I hope you get value out of this blog post.

If you want to see how you can communicate value to your clients, schedule a demo here. click here.

How to Check Your Client’s Identity (Against AI Technology)

Date: October 4, 2023

The data is clear:

According to a study by Sophos, 94% of cybersecurity and IT leaders across 14 countries encountered a cyberattack or security breach in 2022.

But there’s a looming concern we, as an industry, need to address head-on: The rapid advancement of AI's ability to create deepfakes.

Financial advisors, it's time for a crucial conversation about robust verification processes. This isn't just about adapting — it's about safeguarding our industry’s future.

The Scenario We Can't Ignore:

Before diving into the intricacies of the topic, take a moment to watch this video where Leonardo DiCaprio stands on stage.

But the voice (or voices) you would hear after a few seconds won’t be his:

They’re deepfake voices of various popular individuals created using Eleven Labs' AI voice cloning technology.

It's a stark reminder of the capabilities of AI and the potential dangers we face in a world where seeing and hearing might not always equate to believing.

Now imagine this:

You receive a call from a client instructing you to wire $50,000 to a specified account. The voice on the other end sounds exactly like your client, but how can you be sure?

With AI technology, voices can be mimicked to a tee — the same goes for video. Although live video is somewhat safer for now, the pace at which AI is advancing makes it a shaky reliance.

In the scenario painted, the risk of acting on a fraudulent request could result in significant financial loss and damage to your professional reputation.

The good news? There are several strategies and tools at your disposal to fortify the verification process.

The Solution: A Composite Verification Framework

We must consider a composite verification approach, integrating multiple methods to add layers of security.

This multi-faceted approach significantly minimizes the risks associated with fraudulent requests and unauthorized transactions.

Here’s a guide on how you can establish a composite verification framework:

Step 1: Integration of Multiple Verification Methods

Integrating a variety of verification methods enriches the security tapestry of your transaction processes:

Traditional methods like secret phrases and client callbacks add a personalized touch to security — nurturing trust and ease of interaction between you and your clients.
Modern technological solutions like MFA and biometric verification infuse a layer of robust security, making it exceedingly challenging for fraudsters to penetrate.

Additionally, transaction safeguards such as OTP and PIN act as robust barriers to unauthorized transactions, ensuring that only authenticated requests are processed.

Step 2: Customization

Tailoring the verification process to match the individual needs and technological adeptness of each client is crucial.

It's about striking a fine balance between maintaining high-security standards and providing a user-friendly experience.

Every client’s comfort level with technology and their preference for verification methods may vary.

This shows a level of understanding and a client-centric approach, which not only enhances the security but also enriches the client-advisor relationship.

Step 3: Education and Training

The success of a mixed verification framework largely depends on how well your clients and staff know the different verification methods used.

It's important to teach your clients why each method matters and how they all work together to make transactions safe.

Similarly, regular training for your staff keeps them updated on any new methods. This helps them handle the verification process smoothly and securely.

Step 4: Continuous Monitoring and Improvement

It's crucial to have a mechanism in place for continuous monitoring of the verification framework to identify any weaknesses or areas for improvement.

Staying updated on emerging verification technologies and adapting your framework to address new challenges is essential.

In addition, gathering feedback from clients and staff can provide invaluable insights into how the verification process can be refined for better security and user experience.

Traditional Verification Methods - Oldies but Goodies

Reverting to traditional verification methods may feel like taking a step back, yet, they offer a layer of simplicity and a personal touch in the verification process.

Sometimes, a touch of the old in our strategy can offer security and simplicity:

Secret Word/Phrase

A secret word or phrase is a predetermined set of unique words shared between you and your client.

This arrangement adds a layer of security to your interactions, ensuring that the person you are communicating with is indeed your client.

The mechanism is straightforward:

Upon establishing a relationship with a client, you agree on a unique word or phrase that will be used in future communications to verify identity.

Whenever your client initiates a transaction request, they are required to provide this secret word or phrase. This acts as a verbal handshake, affirming their identity.

⚙️ How to implement:

Discussion and agreement: Have a discussion with your client to explain the importance of this security measure. Together, agree on a unique word or phrase that is easy to remember for them but hard for others to guess.
Documentation: Document this agreed word/phrase securely within your client’s profile in your system.
Usage: Ensure that every time a transaction request is made, especially over the phone, the secret word or phrase is requested and matched against the recorded one, since you’re already doing it on the phone.
Training: Train your staff, if you have any, to adhere to this protocol diligently, making them aware of the risks involved with AI-generated fraudulent requests.
Review and update: Periodically review this method with your client, and update the secret word or phrase if necessary, to maintain a high level of security.

⚠️ Note: If your client relationship system is compromised or hacked, alert your clients immediately and let them know that all previous transactions as well as verbal keys are off. You also need to meet with your clients as soon as possible to establish a new setup.

Client Callbacks

The premise is simple:

Whenever you receive a transaction request, especially one that seems unusual or comes through a less secure channel, you initiate a callback to your client using the contact information on file.

This step provides an additional layer of verification, ensuring the request is legitimate.

⚙️ How to implement:

Gather and verify contact information: At the outset of your client relationship, collect multiple pieces of contact information (e.g., mobile number, home number, work number). Verify this information at the beginning and periodically throughout the relationship.
Educate your client: Explain to your client the importance of the callback procedure in protecting their assets. Make them aware that you will only use the verified contact information on file for callbacks.
Establish a protocol: Create a standard procedure for initiating callbacks, including when they are necessary, who will perform them, and how they will be documented.
Staff training: Train your staff on the callback protocol, emphasizing its importance in fraud prevention.
Secure documentation: Document each callback securely, noting the date, time, and outcome of the verification.
Regular updates: Encourage your client to inform you of any changes in their contact information. Update the client’s profile in your system as soon as any changes are communicated.

Tech Solutions - Embracing the New

Employing technological solutions not only modernizes your verification process but also adds layers of security that are tough for fraudsters to penetrate.

Multi-Factor Authentication

MFA is a security measure that requires users to provide two or more forms of identification before they can access a particular resource, like an account or a system.

This method is highly effective in reducing the risk of fraud, as it requires evidence from multiple categories of credentials.

Here’s how it works:

Information that you know: This might be a passphrase, a numerical code, or a response to a "confidential query."
An item in your possession: Typically, this is a tangible object like a mobile phone, authentication token, or digital card.
An aspect of your identity: This includes biometric data such as thumbprints or face scans.

A user must successfully present credentials from at least two of these categories to gain access or complete a transaction.

⚙️ How to implement:

Choose an MFA solution: There are various MFA solutions available in the market. Choose one that aligns with your operational needs and your clients' technical capabilities.
Educate your clients: Inform your clients about the importance of MFA in safeguarding their financial assets. Provide clear instructions on how they will interact with the MFA system.
Set up MFA: Configure the MFA solution according to the provider’s instructions. Ensure that it’s set up to require authentication for high-stake transactions or sensitive operations.
Test the system: Before rolling it out, test the system to ensure it operates correctly and resolves any issues that arise during testing.
Rollout: Initiate a phased rollout of the MFA solution to your clients. Monitor for any issues, and provide support to clients as they acclimate to the new verification process.
Regular reviews: Periodically review the effectiveness of the MFA system and make necessary adjustments to ensure it continues to provide robust security.

Biometric Verification

Biometric Verification is a security measure that uses unique biological or behavioral traits to verify an individual’s identity.

It's a reliable method of ensuring that the person you're interacting with is indeed your client, significantly minimizing the risks associated with AI-generated fraudulent requests.

Here’s how it works:

Biological traits: These include fingerprints, facial recognition, and iris or retina scanning.
Behavioral traits: These encompass signature analysis and keystroke dynamics.

⚠️ Note: Voice recognition wouldn't work if we’re talking about AI that can copy voices (which may advance even further in the future).

The system captures and stores a digital representation of a person’s unique trait, which is then used for future verification.

⚙️ How to implement:

Select a biometric system: Choose a biometric system that aligns with your operational needs, ensuring it complies with privacy laws and regulations.
Educate your clients: Communicate the benefits and procedures of biometric verification to your clients, ensuring they are comfortable with the chosen method.
Enrollment: Register your clients’ biometric data in the system, following the provider’s instructions for capturing and storing data securely.
Testing: Test the system with a small group of clients to ensure accuracy and efficiency before a full rollout.
Rollout: Implement biometric verification for all clients, providing necessary support during the transition.
Continuous monitoring: Regularly monitor the system’s performance, addressing any issues promptly and ensuring it remains compliant with evolving privacy regulations.

Biometric verification is a robust method for client authentication, but it may be best suited for larger firms with the means to implement and uphold it.

Smaller businesses should consider their operational needs and capabilities before adopting this technology.

Secure Video Conferencing

You might already be doing this through Skype, Zoom, or a similar platform.

But secure video conferencing is a method that allows you to conduct face-to-face meetings with your clients, regardless of geographical distance.

Platforms use end-to-end encryption to protect the data transmitted during a video call, ensuring that only the intended recipients can view the information.

⚙️ How to implement:

Select a secure platform: Choose a video conferencing platform known for robust security features, including end-to-end encryption and user authentication.
Educate your clients: Inform your clients about the secure video conferencing tool, explaining the benefits of visual confirmation and secure communication channels.
Training: Train your clients and staff on how to use the platform, emphasizing the security features it offers.
Test the system: Conduct test meetings to ensure the system operates correctly, and that your clients and staff feel comfortable using it.
Implement usage protocols: Establish when and how secure video conferencing will be used for client meetings and transaction verifications.
Continuous review: Regularly review the effectiveness and security of the video conferencing platform, staying updated on any new features or updates that could enhance security.

By implementing secure video conferencing, you offer a human-centric, visually verifiable method of interaction, enhancing trust and communication security in your client relationships.

AI-Driven Fraud Detection

Fight fire with fire. 🔥

As AI technologies advance, they not only pose challenges but also provide solutions — AI-driven fraud detection is one such solution.

This innovative approach can be a game-changer in ensuring the authenticity of requests from clients, especially in the financial sector.

Here’s how it works:

Anomaly detection: AI algorithms analyze vast amounts of transaction data to learn what constitutes normal behavior for each client. Any deviation from the norm is flagged as potential fraud.
Predictive analysis: By analyzing historical data, AI can predict fraudulent transactions before they occur, based on identified patterns associated with fraud.
Natural Language Processing (NLP): AI can analyze communication and detect unusual patterns or inconsistencies in language that may indicate fraud.
Machine learning: Over time, the AI system improves its accuracy by continuously learning from new data, making the fraud detection process more effective.

⚙️ In terms of implementation:

It might be prudent to consult with established financial institutions such as Schwab or Fidelity or with your broker-dealer.

Understanding what technologies they're utilizing can provide a clearer picture of industry standards and best practices.

If direct implementation isn't feasible, it's essential to ask these institutions about their approach and how they're handling AI-driven fraud detection.

Employing AI-driven fraud detection enables a proactive approach towards identifying and thwarting fraudulent attempts.

This tech-savvy solution, when integrated with other verification methods, forms a robust defense against the sophisticated fraud attempts enabled by advancing AI technology.

Setting up Transaction Safeguards

In the financial sector, we need to set up safety nets:

Transaction Limitations

Transaction limitations act as a financial safety net, ensuring that transactions above a certain threshold are flagged for additional verification.

How it works is that you and your client set a cap on the transaction amount that requires additional authentication for any transactions that exceed the predetermined limit.

This way, large transactions do not proceed without explicit approval, providing an opportunity to verify the client’s identity and the legitimacy of the request.

Naturally, this works well with secret words/phrases. You can establish another secret word/phrase for verifying large amounts or transactions.

⚙️ How to implement:

Determine limits: Establish reasonable transaction limits based on the nature of your business and the financial profiles of your clients.
Client consultation: Consult with your clients to ensure they understand and agree with the transaction limitations set.
System configuration: Configure your transaction systems to enforce these limits, flagging or holding transactions that exceed them.
Staff training: Educate your staff on the procedure for handling flagged transactions, ensuring they understand the importance of additional verification.
Regular review: Periodically review and adjust transaction limits to reflect changes in client financial profiles or business operations.
Client communication: Keep your clients informed about any changes in transaction limitations and the benefits of such safeguards.

One-Time Passcodes (OTP)

One-Time Passcodes add an extra layer of security by requiring a temporary code for transaction authorization.

How it works is that when a transaction is initiated, a unique, time-sensitive code is sent to the client via SMS or email.

The client must provide this code to proceed with the transaction, ensuring that only authorized individuals can complete transactions.

⚙️ How to implement:

Choose an OTP solution: Select a reliable OTP solution that integrates well with your existing systems.
Client education: Educate your clients on the new procedure, explaining how OTPs contribute to securing their transactions.
System integration: Integrate the OTP solution with your transaction systems, ensuring seamless operation.
Testing: Conduct thorough testing to ensure the OTP system works accurately and resolves any issues that arise.
Staff training: Train your staff on the OTP procedure, ensuring they understand when and how to use it for transaction verification.
Client support: Provide support to clients as they adapt to the new OTP procedure, addressing any concerns or questions they may have.

Email Confirmation

Email confirmation is a simple yet effective measure to verify transactions

It provides an additional layer of security by requiring confirmation through a known email address before proceeding with a transaction.

Here’s how it works:

When a transaction is initiated, an email is sent to the client’s registered email address with the transaction details and a confirmation link or code.

The transaction will only proceed once the client confirms it via email.

⚙️ How to implement:

Email verification: Ensure that you have verified and updated email addresses for all your clients.
System setup: Set up your transaction system to automatically send confirmation emails for certain transactions, such as those exceeding a specified amount.
Client education: Inform your clients about the email confirmation process, explaining the importance of checking their email and responding promptly to confirmation requests.
Staff training: Train your staff to handle scenarios where clients report not receiving a confirmation email, or where email confirmations are not received in a timely manner.
Monitoring: Monitor the effectiveness of email confirmations, adjusting the system setup as needed to ensure it serves as a reliable verification method.
Regular review: Periodically review the process to address any emerging challenges and ensure that it continues to provide a valuable layer of security.

Personal Identification Number (PIN)

A Personal Identification Number (PIN) is a numerical code set by the client that serves as a secret identifier, adding a layer of security to transactions.

Clients set a unique PIN which is then required to authorize transactions. This additional step ensures that only authorized individuals can initiate or approve transactions.

⚙️ How to implement:

PIN setup: Provide a secure method for clients to set up their PIN, ensuring that it is stored securely within your systems.
Client education: Inform your clients about the importance of keeping their PINs confidential and the role of PINs in securing their transactions.
System configuration: Configure your systems to prompt for a PIN when necessary, such as for transactions over a certain amount or other specified conditions.
Staff training: Train your staff on the procedures surrounding PIN verification, ensuring they understand when and how to prompt clients for their PINs.
Monitoring: Monitor the effectiveness and security of the PIN verification process, addressing any issues promptly to maintain a high level of security.
Regular review: Periodically review and update the PIN verification process to address any emerging security concerns and ensure it remains a reliable method of verification.

Safeguarding Financial Transactions

It's clear:

We, as an industry, need to be proactive, precise, and consistent. Financial advisors and professionals must adopt a proactive approach to counter these challenges.

By integrating traditional methods with cutting-edge technology, we can ensure a more secure and trustworthy financial environment for all stakeholders.

It’s evident that precision, consistency, and the right tools are paramount. Pulse360 stands out as a game-changer in this realm.

Consider the variety of plans tailored to every need:

Essential AI: For simpler practices at just $25 per user/month. Ideal if you're keen on leveraging the AI Writer for quick email agendas and summaries.
Pro Plan: Our most popular choice for growing practices at $49 for the first user/month. This includes all features, even AI, with additional users at $29 per user/month.
Ultimate: For those looking to transform their practice at $99 for the first user/month. Get our comprehensive support and transform your client experience with Pulse360.
Team Plan: Designed for teams with 5+ users at $175/month, inclusive of 5 users. This plan encompasses all the Pro Plan features, including AI.

In the evolving landscape of financial advisory, why remain stagnant? Streamline communications, document with ease, and capture every client nuance.

Dive into the future of financial advisory. Choose Pulse360 and witness the transformation.

Get Pulse360

Follow @Pulse360

Start Saving Time

Show Prospects
Your Value

Download customizable advisor services graphic to show clients and prospects what you do.

And for advisor insights, opinions (and maybe a little bit of humor!) delivered direct to your inbox.

About Us

You can be 50% more productive. That's what we believe in and what we are about.

With two decades of experience doing what you do every day, our founder, Anand decided to build automation technology for financial advisors like you.

See Yourself

Videos

Efficiencies

Comics

Webinar Replay: Consistently Deliver High-touch Client Experience

Webinar Replay: Let Your Clients Know that You Have a Pulse on What Matters to Them

Webinar Replay: Website Analytics for Financial Advisors

Webinar Replay: How Michael Saved 40-minutes Per Client Communications

Financial Advisor Meeting Checklist: Maximizing Efficiency

Time Blocking Techniques: A Guide for Financial Advisors

Financial Advisor Value Statements: A Key to Client Relationships

How to Mitigate Transference and Countertransference Issues