunity. Reduced Fraud and Customer Call Center complaints. Improved Delivery. Try Worldview and See the World More Clearly.

blog_icon_1

Amazon Makes the Push into Alibaba’s Backyard

Amazon announced this past week that it would open a logistics warehouse in Shanghai’s Free Trade Zone that will allow it to expand the import and export of goods in China. Clearly this is a move to sharpen the competitive nature of things against its primary rival in Asia, Alibaba Group.

Amazon is moving quickly to become a player in the Chinese Cross Border Payment market. Further Amazon is increasing its ability to Deliver packages in China. Amazon current delivers to around 3,000 cities and counties in China.

Delivery, Identity and Payment are the three key underpinnings of global ecommerce transactions growth. Amazon is showing that it is capable of managing two of the three aspects via its platform in China.

Alibaba and others should be looking over their shoulder. Amazon is competing on all fronts and winning new customers in new markets.

Read more: http://www.marketwatch.com/story/amazon-coming-to-shanghais-free-trade-zone-2014-08-20