Identifying Customers

in the Digital EraiSignthis Ltd (ASX:ISX)

September 6th 2016, Card & Payments Conference.

Presented by

Chris MuirChief Legal Officer, iSignthis Ltd (ASX:ISX)

What is identity?

Page 2

The Oxford dictionary defines identity as;

The characteristics determining who or what a person or thing is.

Stanford states that;

“identity” refers to either (a) a social category, defined by membership rules and (alleged) characteristic attributes or expected behaviors, or (b) socially distinguishing features that a person takes a special pride in or views as unchangeable but socially consequential (or (a) and (b) at once).

Why do we care?

Page 3

So you can be sure you

will get paid .

Because you can use card

payments to help with

identification purposes such

as Know Your Customer

checks to meet AML/CFT

regulations.

The card payment cycle

Page 4

Customers Merchant Payment

GatewayProcesso

r

Card

Network

IssuerCard

Network

AcquirerMerchantCustomer

The use and misuse of cards

Page 5

The card landscape

Page 6

126.1

59.7

29

7.32.8 2.2

0

20

40

60

80

100

120

140

Purchase Transactions on Global Cards in 2015 (Bil.)

Visa

MasterCard

UnionPay

Amex

JCB

Diners/Discover

56%

26%

13%

5%

Market Share

Visa

MasterCard

UnionPay

the rest

• 9.5Bn cards on issue, globally

• According to Nilson, 3.5Bn are unique

• McKinsey estimates that 51% of the world’s population is

“banked” – corresponding also to ~3.5Bn persons.

Why Are Cards Useful For Identity Purposes?

Features of payment cards

Page 8

1. The card number and CVV combinations are unique.

2. Payment cards have their own secure network.

3. They are widely adopted and have established rules.

4. People and the banks make an effort to protect their banking details.

5. Payment by card is not anonymous or isolated.

Features of online purchases

Page 9

• They involve at least two, and increasingly three independent networks:

• Online purchases are a rich source of data and meta data.

• Card holder name

• Bank and country of card

• Card type

• Multiple sources of customer location

• Secure payment network

• Internet network

• Cellular network

Identity To Make Sure You Get Paid

Making the card present environment secure

Page

11

SignatureSignature

&

Photo

Tap & GoChip & Pin

How the EU is approaching e-commerce

Page 12

• PSD2 : Article 97 (2) – Strong Customer Authentication:

With regard to the initiation of electronic payment transactions as referred to in point (b) of paragraph 1,

Member States shall ensure that, for electronic remote payment transactions, payment service providers

apply strong customer authentication that includes elements which dynamically link the transaction to a

specific amount and a specific payee.

Article 98 then refers to the EBA’s “Security of Internet Payments” (SecuRE Pay) for cards and wallets.

SecuRE Pay requires:

- identification of the payee (KYC) per s6

- linking the payment instrument to the KYC per s6/7

- linking the KYC + payment instrument to two factor authentication (2FA) per s7

- 2FA comprising one dynamic element or biometrics.

The Payment Service Directive 2 & SecuRE Pay

Page

13

• SecuRePAY

• PSD2

o Both of these are technology neutral

o They are business case neutral

o Some overlapping requirements between SecuREPay and PSD2

o They introduce friction

o Converged technology and user experience is optimal – but does it exist?

o How the EU is approaching e-commerce

The Visa and MasterCard Rules

Page 14

• Cards are susceptible to chargebacks, and need to be included in the business case for operators.

• The Rules generally the EU rules, and provide a “liability shift” regime from merchant back to issuer when

Strong Customer Authentication is used.

• Latest Visa and MasterCard global operating rules also provide a means for chargeback reversal.

• NONE of the above relies upon 3DSecure (VbV/SecureCode/SafeKey etc), but industry incorrectly

assumes they MUST use 3DSecure (as it is incumbent).

• Both Visa and MasterCard allow for technological and business neutral solutions.

• iSignthis provides such an alternative to 3DSecure… under PSD2 and the Visa/MC global operating rules.

Paydentity

Page 15

Identity For Its Own Purpose

What is identity?

Page

17

The Oxford dictionary defines identity as;

The characteristics determining who or what a person or thing is.

Stanford states that;

“identity” refers to either (a) a social category, defined by membership rules and (alleged) characteristic attributes or expected behaviors, or (b) socially distinguishing features that a person takes a special pride in or views as unchangeable but socially consequential (or (a) and (b) at once).

The EU Approach to Establishing Identity

Page 18

• 4AMLD : Article 13 (1) – Customer due diligence measures shall comprise:

(a) identifying the customer and verifying the customer's identity on the basis of documents, data or

information obtained from a reliable and independent source*;

(d) conducting ongoing monitoring of the business relationship including scrutiny of transactions

undertaken throughout the course of that relationship to ensure that the transactions being conducted are

consistent with the obliged entity's knowledge of the customer, the business and risk profile, including where

necessary the source of funds and ensuring that the documents, data or information held are kept up-

to-date.

*excludes ‘self verification’ per ESA ‘Risk Factors’ Guidance.

“Bank Account Verification” (Global)

There are only four legally compliant ways to perform a Know Your Customer (KYC) check. Don’t

get left behind with last century’s solution.

Establishing Identity

Page 19

49%

42%

9%

World Population : Banked / Unbanked / CRA Data

Unbanked Banked CRA Database

What’s the Coverage of these methods?

Page 20

• 49% of the world is not banked * McKinsey

• Corresponding Low ARPU

• Manual processing with no

digital/electronic solution

• 51% of the world is banked *McKinsey

• 9.6Bn Credit/Debit Cards on Issue *Nilsen

• 51% Banked includes 9% CRA Database

coverage

• Corresponding High ARPU

Unbanked – 49%

Unique competitive advantage area.

Currently served by manual processes. No

CRA databases.

Traditional CRA’s and KYC databrokers

compete for limited market size.

CRA Database ~9% coverage

Banked – 51% coverage

Creative ways to identify customers

Page

21

• Biometrics

• Selfies

• Video calls

• Document uploads

• ‘trusted’ source accessing your bank details

Paydentity Verified

Page 22

iSignthis Ltd (ASX : ISX) – What do we do?

Page 23

iSignthis automates AML/CTF KYC & transaction monitoring via its payments and identity

processing platform for traditional and non traditional businesses including:

Australia’s only ASX listed RegTech, with payment processing capability.

• Financial Institutions,

• banks, lending, crowdfunding, pension funds,

• securities / equities,

• FX, CFD, binaries, and futures traders,

• gaming, wagering, betting, casino’s,

• money services businesses,

• payment service providers,

• insurance providers,

• real estate,

• digital currency platforms,

• eWallets,

• FinTech and

• other AML/Patriot Obligated businesses

iSignthis Service Availability

Page 19

• Multiple vendors

• Different vendor mix in each country

• Information fragmentation

• Compliance challenges

• Manual processes, with ‘follow the sun’ localised team normally required.

• High costs

• Long processing delays with complex customer onboarding processes

• High customer abandonment

Existing solutions: a fragmented process iSignthis solutions

Product Strategy

Page 16

iSignthis Ltd (ASX : ISX) – Global, Scaleable Cloud Based Service

• Payment gateway

• Card vault

• Anti Fraud Engine

• Strong Customer

Authentication

• KYCaas (compliance)

• Transaction monitoring

analytics (risk)

• Virtual card issuer

(Q4 2016)

• Card acquiring

Page 26

RegTechFinTech Financial Services