Choosing KYC and Privacy on the Blockchain

What is KYC?

Know your Customer (KYC) refers to information and processes used to verify an individual’s identity. Many businesses and financial institutions require KYC for their customers. The KYC process is designed to prevent criminal activity including terrorism, narcotics trafficking, and weapons dealing.

While well established in the banking industry, KYC rules continue to evolve within the blockchain and cryptocurrency ecosystems. Centralized exchanges and crypto-to-fiat services are typically required to collect identifying information about customers (depending on the countries where they operate), while decentralized exchanges like Uniswap are not required to do so.

Some applications outside of exchanges use strict KYC, while many others have no KYC process at all. Currently, these decisions are made by individual applications and blockchain-based businesses as they weigh the potential risks and benefits.

The benefits of KYC can include preventing illegal activity, complying with wide-ranging regulations, and increasing security and safety of an application. The risks of KYC include a loss of basic privacy, the potential for surveillance or misuse of information, and possible inconvenience and extra costs for projects and users.

zkBob KYC

To balance the benefits and risks, zkBob is taking a pro-active approach to KYC with the optional KYC feature. This approach respects individual financial privacy while preventing illegal activity by limiting large anonymous transfers. Individual users can decide if they would like to do the KYC process to access larger single and daily deposit limits. If they decide not to, they can still transfer some funds privately but with stricter limits in place.

The following overview covers some KYC providers the zkBob team explored for KYC before landing on our current integration with the KnowYourCat protocol.

Choosing a KYC provider

Choosing a KYC provider and process is a difficult task. KYC can be done in-house, but this requires additional procedures and dedicated and secure data storage for highly sensitive information.

It is expensive and time consuming, and most smaller projects don’t have the time, resources or expertise to build out a KYC process. For these reasons, it is better to outsource to a dedicated provider.

Top 5 Traditional KYC providers

There are many well established KYC providers who offer various services and costs. Traditional providers are well establisehd, and while they are incorporating many new methods such as AI and biometric data, their services are often expensive and designed for more corporate structures.

These organizations are ideal for large projects such as centralized exchanges and banks/on-ramp providers. A few examples include:

1. Experian provides a range of identity verification and KYC services including identity document verification, biometric authentication, and risk assessment tools.
2. Thomson Reuters focuses on businesses use cases. Services include customer due diligence, identity verification, risk screening, and compliance management.
3. Jumio offers modern methods for identity verification using AI and biometric technology. Their solutions include document verification, facial recognition, and liveness detection.
4. Trulioo is positioned as a global identity verification platform relying on multiple data sources to verify identities from around the world. They offer solutions for KYC compliance, AML compliance, and fraud prevention.
5. Onfido offers AI-powered identity verification and KYC solutions. Their platform combines document verification, facial biometrics, and fraud detection algorithms to verify user identities.

Blockchain KYC providers

Identity verification to prevent fraud and illegal activity is becoming increasingly important on the blockchain, and many new KYC methods are in development to account for this need.

Some projects are using Soulbound tokens, which are unique, untradeable NFTs, as a way to store KYC information for an address. Others are exploring methods to create a verifiable digital identity that does not include any sensitive information, or exploring social verification to prove "humanness".

A big challenge to creating a transparent on-chain KYC process is the fact that identifying information is inherently private. Fortunately, new advances in zero-knowledge (zk) technology are making it possible to prove identity without divulging any private details. The following projects are using various methods to provide KYC and digital identity verification for blockchain users.

• Proof of Humanity provides a social identity verification system which uses video and confirmation from another registered user that the information is correct. Users can also challenge registration if they believe a profile is incorrect or fake.
• Bright ID is a social identity network that allows people to prove to applications that they aren’t using multiple accounts and aren't bots. In this way users can prove unique humanness without revealing personal information.
• PolygonID uses of zero-knowledge proofs to let users prove their identity without exposing private information.
• kycDAO links self hosted wallets with existing regulated off-chain accounts using a dynamic soulbound kycNFT. This bridges the gap between traditional and web3 KYC processes.
• Gitcoin Passport aggregates decentralized society credentials. These credentials are called stamps, and may include twitter, google, BrightID, Proof of Humanity and more. This system allows users to prove trustworthiness without providing personally identifiable information.
• Serto formerly Uport, provides decentralized identity solutions which can verify a wide range of information (including individual identity credentials managed by individuals).
• Binance BAB tokens prove an individual has passed KYC on the Binance platform. This KYC process ensures a verified identity and also provides a location check (only Binance-approved users are able to mint a BAB token).
• Know Your Cat (KYC) makes a user's on-chain and off-chain reputation available for DApps on multiple blockchains. Activity can be resynced to create a dynamic NFT with traits defining activity, identity, and other 3rd party verifications.

Conclusion

KYC is an established process in the online world, however many new ideas are circulating to make this process more secure and private for web3 users. KYC implementation depends on an application's use case, project resources, and their desire for decentralization. For example, an app that wants to prove an individual is not a bot may have different needs than an app that needs to prove identity for banking purposes.

For zkBob, the KnowYourCat protocol is a good fit because of its extendibility and flexibility. To access highter limits, zkBob users need to hold a KnowYourCat NFT that includes the BAB token trait. The BAB token is an id verification method provided by Binance which proves an individual has passed Binance KYC and does not provide identifying information anywhere else.

In the future, zkBob may require additional traits (for example Gitcoin Passport) which can be easily added to the KnowYourCat protocol and verified by the user. This method allows the verification process to respond and change over time to best serve users and the overall needs of the protocol.

To learn more about the KnowYourCat integration, see our blog post on Higher Deposit Limits 💪😻 with KYC.