Photo by Yash Bindra on Unsplash.
“Know Your Customer,” or ‘KYC,’ is derived from corporate-speak found in typical financial regulations that can hit a nerve in the crypto and wider blockchain ecosystem.
While cryptocurrencies are taking a much more mainstream role in finance -- with companies like Visa opening crypto positions -- many early adopters are rigorously private people who want an alternative to centralized data collection systems.
But as the debates continue in the crypto space, the real issue that the average user faces is online risk — fraud, account takeover attacks (ATOs), stolen credentials, and stolen identities.
The Poly Network incident, for instance, resulted in the theft of $600 million in crypto assets. Even Coinbase, one of the oldest players in this space, has had at least one hack resulting in the theft of assets from thousands of customers.
People cannot wait for a civil debate to finish.
Consumers need immediate solutions. Having a way for them to secure their digital identities and prove who they are is essential.
Many crypto companies have already implemented KYC in response to these issues. Crypto exchanges including Gemini, Kraken and Bitstamp require varying levels of user or identity verification to activate accounts and conduct trades.
While not all exchanges require KYC information, the trend is increasingly heading in that direction across the crypto industry especially when companies like Binance are made examples by regulators. As this trend continues, the more pragmatic question is not if but how to properly implement some form of user identity verification in a responsible way.
Companies that inform their customers about how data is collected, used, and stored transparently will build trust with users.
With all of this said, there are still several myths out there surrounding KYC that are barriers to a more productive conversation. It's important for both companies and individuals to tackle concerns about privacy, facial recognition, and increased inconvenience (friction) that are associated with identity verification and KYC.
One of the most common customer complaints about KYC is that they represent an invasion of privacy. In reality, it is the same process as a physical bank requesting official ID and proof of address documents to open an account.
This helps businesses to verify users' identities and prevent fraud. When it comes to KYC, businesses only need to gather enough data to verify a customer's identity and many cases businesses would rather not store this data because of the growing liability and costs of securing it. Instead, many will use utilize privacy-enhancing technologies and third-party identity verification providers.
While outsourcing to third-party service providers for KYC may seem like a risk, it's actually a good way to preserve users' privacy.
With a third-party KYC solution, personal information is separated from the databases of the company a consumer is doing business with.
The identity verification provider also doesn't know what users are verifying their identities for and has no other data points, such as usage behaviour within the service. This separation provides consumers with a degree of privacy and next-generation identity verification services that provide online KYC are focused only on this type of service.
It's also worth noting that other identity verification solutions are far more invasive than KYC. Single Sign On (SSO), for instance, allows a single provider to see all of the applications a user is signing into. The most popular SSO solutions, like Facebook and Google, have used this to gather data on users' activities while using those applications because these business models are based on advertising, and not identity verification.
SSO can also carry significant security risks if credentials are ever compromised. Overall, KYC offers more privacy and security while eliminating the concern of excessive data collection.
Companies and individuals need to get over the mindset that using a Facebook or Google SSO is a worthwhile convenience to give privacy away for and recognize that taking a photo of your ID and a video-selfie does not even require that trade-off.
Understandably, many consumers increasingly distrust mass surveillance. For this reason, there's a very understandable resistance to solutions with facial recognition technology, which modern KYC solutions use. Facial recognition for identity verification is far less nefarious than most users think.
While mass surveillance use of facial recognition is a very real concern, the use case for financial technology companies is quite different. In this context, the algorithms used for facial matching are put to the much narrower use of matching a user's face in a camera selfie to a submitted photo ID.
This kind of biometric approach to KYC enhances security because it is difficult to fake biometrics, especially video, reducing the chances that a user's account can taken over.
More than 75 percent of Millennial consumers report high levels of satisfaction with facial recognition authentication when doing business with FinTech companies.
Forward-thinking crypto companies will take a note from companies like Apple, which uses Face ID for hands-free biometric authentication.
Many neobanks already require customers to confirm transactions over a certain value, such as with a Fingerprint or Face ID. Quick biometric authentication takes a customer a few seconds and can stop a fraudster from transferring funds after stealing account credentials.
Despite these facts, it's still extremely important for cryptocurrency companies to make responsible use of facial recognition. The more important question to ask — for businesses and individuals — is which companies are being used for facial recognition.
For example, is a company using the top-ranked facial matching providers by NIST for accuracy? Specialized providers are focused on performance and do not suffer from the same conflict of interest that platforms with businesses models that are based on selling user data and advertising have.
A final myth about online safety is that more steps equals more safe. We are all familiar with overly complex, difficult security measures online. Security questions, for instance, seem reassuring until the answers are forgotten.
Security questions stop legitimate users and are still just a text-based string for a hacker. In contrast, providing a video selfie is easy for an account owner to provide — providing a face match and proof they are not fake because they are moving — but difficult for a fraudster or bot to fake.
In fact, most consumers already interact with KYC and online security systems every day without even realizing it. Online payment processors like Stripe and PayPal, for instance, offer secure transactions to remove both the hassle and inherent risk of entering credit card information for every payment for every online store.
They add security through features that might include transaction authorizations or behavioral monitoring to detect anomalous activity. This is just one example of how using the latest technologies can improve security measures and convenience.
In fact, safe KYC systems can be easy and convenient, improving the consumer experience. As facial recognition has improved, it becomes a more viable alternative to knowledge-based authentication methods (passwords), especially when account credentials can be given away with phishing attacks.
Biometrics offer a convenient way for people to verify their identities, even when there is data theft. When implemented correctly, solutions designed to increase safety can enhance the consumer experience, rather than detract from it.
With fraud on the rise, individuals need to be ever more mindful of how and to whom they give their personal information online. This means individuals need to educate them themselves on modern digital security and learning what technologies truly protect their privacy.
With so many cryptocurrency companies on the market today, choosing a service provider that is transparent about why and how they collect your information is more important than going for the company that collects no information. Consumers must be careful to select one that looks out for both their security and privacy at the same time.
On the business side of the equation, a shift from a reactive approach to a proactive one is needed. Reacting to changes in regulation is too late. Instead, it's important to begin thinking of secure and responsible ways to identify your customers without compromising their privacy and avoid being the type of company that ends up in the news for a scandal. If you're looking for ways to implement KYC in a customer-friendly way, learn more about the identity verifications Passbase provides.