The pandemic has highlighted those in the fast lane and those playing catch up in onboarding clients digitally. On the darker side, many are worried that digital reliance is playing into cybercriminals and testing privacy as track and trace measures kick in.

No stranger to cyberattacks, global credit bureau Equifax has signed a partnership with regtech specialist HooYu to expand its range of fraud and indentity onboarding tools.

Equifax clients, including mortgage lenders, building societies and financial advisors who may be “struggling to verify new customer identity using traditional methods" will have access to HooYu’s full suite of onboarding verifications services. These include ID document validation, digital footprint analysis, proof of address matching, facial biometrics, geolocation and the ability to apply an identity confidence score, the UK arm of the Atlanta-based credit check giant, said.

The move is part of a pattern among wealth advisors to speed up their digital strategies in the absense of face-to-face interactions during lockdown at the same time that online security concerns have justifiably soared. It is a difficult balance for wealth managers who are ramping up online services but also need to signal trust.

At the height of April's restrictions, Google reported that scammers were sending 18 million COVID-19-related hoax messages a day to Gmail accounts. The service has over 1.5 billion users globally. Also, Barracuda Networks said that it had seen a 667 per cent increase in phishing emails during the pandemic.

Keith McGill, head of fraud and ID at Equifax UK, said the HooYu partnership would allow it to simplify and improve the KYC journey enabling clients to protect income streams and fraud threats in the future and meet regulatory standards.

Equifax paid out $650 million last year in one of the largest cyber breaches in US corporate history, in which Chinese hackers accessed the personal information of 148 million Americans.

HooYu is among a raft of regtech/fintech firms capitalising on the recent urgent need among financial institutions to shore up their digital offering and bring new customers online smoothly, while at the same time reassuring existing jittery ones not to jump ship. Mati is another in the sector offering fast end-to-end digital onboarding services aligned with AML regulations.

The EU's fifth directive, or AML5, introduced last year, does allow electronic authentication known as "liveness recognition"; it uses AI-driven algorithims to verify whether data collected from biometric sensors is coming from a live human being or from a spoofed identity.

HooYu marketing director David Pope said that digitalisation is gathering pace "because many financial services providers have lost their face-to-face onboarding channel while in COVID-19 lockdown.” A recent poll of Equifax clients showed that 70 per cent were in the process of streamlining their digital onboarding process, Pope said.

The firm counts NatWest and challenger bank Countingup among its customers.

COVID tracing app adds to fraud worries
Separately, cybersecurity solutions firm Anomali released results of a nationwide survey on Monday showing that consumers generally lack trust in the UK's proposed tracing app, particularly over how the government will handle the data, exposing them to possible fraud. Almost half thought that such an app would give cyber criminals free rein to send smishing/phishing messages through texts and emails; and just over half felt that they weren't savvy enough to spot these.

“At this stage, nobody knows where to get the NHSX app from, so it can be reasonably expected that consumers will be faced with floods of emails with bogus links to convincing looking domains," to download the app, Jamie Stone, head of EMEA at Anomali, said.

Stone said the link will be a web page asking people for more personal information than the actual app requests and this information could be used in future attacks. He also warned about more people being targeted by mobile phone, known as "smishing", because it is done via SMS. “Due to the smaller screen, people will be less able to check the veracity of the link so will be more trusting and might click it,” he said.

Anomali has noted thousands of additional COVID-19 related domains being registered over the past few months. “It’s tough to predict the increase in the volume of attacks," Stone said, but the global interest around the virus and numerous national track-and-trace apps put into service "means that attackers will likely use many of these domains to host phishing attacks via email and SMS."

"People using COVID-19 tracking apps need to be extremely vigilant and aware, ensuring that they’ve installed official government apps and that they are interacting with authentic messages from the agencies,” he said.