The first time I watched the compliance team and the fraud team at the same company argue over which vendor to pick, I thought they were arguing about the wrong thing. They agreed on the shortlist. They’d sat through the demos together. What they couldn’t agree on was what the product was for.
KYC software and ID verification software look identical from the outside. They check a document. They check a face. They return a signal. They log it. When you shortlist for one, the same ten vendors show up on the list for the other. At least half will tell you they do both.
And yet they’re different products. The same box is being sold to two different buyers, for two different reasons, and the reason you’re buying it changes what “good” looks like.
The compliance buyer
Start with the compliance side. A compliance officer at a neobank, a broker, or a crypto exchange buys what the industry calls KYC — short for Know Your Customer. The reason they’re buying is that a regulator — FCA, BaFin, FINMA, MAS, pick your jurisdiction — wrote a rule that says you cannot onboard a customer without verifying their identity in a specific way. If you don’t, you get fined. You get a consent order. In the worst case you lose your license.
The compliance officer’s success metric is: does this pass the next audit?
Everything else follows from that metric. They want an audit trail they can hand to a regulator without blushing. They want case management for the 3% of onboardings that go to manual review. They want sanctions, PEPs, and adverse media either baked in or cleanly wired up. They want the vendor to have SOC 2, ISO 27001, and increasingly something to say about DORA.
Drop-offs at the ID step are a cost, but they’re not a KPI. If a real user gets rejected, that’s regrettable, but it’s not what gets the compliance officer fired. If a fraudster gets through and the regulator finds out, that is what gets them fired.
The fraud buyer
Now the other side. A fraud strategist at a marketplace, or an ecommerce platform past some dollar threshold, or a dating app, or a rental platform, or a reseller marketplace fighting a mule problem. No regulator is telling them they must verify a user’s face against their driver’s license. They’re doing it because fraud costs them money. Or because reseller abuse kills the platform. Or because they need to age-gate something. Or because their insurer started asking questions.
Their success metric is: fraud prevented, minus friction caused.
That metric changes everything. They care about conversion. They care about drop-off at each step of the flow. They care about how long the check takes on a mid-range Android with a bad camera. They care about liveness strength because the only thing worse than letting a fraudster through is making a real customer take a selfie and then letting one through anyway.
They might not care about PEP screening at all. They might not need case management — if the signal is bad, block the transaction and move on. An audit trail is nice because it helps the chargeback case, but it’s not the thing they’re buying.
Same product, two ways
So: the same product, bought two ways.
The obvious next question is why this matters, if both can be done by the same vendor. The reason is that the vendor started from one of the two buyers, and it shows. Walk through any of the major vendors with a knowledgeable eye and you can usually tell which side of the fence they grew up on. The compliance-first vendors have beautiful case management queues and mediocre drop-off rates. The fraud-first vendors have fast SDKs and a “compliance module” that, on inspection, turns out to be a CSV export bolted onto an API.
There are vendors that do both well. There aren’t many.
Read more at BestKYC.com
This article was originally published by DEV Community and written by BestKYC.com.
Read original article on DEV Community