This blog post is part of a series looking at how verification techniques and practice collectively referred to as Know Your Customer (KYC) may help the domain name industry comply with new EU legal obligations. Find the overview here

Know Your Customer (KYC) is used widely across a range of industries to help businesses understand who they are interacting with online.

DNSRF has explored its use within three of them - banking, cryptocurrency, and online dating. Each has unique challenges and tailored approaches that provide useful context and lessons for other industries, including the domain name industry. 

KYC in the Online Dating Industry 

The Online Dating Industry has some regulatory issues it needs to consider but they don’t constrain or define the market itself. Regardless, online dating platforms have chosen to voluntarily implement KYC in order to protect their users from harm, fraud, and exploitation.

In a striking example of how scammers have sought to exploit every form of online activity, the online dating industry has had to deal with an explosion in so-called “romance scams” in recent years where their platforms are used to connect with users, gain their trust, and then pressure or convince them to hand over money. An average of $4,400 has been stolen from individuals by romance scams, according to a recent report.

Much of the industry has responded with KYC measures. The measures vary both in technique and at what point they are introduced. 

Some providers introduce KYC on a voluntary basis from the first point that a user starts on the service i.e. when they sign up. It is Basic KYC, meaning verification at the time of registration, where a user is asked to provide personally identifiable information, including a phone number or email, and that information is verified as working. 

However, some providers also use Enhanced KYC at sign-up, where a user is asked to provide a government-issued ID and/or biometric data to verify their identity. 

That additional check is often reflected within the app itself. Tinder, for example, adds a blue checkmark next to users that have gone through Enhanced KYC checks as a signal to other users that they have been authenticated. 

Tinder has also adopted advanced photo verification where users are asked to take live selfies in specific poses. In the UK, a video call is used to compare the user with the photo they have provided from their passport or driving licence.

According to the BBC, the approach has facilitated more successful matches for users on Tinder, who opt to choose verified profiles.

Similar checks are carried out if other users report someone on the platform as behaving suspiciously or question whether their identity is real. 

There are three main application points for KYC in the Online App industry:

1. At registration. When a user joins, they may be asked to verify their identity i.e. operational validation. It is a voluntary measure for users and only some platforms use it. As mentioned above, a government-issued IDs is asked for which is then verified either by a third party or by asking a user to take a selfie which is then compared to the uploaded ID using facial recognition technology.  
2. When the user logs in. Dating apps, such as Tinder, use 3D Biometric liveness detection software. Others include either a fingerprint scan for logging into the application or face recognition for enhanced security. Users that do so typically receive external validation - a blue tick that other users can see.
3. While using the app. Pattern recognition or machine learning algorithms are used to analyse interactions to help identify potential matches, as well as fraudulent behaviour. If something is spotted, or if other users report suspicious activity on their account or possible false identity, the user in question is asked to verify their identity.
4. When guidelines are broken. Apps like Bumble have a team of moderators that investigate reports of potential fake profiles, catfishing, abuse, or anyone who does not adhere to guidelines, and ban or restrict users who don’t follow community guidelines. A block and report button exists on every profile to make it easy to report potentially fake profiles. In addition, any suspicious profiles are automatically blocked or asked to verify their identity before continuing to use the service. 

Challenges

The dating app industry KYC’s measures are under pressure from the increasing use of AI and chatbots such as ChatGPT.

Adherence to data protection law is essential when carrying out KYC for the Online Dating Industry. Much of the data collected is sensitive information. Dating applications who solicit the services of third parties should subject themselves to strict vetting procedures.

Does it Work?

Despite the industry’s KYC efforts, 67% of dating app users believe that more could be done to improve the safety and operational security of dating platforms.

The online dating industry is not required to use KYC for user verification (unlike other industries) and so it is left to the discretion of each organisation. 

https://www.idenfy.com/blog/kyc-uk/

There is some evidence that KYC has helped the sector manage the number of fake profiles using their services. 

Tinder announced in 2015 that the number of fake profiles and catfishing attempts fell after the dating platform introduced automated phone and SMS verification.

But KYC is not a single solution: the industry has also launched a broad educational campaign to help consumers identify and protect themselves against potential romance scams.

What can the Domain Name Industry learn from the Online Dating Industry?

Due to voluntary adoption of KYC by the industry, different companies have adopted different measures to verify users, which has contributed to a fragmented approach.

Despite the differences, users continue to engage with each platform, providing a sense of diversity and competition, allowing users to choose platforms that meet their preferences while seeing overall market growth.

The platforms have also used a combination of AI, automation and human moderation to verify users, with each platform using these tools differently to achieve the same end goal. 

KYC in the dating app industry adopts a risk-based approach, using user reports to select when to apply more KYC measures. 

By applying KYC selectively rather than universally, platforms can maintain a balance between user experience and security, focusing resources on higher-risk cases while allowing the general user base a smoother onboarding experience. 

The NIS2 Cooperation Group has recommended that the Domain Name Industry adopt a risk-based approach to the verification obligations on them from Article 28 of the NIS2 Directive.

Differences 

There are notable differences between the online dating sector and the domain name environment. 

The scale of risk and harm is potentially far higher with the online dating industry as users’ reason to use the service is to meet with others in person. As such, dating app users expose themselves to real-world risks of stalking, sexual harassment and physical harm.

The DNS registries and registrars also do not operate within a controlled digital eco-system and so are largely not in a position to observe day-to-day behaviour of customers.

Key takeaways

While accepting that there are differences between the DNS and Dating app environments, there are two key insights that can be taken from this comparative case study:

1. Risk-based Approach: Focus resources on flagged users, balancing security with user experience.
2. Layered verification: Identity verification at registration along with a combination of AI, automation, and human oversight enables effective monitoring and response - as well as adherence to data protection principles.

Stay tuned for more KYC insights from other industries.