Fintech startup N26 is growing quite rapidly. Building a startup is hard, but building a startup that manages your bank account is even harder given the increased scrutiny. German weekly magazine Wirtschaftswoche published an article that questioned N26’s identification processes. According to Wirtschaftswoche, it’s quite easy to create an account with a fake ID document.
“One or two people got through with a fake ID document. And we detected that afterward. Unfortunately, we didn't detect it in real time,” co-founder and CEO Valentin Stalf told me. “Unfortunately, it can happen.”
But Stalf also insisted that it’s not a widespread problem and that all banks face the same issue. According to him, N26 complies with all regulations when it comes to onboarding.
Currently, N26 has three different procedures depending on the country and works with a third-party company called SafeNed for some of the verification procedures.
In many countries, you can initiate a video call with someone so that they can check your ID and compare it with your face. In Germany, you can also print a document, go to the post office with an ID document and make a post employee check that you are actually you.
In some countries, you can open an N26 account by uploading a photo of your ID document and a selfie. Other banks also take advantage of this procedure. For instance, it’s a common process in the U.K.
More generally, other banks also have to deal with fake ID documents. But security is never perfect. That’s why you can’t simply eradicate the issue. You can try to keep the fake ID rate as low as possible.
“Security is our top priority at N26, which is why secure identification processes and constant review of our security and monitoring mechanisms to prevent identity theft are of great importance to the company,” the company told me in a statement.
In other words, N26 monitors this fake ID rate. And N26 also has ongoing transaction monitoring for those who have already opened a bank account. The company tries to detect fraudulent activity as quickly as possible.
You might think that uploading a photo of your ID document leads to more fraudulent activity. But N26 has noticed that there’s a higher fraud rate for customers who go to the post office to check their ID document.
So fraud is nothing new in the banking industry. Nobody has eradicated fraud, and nobody will. In fact, many startups (such as DreamQuark) are working on improving fraud detection using machine learning and more sophisticated processes. But even artificial intelligence won’t solve this problem altogether.
All eyes are on N26 because it’s the hot new thing. But if you look at what’s happening, it’s a pretty boring story. “In one of the articles they said we used weaker method to grow faster. This is complete bullshit,” Stalf told me.
This story is a great example that it can be tough to manage your startup’s reputation. Building trust takes a long time. But it can go away much more quickly. That might be why N26 debunked the issue so intensely.
Here’s N26’s full statement:
Security is our top priority at N26, which is why secure identification processes and constant review of our security and monitoring mechanisms to prevent identity theft are of great importance to the company.
After the customer’s identity is verified, we carry out ongoing transaction monitoring along with numerous other security measures, in a bid to prevent criminal activity such as money laundering and terrorist financing.
We therefore take the findings put forward by Wirtschaftswoche very seriously, will analyse the facts and take appropriate measures if necessary.
Contrary to the statement in Wirtschaftswoche, the use of photo verification by N26 is legally compliant. N26 works with a regulated payment service provider, SafeNed, in this regard. SafeNed is a UK business which is authorised and regulated by the UK Financial Conduct Authority (FCA) with regards to the prevention of money laundering and terrorist financing. SafeNed verifies its customers using the Photo Ident process, which is compliant with UK law.
According to the German Money Laundering Act, N26 is allowed to use a third party regulated in the EU, in this case a payment service provider in the UK, for the verification of customers (Section 17 (1) GwG). The respective verification procedure is then determined by the law applicable to the third party (in the above example, therefore, by UK law). This understanding is also confirmed by BaFin in its interpretation and application notes on the German Money Laundering Act (p. 67 et seq.) for customers not resident in Germany.