Op-ed: What customers must know about “Know-Your-Customer”

Author: Sutapa Amornvivat, Ph.D.
Published in Bangkok Post newspaper/ In Ponderland column 20 March 2019

At the end of last year, Thailand’s cabinet has just approved a new legal draft in principle to set up the National Digital ID company (NDID). The company will build and oversee a digital platform that allows businesses and government departments to verify citizen identities against each other. This project sets out to be a key enabler for Thailand to move towards the 4.0 era.

This process that NDID will tackle is the process of identifying customers is called “Know Your Customer,” or KYC. Oftentimes, it is associated with banking and anti-money laundering regulations. However, it is highly relevant for many businesses, ranging from e-commerce, gaming, to social media with an underlying goal of protecting customers against identity theft and misuse of services. Despite being a less discussed topic, KYC is now at the very heart of the digital transformation which is all about designing products that put customer’s needs first.

NDID, as a product of well-coordinated effort between businesses and government, will enable us to transit faster to the full digital experience. Customers will be able to open a bank account online without visiting any physical branch, provided that they have verified themselves at another NDID member before. This can significantly improve ease of doing business in Thailand, boosting the much needed productivity for the economy. It provides a core infrastructure for the country, with a vision similar to that of Estonia’s X-Road, the basis of e-government, at least in the aspect of exchanging citizen’s identity information.

Why should we care as customers?

In an offline world, KYC is done by having customers meet company’s staff face-to-face so that the customer can be verified of his/her identity. As services move online, physical meeting is no longer a viable option. This friction can make or break digital transformation.

In Thailand, companies are improvising KYC solutions on their own without a standard solution. An online forum, Pantip.com, requires users to take a picture of themselves holding a physical ID card to create accountability for their posts and comments. Recently, Rabbit card, an e-wallet for Bangkok’s rail system, required users to register themselves face to face at train ticket booths; while a new digital bank, TMRW by UOB, asks customers to submit selfies and scan fingerprints at kiosks in their physical branches.

More private information is being asked to share through digital channels in the name of KYC. This translates to increasing risks of privacy breach and a loophole for abuse of personal data.

Customers should be aware of what we are giving up in exchange for services, and must demand to know what our private data will be used for and who it will be shared with. This should also be done through agreements or terms of services that are written not in legalese, but a readable language.

Data privacy and security of citizen’s information should top the priority in any implementation of an identity platform. NDID plans to use blockchain, a distributed ledger technology, touted as a highly secured way to store information given its immutable design. However, blockchain is not hack-proof. Several incidents of blockchains being hacked have been reported recently. Therefore, additional effort to ensure security and privacy is necessary to protect consumers and inspire trust among the public.

Another delicate point to address is on setting incentives for different participating parties. As the platform lets one party verify an end user against another party as a trusted source, there is an incentive for those with more identity information to withhold data, by design. This could be a roadblock in scaling the platform especially at the beginning. Re-aligning incentives to get those with data to share will be a difficult task. But its achievement can help build a strong foundation for small start-up companies in Thailand to gain access to this new system that solves the KYC issue.

The NDID initiative has a great potential to be the total solution for KYC standards in Thailand. The new infrastructure will provide a building block for open-data policy. Next step is to join force between NDID, government agencies as well as corporates. With NDID as a way to verify users and grant access permission, public and private parties can now open up data more using open API technology (as I wrote in this column in September 2018). Such technology will allow innovators to collaborate in building innovative services for the public.

This will put data back in hands of the rightful owners, the consumers, and empower them. The open-data policy will promote a culture of transparency and contribute enormously to the technology development in the age of AI.