No financial institution can properly function without KYC (Know-Your-Customer) procedures. It is an essential tool against financial crimes such as money laundering. However, not many people are aware that KYC policies are equally as important to businesses outside the finance sector. In my opinion, every product or service that has the potential of being misused to the point of causing harm to people or institutions must possess KYC procedures.
As the Head of the Risk Management department at Oxylabs, a leading proxy service provider, I have been responsible for safeguarding the most risk-vulnerable areas of business operations. Years of experience in this field have made me a strong advocate for KYC in the proxy market. It is my strong belief that no proxy service provider should operate without a solid KYC, and in this article, I will explain why.
Purpose of KYC
In a broad sense, a KYC policy is a set of company procedures that ensure ethical and responsible use of a given product or service. In its essence, they exist to protect the world at large from misuse by ill-willed individuals.
A company providing products or services that are vulnerable to mistreatment relies on KYC to filter out all potentially damaging use cases. For full protection, the policies should cover all of these angles: client identity verification, client suitability assessment, client intention risk assessment, and detection of harmful activities.
Data from all of the aforementioned angles can be used to check for congruency. Malicious actors will generally have a harder time covering everything properly. In other terms, it’s hard to keep “your story straight” over that many angles.
As such, without KYC, it would be nearly impossible to predict anyone’s intentions, malicious or not. Even well-meaning individuals and businesses can unintentionally use infrastructure or tools in an unacceptable manner. Therefore, any implementation of KYC protects the company and its clients by allowing both to be fully informed about any potential risks or dangers.
KYC procedures are also necessary to protect the market. Ill-intentioned people could use proxies to optimize and improve their ill intentioned workflows and processes. In the end, proxies are just tools like any other.
Prohibited use cases can easily lead to fraud. When proxies are used unethically, perpetrators could use the anonymity provided by proxies (that regular users use to retain their privacy online) to hide themselves from the law. Thus, proxies could potentially augment the damage caused by illegal activities – something that is completely unacceptable.
Also, prohibited proxy use cases may include targeting government websites, register offices, institutional sites. If criminals get their hands on large amounts of proxies, they could perform DDoS (distributed-denial-of-service) attacks at scale, removing access to important services online.
All these reasons should be enough to convince every proxy service provider to implement thorough KYC procedures.
Industry Best Practices
When I began my career as the Head of the Risk Department at Oxylabs, there were no industry best practices. Hence, we took it upon ourselves to discover the best way to approach KYC in our industry. What we have implemented so far has been discovered through trial and error.
All KYC begins with developing business-based rapport with the client. Building a relationship with customers helps in numerous ways – it can both have a direct business benefit and reveal potentially deceitful goals.
Additionally, clients should be informed about the potential of their proxy use being monitored. Proxies have the unintended advantage of providing the ability to clearly track their destination without the ability to know the content of the request. Continually attempting to access a prohibited website would trigger our alerts, creating grounds for a deeper investigation.
However, from our industry experience, basing the relationship on trust rather than suspicion is the way forward. Therefore, we do not manually monitor each incidence of proxy use. Rather, we implemented automated alerts when prohibited targets have been attempted to be reached or other suspicious activity has been initiated.
Finally, if we were to submit each potential client to our thorough KYC procedures, we would need to hire unsustainable amounts of employees. To ease the strain on resources, we have always clearly outlined our prohibited uses and created an acceptable use policy. Throughout the years in the industry, we have noticed that there are plenty of cases where no malicious intentions are involved even if we would consider that proxy use as unethical (e.g. buying up limited supplies for reselling). It is, therefore, easier to resolve such cases before any KYC even begins.
Keeping the market clean requires responsibility from everyone involved. It means that every proxy service provider must have a clearly established KYC and apply them meticulously throughout the entire client journey. Only then we can establish a safe and ethical marketplace where proxies are used to support the market, rather than harm it.