World consumer rights day falls on 17 March. Here’s what you need to know about “know your customer” procedures and data protection for online transactions.
Online shopping, banking, and digital services have become a part of everyday life, but there are risks such as identity theft and payment fraud. To help avoid these threats, many companies are using “Know Your Customer (KYC)” procedures to verify their consumers’ identity before completing online transactions. Commonly used techniques are two-factor authentication, electronic identification procedures and digital signatures. While these checks can help protect both consumers and companies, they also raise questions about data protection and consumer rights. On World Consumer Rights Day, the European Consumer Centre Ireland sheds light on what consumers should know about KYC and their rights under EU data protection laws.
What Is KYC and why is it used?
KYC is the process of verifying a consumer’s identity before completing an online transaction – such as paying for a purchase online or signing up to a subscription service. It is common for banks and finance services to use KYC but is increasingly used by e-commerce businesses and telecommunications providers. The purpose is to prevent fraud, money laundering, and other illegal activities.
Beyond fraud detection, companies also use KYC to certain payment methods or even have their accounts restricted. Consumers have reported cases to the ECC-Net where repeated complaints or returns have led to account freezes, often without a clear explanation.
Merchants and service providers typically collect personal data, including:
- Name and postal address
- Email address and phone number
- IP address and device type (PC, smartphone, operating system)
- Payment card or bank account details
KYC requirements vary across EU countries
If you need to provide a copy of your identity document, you can use a watermarking tool to overlay personalized text. Marking the copy with a note indicating the purpose (e.g. “This copy is only for verifying my order number xxx with seller xxx”) or a date to clarify the period of validity helps to prevent unauthorized use of personal data.
Tips to help you keep your data safe
- Be cautious with ID requests. Not all companies are legally allowed to request copies of identity documents.
- Ask why your data is needed.
- Check your rights under the General Data Protection Regulation (GDPR).
European Developments: Digital Identity and KYC
The European Digital Identity Wallet, an initiative led by the European Commission, aims to provide EU citizens with a secure, interoperable and data-saving digital identification system across the EU. Consumers can digitally identify themselves and legally sign contracts with the wallet.
This could make online transactions more convenient in the future by eliminating the need for data storage with multiple companies, and consumers can retain full control over their personal data and have the right to challenge decisions based on automated assessments. At the same time, consumers must consider what information they share, for what purpose and with whom. Inadequate safeguards can leave consumers exposed to identity theft and unauthorized use of their data.
If you are in Ireland and the business you have an issue with is also based in Ireland, you should contact the Consumer and Competition Protection Commission (CCPC). More information can be found here The Competition and Consumer Protection Commission.