How Crypto Companies Can Know Their Customers Better – and Stay Compliant for Good Measure
No matter what functionalities your crypto company has, it’s bound to benefit from IDV and KYC solutions. Read on for a breakdown of what Know Your Customer (KYC) and Identity Verification (IDV) means and the ways that these tools can protect your crypto service from money laundering and other types of fraud.
September 11, 2022
by Gergo Varga, SEON
Crypto exchanges and the fraud landscape
Fraud is on the rise in the world of crypto. According to a survey by The Motley Fool, $680 million was lost just by Americans alone in 2021 due to crypto related scams, skyrocketing from $12 million in 2018. 54% of victims say that they’re less likely to invest again in cryptocurrency as a result, and no crypto-centric (or even crypto-conscious) company wants that.
But it’s not just about fraud. Crypto exchanges, wallets and other companies often have legal mandates to comply with, and the repercussions when they don’t can be massive. According to Markets Insider, the sector has paid over $2.5 billion in fines since its inception -– and with an increase in legislation, things can only get worse, unfortunately.
It’s no surprise, then, that crypto firms are having to turn to some of the fraud prevention software that traditional financial institutions like banks and stockbrokers currently use. One clear choice here is identity verification – a key part of KYC, which we will explain in more detail below.
So why are crypto startups at risk? Since crypto exchanges involve the trading of currency, they are considered to be open to money laundering and other criminal activity – just like traditional financial institutions. Because transactions are instant and can be traded internationally, crypto services are open to tax avoidance and money laundering. Furthermore, fraudsters can manipulate markets through spoofing, churning and similar attacks — as this article by Constantine Cannon explains.
What is IDV and what is and KYC?
Know Your Customer (abbreviated often to KYC) gives you more information about a customer’s identity during the onboarding stage. A KYC stage is usually a means to stay compliant with Anti-Money Laundering (AML) regulations, which often vary from country to country. Therefore, it’s closely related – many KYC products are part of AML mandates as well, though the two are not synonymous, with AML also monitoring transactions, examining the source of funds, and so on.
For KYC, there are many different identity verification options on the market like biometric verification or a customer’s passport, driver’s license or proof of address. The process of examining these official documents and verifying them online is also called IDV – identity verification. Some forms of biometric verification include selfie or video verification. Usually the former involves a user taking a photo while holding their passport up to the camera. KYC involves checking a customer’s identity, location and age, and identity verification tools are the means to do just that.
Many crypto exchanges are already requiring their customers to undergo some kind of identity check before they’re able to trade or use most of their services. How they choose to do this varies a lot but ultimately they do a similar job – verifying that a customer is real and they are not faking their identity. Yes, the original point of crypto was anonymity but once you have centralized services such as exchanges, which also deal with fiat currencies in order to allow you to buy crypto, there was a tradeoff to be had. For any of these to inspire trust in consumers, licensing had to be acquired.
Today, it’s all a tradeoff between anonymity and security. Otherwise, crypto enthusiasts and companies would fall victim to fraudsters and identity theft almost incessantly.
Once a customer has gone through the KYC stage and provided valid documentation that passes the screening process, they’ll be then usually be allowed to start trading.
Why do I need to have a KYC process in place?
Financial institutions like banks or stock brokers need to have a KYC process in order to stay compliant with AML regulations in their country. This article by Buchanan Ingersoll-Rooney explains that regulators in the US and around the world are considering increasing AML compliance requirements for the cryptocurrency space. Getting ahead of this by looking into how to stay compliant, therefore, might be a good idea.
With KYC, crypto exchanges can protect themselves from these issues by verifying that customers really are who they claim to be. This keeps bad customers who are looking to defraud the exchanges away, and also keeps customer accounts safer as the information can be later recalled to authenticate existing users trying to reach their accounts.
It’s possible to allow customers to buy crypto without a KYC check. However, this means that your crypto exchange is more susceptible to money laundering and other types of fraud.
Users looking to stay as anonymous as possible can use decentralized exchanges – some users think that crypto shouldn’t have the same regulations that traditional banks and other financial institutions have.
Decentralized exchanges are usually either peer-to-peer marketplaces and automated market makers, and do not ask for identity verification. One of the useful aspects of decentralized exchanges – according to a guide by Gemini – is that there are lower fees and a greater diversity of altcoins. However, most crypto exchanges ask for identity verification as it helps to prevent fraud.
Even with KYC in place, what issues do crypto currencies and exchanges face?
But preventing fraud doesn’t just stop at implementing a KYC process. Even with a KYC stage in place, there are still some issues that you can face when it comes to preventing users from engaging in fraudulent activity. As a SEON guide to KYC for crypto describes, this can even include synthetic IDs or deepfake videos to get past KYC procedures. Instead, the fraud prevention company stresses how important it is to have more defenses in place, including real-time fraud detection.
Another issue is that KYC does create some friction. By asking for customers to give you their identity verification, you are slowing down the onboarding process. As some identity verification tools are slower or more cumbersome than others, this can start to become a problem as you run the risk of losing customers who are impatient to start trading. You might have to ask a customer to rescan their documents if the lighting is bad, or if some information is unclear. Usually the algorithm of the KYC tool has certain requirements that have to be met for the submitted document to be identifiable, and if these aren’t met, sometimes the customer has to resubmit the document.
Therefore, some KYC options on the market claim to provide a streamlined service – for instance, real-time feedback to help customers submit better quality images that are more likely to pass. However, with criminals using deepfakes and photoshopping to bypass biometric verification, it’s becoming increasingly difficult to rely on KYC completely to prove a customer is legitimate and not a fraudster.
But the biggest problem for crypto is not just deepfakes or photoshops. It’s that turnkey KYC is very expensive to do on every single user. That’s why you’d be smart to first run pre-KYC, determining whether or not you should let the user pass, and the best tool for that is automatic digital footprint analysis. With this is place, the vast majority of fraudulent users will be rejected before they reach KYC. A higher percentage of legitimate users will be checked, but fewer users in general, effectively reducing KYC spend without affecting the ultimate number of successful sign-ups.
What is digital footprint analysis?
Digital footprint analysis isn’t a straight-up alternative to KYC – it doesn’t do the same job of verifying a user’s identity. Therefore, you might use it alongside a KYC tool of your choice. How digital footprint analysis works is that it gathers what is known as primary data on a user, before they even provide any identity verification in the KYC stage. Primary data in this case would include information like an email address, phone number and IP address as well as the kind of device they’re using or the browser they’re accessing your website through.
A user’s digital footprint is the information you can gain by enriching this data by combining it with data from open-source databases.
In simple terms, this can tell you whether a user’s email has been blacklisted, whether they’ve been a victim of a data leak, or whether they have a history of social media accounts linked to it.
Why does this matter? Well, usually, a criminal either doesn’t have much of a digital footprint. They might also be accessing your site using a Tor browser, or are otherwise hiding their IP address using a VPN. Yes, privacy should be a human right but when you’re looking to receive payments in dollars to sell BTC, an anonymous customer should be scrutinized further -– because it’s your company who’s going to incur the chargeback fees if that’s a fraudster paying with a stolen card.
As digital footprint analysis gives you all this additional information before KYC, you can block any high risk users with a suspicious digital footprint (or lack thereof) before the onboarding stage.
A fraudster using a stolen card might try their best to look good on signup, but if they don’t have the digital footprint of a good intention user who would be expected to have presence on multiple services, you know that something is off. You can then do more stringent KYC on them, requesting more documents and even having a member of your fraud prevention team speak to them.
Anti-Money Laundering regulations and compliance
Another issue is that you might have KYC checks in place, but they’re not compliant with current AML regulations set in your country. In this case, you might faces what’s known as a compliance fine. If you’re not using the right checks, this might end up being an issue for your crypto exchange. Crypto tumblers can also face fines if they’re not compliant with AML regulations.
Wrapping it up
KYC is recommended during the onboarding stage for cryptocurrencies and exchanges. However, it has some vulnerabilities and can even slow down your onboarding process. It’s worth looking into combining this with digital footprint analysis.
KYC is likely to become a legal mandate even where it is currently not for most crypto firms. It helps to know how to optimize and streamlining it without risking having to pay compliance fines.
About the author
Gergo Varga‘s fight against fraud has been going strong since 2009. Working at various companies in the past, today he serves as Content Evangelist at SEON, where he continues to disseminate his insight and expertise across the company and beyond. He has authored the Online Fraud Prevention Guide for Dummies and hundreds of other articles and guides. Based in Budapest, Gergo enjoys reading, tech and philosophy.
SEON is an online fraud prevention platform that detects and stops fraud in real time through transactional data analysis. Founded in 2017, the company is headquartered in Budapest, Hungary.