The Hidden Enemy: Fraud in Onboarding Process

According to recent data from the Central Bank of Kenya, fraud losses in the banking sector alone surged to KSh 1.6 billion in 2024, a massive jump from KSh 412 million the previous year. But this number only scratches the surface. When you factor in the hidden costs like reputational damage, lost customers, regulatory fines, and the time spent investigating, the true cost becomes astronomical.

Here’s what makes this crisis even more dangerous: most organizations don’t know they’ve been compromised until it’s too late. That’s because fraud in KYC and KYB operates in the shadows of your onboarding process, the very systems designed to keep fraudsters out.

In this fraud awareness week of 2025, we create for you a roadmap to understanding how fraud happens, who’s doing it, and most importantly, how to stop them in their tracks.

Part 1:

How Fraud Is Conducted in KYC and KYB

KYC Vulnerability Crisis

Know Your Customer (KYC) processes are meant to verify that the person you’re bringing into your organization is who they claim to be. In theory, it’s straightforward. In reality, fraudsters have turned it into some form of rocket science.

Identity Fraud Through Stolen and Forged Documents

Kenyan national IDs are the most frequently targeted identification documents for fraud across Africa. According to a 2023 report, Kenya was ranked as the highest-risk country for ID fraud, with fraud attempts rising from 10% to 17% between January and June 2023 alone. But here’s how it actually works:

A fraudster obtains a stolen or counterfeit national ID—sometimes through data breaches, sometimes through complicit government officials, sometimes through underground networks. They then use this fake or stolen document to open accounts, register SIM cards and more. 

The Real-Life Case That Changed Everything

In 2024, Kenyan police uncovered a massive SIM swap fraud ring operating from Mulot that highlighted the interconnected nature of KYC failures. Fraudsters had stolen over 123,000 national ID card details and used them to register SIM cards. These cards weren’t random acts—they were systematically used to compromise mobile money accounts. The result? Over Sh500 million stolen from Safaricom’s Fuliza overdraft service alone.

What makes this case relevant to your KYC process? These fraudsters didn’t just operate in isolation. Many of them also targeted opportunities, using the same stolen identities to get hired at businesses, banks, and fintech companies. They were able to infiltrate a KYC process, and each one failed, 123,000 times.

Advanced Technology Making It Worse

The fraud landscape has evolved dramatically. According to 2024 data from Sumsub, Africa experienced a 167% surge in identity fraud, with deepfake technology emerging as the new frontier. Fraudsters are now using AI-generated faces, synthetic documents, and hyper-realistic video forgeries to bypass even “modern” KYC systems.

In one shocking incident, deepfake technology was used to impersonate the African Union’s Chairperson. If it can fool international officials, imagine how easily it can fool a busy compliance officer reviewing verification documents on a Monday morning.

The KYB Blind Spot

While KYC focuses on individuals, KYB (Know Your Business) is supposed to verify the legitimacy of corporate entities. The irony? KYB processes are often even weaker than KYC.

Shell Companies and Hidden Ownership Structures

Business verification often stops at checking a company’s registration number and getting a company extract. But what happens when the company registration itself is fraudulent? Or when the Ultimate Beneficial Owner (UBO) is deliberately hidden?

In Nigeria, there have been documented cases of fraudsters registering businesses with identical names to legitimate companies, just with slight variations in spelling. Companies then do business with these imposters, never realizing they’re dealing with sophisticated fraudsters. The impact? Millions lost in goods shipped or services rendered to non-existent entities.

The Challenge in Africa’s Business Environment

Africa has over 54 countries, each with different business registration databases, record-keeping standards, and verification protocols. Some countries have centralized, accessible business registries like Kenya. Others? The records are scattered, outdated, or accessible only through manual, time-consuming processes.

This fragmentation creates ideal conditions for KYB fraud. A fraudster might register a business in a jurisdiction with poor record-keeping, then use that business to set up supply chain relationships with legitimate African companies. By the time the real business emerges, the fraudster is gone, along with millions in payments.

Part 2:

The Profile of Fraudsters in KYC and KYB Checks

Understanding who commits fraud is just as important as understanding how they do it. The profile of an onboarding fraudster might surprise you.

Not All Fraudsters Fit the Stereotype

The Sophisticated Operator

These are the most dangerous. They’re typically well-educated, articulate, and often have legitimate backgrounds. They might be a former accountant, marketer, or IT professional who decided crime was more profitable than compliance.

The sophisticated operator studies the system first. They know exactly which documents are hardest to verify, which processes rely on manual review (where busy humans might miss red flags), and which verifiers are likely to take shortcuts. They often operate in networks, one person handling document forgery, another handling social engineering, another doing the actual onboarding.

In Kenya’s mobile banking fraud crisis, investigators discovered that many of the high-level fraudsters weren’t teenage hackers sitting in internet cafes. They were former telecom employees, former bank staff, and people with insider knowledge of how verification systems work.

The Opportunistic Fraudster

This person isn’t running an elaborate scheme. They simply saw an opportunity and took it. Maybe they’re unemployed and desperate, so when they hear they can buy a fake degree online for Sh3,000, they do it. Or they see an account they can compromise and decide it’s worth the risk.

These fraudsters are numerous but less organized. They might only succeed once or twice before getting caught. But their cumulative impact across thousands of organizations is substantial.

The Syndicate Member

This is perhaps the most important profile for you to understand: the organized fraudster. They’re part of networks, sometimes international ones that have systematized fraud.

The case of the SIM swap ring in Mulot is a perfect example. These weren’t individuals acting alone. They had roles: people who stole identity data, people who managed the SIM cards, people who handled the financial transactions, and people who managed relationships with corrupt officials at telecom companies.

Similarly, credential forgery is increasingly organized. Networks operate diploma mills across multiple countries, coordinate document editing, and have systems for distributing fake credentials across organizations.

Common Fraud Characteristics You Should Know

Motivation: It’s Usually Financial, But Not Always

The majority of onboarding fraudsters are motivated by money. They want to steal from the organization, access credit or loans fraudulently, or commit identity theft against the customers of the organization they infiltrate.

But not always. Sometimes the motivation is access, a fraudster needs to be inside your organization to facilitate another crime. Sometimes it’s revenge, someone with a grudge uses a fake identity to get a position and cause damage from within. In rare cases, it’s espionage, competitors using fraudulent employment to extract your business secrets.

Psychological Factors: Rationalization and Desperation

Research on fraud in organizations reveals that fraudsters rarely see themselves as bad people. They rationalize. “The bank has so much money, they won’t miss this.” “My family is starving and I need this job.” “I’m paying back a loan to dangerous people.”

Desperation is often a factor. Economic hardship, unemployment, gambling debts, or medical emergencies can push someone toward fraud. This is particularly relevant across Africa, where economic pressures on individuals are extreme. The Central Bank of Kenya noted that when unemployment surges or economic crises hit, fraud increases significantly.

Adaptability: They Learn and Evolve

Fraudsters watch what works. If they see that one organization caught someone using document forgery but another organization never did any background checks, they’ll adjust their tactics accordingly.

This is why you’re seeing an explosion in AI-assisted fraud now. Fraudsters see that deepfakes and AI-generated documents are the frontier of fraud, and they’re investing in these technologies. By the time your organization implements defenses against them, the fraudsters have moved on to the next technique.

The Network Effect

Individual fraudsters are dangerous; networks of fraudsters are catastrophic.

These networks share information. They tell each other which companies have weak background checks. They identify which verifiers cut corners. They share technology, from document forgery tools to SIM card registration systems to deepfake generators.

Part 3:

Tips to Identify Fraudulent Cases

Now for the practical part: how do you actually spot fraud in your KYC and KYB processes?

Red Flags in KYC: What Compliance Officers Should Watch For

Document Quality and Inconsistencies

Start with the basics. When someone submits a national ID, is the photo clearly theirs? Has it been edited? (Modern editing is hard to spot but not impossible, look for: lighting inconsistencies, blurred edges, misaligned text, slightly off colors).

Check for inconsistencies between documents. If their passport says they were born in 1990 but their national ID says 1988, that’s a red flag. If the names don’t match exactly, dig deeper. Sometimes it’s legitimate (someone might have legally changed their name), but fraudsters often use small variations.

Behavioral Red Flags

Fraudsters often behave differently during verification:

  • They’re evasive about providing certain information (“I don’t have that document right now”)
  • They’re aggressive or combative when questioned (“Why are you asking me these questions?”)
  • They provide information very quickly, as if rehearsed
  • They refuse certain verification methods (“I won’t do a video call for liveness verification”)
  • They submit multiple applications with slightly different information
  • They use temporary phone numbers or email addresses that get quickly abandoned

Digital and Biometric Red Flags

If you’re using video-based liveness verification, watch for:

  • A rigid, unnatural head movement (someone moving a video of themselves on screen rather than actually being present)
  • Background inconsistencies (the background changes between takes)
  • Lighting that’s clearly coming from an external source aimed at the face (a sign they’re holding a phone or device displaying their image)
  • They refuse to blink on command or show other natural facial movements
  • The “person” has perfect skin with no blemishes or natural variations (sign of AI-generated face or heavy filtering)

Network and Pattern Red Flags

Modern fraud detection uses pattern analysis. Look for:

  • Multiple applications from the same device or IP address with different identities
  • Multiple applications from the same phone number
  • Applications clustering in impossible geographies (someone verifying from Nairobi but then immediately from Lagos)
  • Rapid sequences of applications followed by immediate account access and suspicious activity

Red Flags in KYB: What Every Compliance Officer Needs to Know

The Company That’s Too New

Be suspicious of businesses that were just registered. Legitimate B2B relationships typically happen with established companies. If a brand-new company (registered less than 3 months ago) is suddenly approaching you for a partnership or trying to integrate with your platform, verify extensively.

In Nigeria, fraudsters set up shell companies specifically for short-term schemes. They register, conduct fraud, then the company is abandoned. By the time authorities investigate, the criminals are long gone.

Ownership Structure Red Flags

UBO identification is critical. Red flags include:

  • The UBO is listed at a virtual office address (all business mail goes to a mail handling service)
  • The UBO has no online presence, no LinkedIn profile, no history in the industry
  • The company claims to have UBOs but provides no documentation
  • The UBO names don’t match the company’s operational managers
  • Multiple businesses with different names but the same UBO
  • UBOs that are registered themselves as front companies (a company that’s owned by another company that’s owned by another company, classic money laundering structure)

Document Red Flags for Business Verification

  • Business registration extracts that look photocopied and blurry
  • Certificates of incorporation with unusual formatting
  • Tax identification documents that don’t match the business registry
  • Director identification documents that are clearly edited or poorly scanned
  • Proof of address documents that are generic (not addressed to the specific business location)

Behavioral and Operational Red Flags

  • The company has no actual office—their address is in a residential building or mailbox service
  • They have no employees (according to tax filings) but claim to be a large operation
  • Financial records show irregular, large transactions
  • The company has no website, social media, or online reviews
  • Contact persons are difficult to reach or keep changing
  • The company is registered to multiple business names (common shell company tactic)
  • They’re evasive about their suppliers, customers, or financial structure

Part 4:

The Role of Verifications in Fraud Prevention

At this point, you might be asking: “Doesn’t fraud prevention already exist?” Yes. But it’s not working well enough.

Why Traditional Verification Fails

Manual Verification Is Human

A compliance officer reviewing a KYC application manually is subject to fatigue, bias, and time pressure. If they have 200 applications to review by end of day, they’re not going to scrutinize every detail. They’re looking for the obvious red flags, not the subtle ones that separate sophisticated fraudsters from legitimate users.

This is especially true where many organizations still rely heavily on manual processes. A background check that requires physically calling five different institutions across different countries? That’s not happening consistently.

Incomplete Databases Create Gaps

One of the biggest vulnerabilities in African verification is incomplete data. Many African institutions, from universities to government agencies to business registries, don’t have centralized digital databases that can be accessed instantly.

What Modern Verification Can Do

Real-Time Database Checks

Modern KYC systems integrate with government databases to verify identity documents in real-time. In Kenya, for example, they check against the national ID database. They can immediately confirm whether an ID number exists and whether it matches the photo.

Similarly, real-time business verification can check company registrations, tax records, and director information instantly.

Read more: Peleza Real time KYC and KYB verifications

Biometric Verification Beyond the Selfie

Liveness detection has evolved dramatically. Modern systems use behavioral biometrics, analyzing not just the face but:

  • How the face moves (fraudsters using videos or masks have different movement patterns)
  • Micro-expressions (AI-generated faces struggle with these)
  • Response times (how quickly someone blinks or moves their eyes)
  • Behavioral patterns (people have individual ways of moving)

These aren’t foolproof, but they’re significantly harder to fake than a simple photo match.

AI-Powered Anomaly Detection

Machine learning systems can identify patterns that humans miss. They can detect:

  • Multiple applications clustering from the same device across different identities
  • Applications from the same network (WiFi) but different devices
  • Geographical impossibilities (someone in Lagos one minute, in Nairobi the next)
  • Inconsistencies in data patterns
  • Documents that match known forgery templates

Continuous Monitoring

Fraud doesn’t end at onboarding. Modern verification involves ongoing monitoring. If an employee’s credit profile suddenly shows they’ve taken out huge loans, that’s a flag. If a business partner’s financial records suddenly show suspicious transactions, that’s a flag.

The Central Bank’s recommendation to Kenyan financial institutions has been exactly this: move from one-time verification to continuous monitoring of customer behavior and background.

Part 5:

How Peleza KYC and KYB Prevent Fraud

This is where the practical solution comes in. Peleza’s verification platform is specifically designed to address the fraud challenges we’ve discussed throughout this post.

For Customer Onboarding (KYC): Real Protection Against Identity Fraud

Multi-Layer Identity Verification

Peleza’s KYC process doesn’t stop at document verification. It combines Document Verification with real-time checks against government ID databases across Africa, ensuring the document exists and genuine and hasn’t been altered.

For Business Onboarding (KYB): Corporate Verification That Works

Comprehensive Business Verification

Peleza’s KYB process includes:

  1. Business Registry Verification: Real-time checks against official business registrations.
  2. UBO Identification: Not just identifying who owns the business on paper, but actual beneficial ownership identification. The system identifies shell companies and complex layered ownership structures designed to hide true ownership.
  3. Financial Verification: Checking tax registry and bank account verification to identify businesses that are financial shells used for fraud.
  4. Sanctions and Watchlist Screening: Checking against international PEP (Politically Exposed Persons) lists and sanctions lists to identify high-risk business owners.

Peleza Integration Into Your Existing Systems

Peleza works within your existing onboarding workflow. Integration with KYC platforms and AML systems means verification happens automatically

Part 6:

Building a Fraud-Resistant Organization

Understanding fraud and having verification tools is just the beginning. Building a truly fraud-resistant organization requires a comprehensive approach.

Creating the Right Culture

Tone at the Top

Your organization’s leadership must be visibly committed to fraud prevention. This doesn’t mean paranoia or mistrust, it means treating verification as a core business function, not a compliance checkbox.

When executives visibly champion proper verification processes, when they reward employees who catch fraud, when they make time in meetings to discuss fraud prevention, the entire organization takes it seriously.

Training and Awareness

The ACFE Fraud Prevention Check-Up emphasizes that organizations need ongoing anti-fraud training for all employees. Not just compliance officers, but everyone.

Your HR team needs to understand what credential fraud looks like. Your finance team needs to understand what business fraud red flags are. Your customer service team needs to understand what behavioral red flags might indicate account takeover.

Ethical Workplace Environment

The ACFE research is clear: organizations with strong ethical cultures have significantly less fraud. This means:

  • Clear codes of conduct
  • Whistleblower mechanisms that actually protect people who report fraud
  • Open-door policies where employees can discuss concerns
  • Reasonable goal-setting (pressure to hit unrealistic targets drives fraud)
  • Fair treatment and respect for employees

Implementing Verification Throughout the Organization

Multi-Layer Approach

Don’t rely on any single verification method. Use multiple layers:

  1. Document Verification: Check that documents are real
  2. Biometric Verification: Confirm the person matches the documents
  3. Database Checks: Verify information against official records
  4. Behavioral Analysis: Monitor for suspicious patterns
  5. Continuous Monitoring: Ongoing checks after onboarding

Peleza Integration Points

  • Customer Onboarding: Use Peleza’s KYC for customer verification with real-time ID checks.
  • Business Partnerships: Use Peleza’s KYB for vendor, supplier, and partner verification
  • Employee Hiring: Use Peleza’s background checks for credential and criminal record verification

Regular Audits

The ACFE recommends regular fraud risk assessments and process testing. This means:

  • Periodic review of your verification processes for gaps
  • Testing to ensure verification systems are actually working as intended
  • Regular update to your fraud risk assessment as new fraud techniques emerge
  • Benchmarking against industry best practices

Responding When Fraud Is Detected

Investigation Protocol

When you detect fraud, have a plan:

  1. Immediate containment: Revoke access, freeze accounts, secure evidence
  2. Investigation: Determine the scope—was this one person or a network? Was it isolated to one area or organization-wide?
  3. Notification: Inform affected customers, regulatory bodies if required, insurance carriers
  4. Remediation: Fix the processes that allowed the fraud to happen
  5. Prosecution: Work with authorities to prosecute fraudsters

Learning from Each Incident

Every fraud case is an opportunity to strengthen your processes. Ask:

  • What gap in verification allowed this?
  • What behavioral red flags did we miss?
  • How can we improve our processes to prevent this in the future?
  • Should our training be updated?

Conclusion: Your Action Plan Starting Today

If you’re a compliance officer or HR professional reading this, here’s what you should do right now:

Today:

  1. Assess your current verification processes: Are you using real-time database checks? Are you doing liveness detection? Are you conducting continuous monitoring?
  2. Identify your vulnerabilities: Look back at the red flags we discussed. How many of them would your current processes catch?
  3. Calculate your fraud risk: What’s the potential impact if someone with forged credentials got into your organization? If you onboarded a fraudulent business partner? If identity fraud compromised your customers?

This Week:

  1. Meet with your team: Discuss fraud prevention and verification gaps openly
  2. Review recent hires and partnerships: Were proper verifications conducted?
  3. Schedule a fraud risk assessment: Either internally or with external experts
  4. Research verification solutions: Compare what’s available. Ask specifically about real-time database access, biometric capabilities, and continuous monitoring.

This Month:

  1. Implement at least one additional verification layer: If you’re not doing biometric verification, add it. If you’re not doing continuous monitoring, start it.
  2. Update your training: Ensure all staff understand fraud prevention
  3. Establish clear escalation procedures: When red flags are detected, what happens next?
  4. Consider Peleza: Evaluate how Peleza’s integrated KYC, KYB, and background check platform could strengthen your organization

The Bottom Line

Fraud in KYC, KYB, and background checks is costing organizations billions. But it’s preventable.

The organizations that are winning the fraud battle aren’t the paranoid ones that verify everything obsessively (though that’s not bad). They’re the smart ones that have built verification into their core processes, use technology to automate detection, maintain vigilant ongoing monitoring, and create organizational cultures where fraud is actively discouraged.

Fraud is no longer something that happens to other organizations. It’s happening everywhere. The only question is whether you’ll be caught flat-footed, or whether you’ll be protected like smart organizations that deployed comprehensive verification.

The cost of verification is far lower than the cost of fraud. The peace of mind is invaluable.

Start today. Your organization’s reputation depends on it.

 

About Peleza

Peleza provides integrated KYC, KYB, and background check solutions specifically designed for African markets. With real-time access to both government and private databases, Peleza helps organizations build fraud-resistant systems.

Whether you’re a fintech platform protecting customer accounts, a bank ensuring compliance, a business protecting your supply chain, or an HR team ensuring you hire qualified people, Peleza’s verification’s has the tools you need.

Learn more at peleza.com or request a consultation with our KYC specialists.