Blockchain is an excellent tool for protecting information on the Internet, because it allows you to store it in open cloud databases and at the same time provides guarantees of authenticity and security. That as well as possible approaches for procedure "Know your client", or "KYC". In the article, we will look at how the new technology will change KYC and what users, business and government will receive from it.
Traditional KYC systems
A person’s identity can be easily established using state-issued documents, such as a passport, birth certificate, social security card, or driver’s license. However, this method is good only with personal contact. If you need to confirm the identity of a person at a distance, it is easy to get around it by acquiring the original or a copy of the desired document.
To reduce the risks of such fraud, the procedure «Know Your Client» was invented. It significantly increased the reliability of identity verification, but made the verification process itself inefficient, long and non-transparent in terms of using personal and business user data.
The traditional KYC procedure usually includes three elements:
- IDV (ID Verification). Verification of the identity of the person (paper or digital document) by submitting the original document, its scanned copy or photo. This is usually a superficial check, sometimes documents are compared with databases (internal, state or general, for example, with databases of credit histories).
- Application of client identification program (CIP). Verification of documents on various state and corporate blacklists. There is no single standard for this procedure. Organizations themselves choose verification methods in accordance with their capabilities and the requirements of the required jurisdiction. This may be the same verification of documents, and may be a scan of fingerprints or faces.
- Video identification. Identity verification using video calling tools such as Skype, Viber or Google Hangouts.
The main disadvantage of traditional KYC-systems is this need to be tested from scratch every time - each check takes time and money. In addition, this approach creates security risks, because with every check, personal data is transmitted from the client to the server and can be intercepted. Even bank servers can be hacked.
KYC systems on the blockchain
The distribution book technology (DLT) and the blockchain architecture allows you to collect information from various service providers into a single cryptographically secure and unchanging database that does not need a third party to verify the authenticity of the information. Due to this, it is possible to create a system where the user will only need to go through the KYC procedure once and then use this platform to confirm his identity.
- A user submits documents for KYC procedure to one of the banks where he wants to take a loan or use another service.
- The bank checks and, if everything is normal, confirms the passage of KYC.
- The bank enters the data about the user into the blockchain platform, to which other banks, organizations and state structures have access.
- When a user wants to use the services of another bank, this second bank accesses the system and thus confirms the user's identity.
A similar concept of the blockchain-based KYC platform has already found practical implementation. The most famous example is the joint project of IBM, Deutsche Bank, HSBC, the Mitsubishi UFJ financial group (MUFG) and the Treasuries of Cargill, which provides an efficient, safe and decentralized mechanism for checking, collecting, storing, updating KYC data and sharing them.
How blockchain will improve KYC
KYC utilities based on blockchain technology will help save money and increase the security of personal data in any industry where identity verification is needed. Let's take a closer look at exactly what the advantages of such systems are.
User data collection
How it is. Currently, the financial, banking, government and other sectors collect and store personal user data in centralized systems (repositories). Every time someone needs access to this data, they are sent from the repository of the KYC service provider to the devices of the company that requested access to the data.
How it will be with the blockchain. Personal data will be collected by individual participants (banks, government agencies, companies or users themselves) and stored in a decentralized network. Access to the data will be provided directly by users or third parties who will have appropriate permission to do so.
In this case, it will be possible to provide access not to the personal data of the user, but to a special identification card that certifies the successful completion of the procedure. Thus, personal data will be protected, and third parties will be able to verify the identity of their client.
What are the benefits:
- enhances the security of personal data;
- gives people more control over their data;
- eliminates the possibility of unauthorized access to data;
- complies with new laws on personal data protection, for example, the new EU regulation General Data Protection Regulation (GDPR).
Automation and standardizationHow it is. KYC data is collected and exchanged daily among various organizations, enterprises and other institutions. Typically, data passes through several intermediaries that use different communication protocols, APIs, and management systems. Moreover, this also involves people who verify and certify information, as well as give permission for certain transactions. As a result, this architecture inevitably generates a lot of errors, inconsistencies and critical vulnerabilities for unauthorized access.
How it will be with the blockchain. Routing of working KYC processes can be coded into smart contracts and standardized for all industries. In such an ecosystem, data exchange will be as reliable as cash transactions in cryptocurrency payment systems Bitcoin or Ethereum are reliable.
What are the benefits:
- no need for manual control;
- reducing the number of errors, inaccuracies and data loss;
- the ability to implement multilingual solutions with the help of smart contracts, standardization and tools of online translators;
- reduction in KYC process time.
Risk decentralizationHow it is. The traditional KYC procedure is almost always carried out either by a specific company or by a KYC service provider. In both cases, this means complete centralization of the process. That is, one structure decides what the test should be, it conducts it itself, stores the collected user data and selects how to use it.
This approach increases the risks:
- unethical and illegal use of data;
- hacker attacks (one server is easier to hack);
- phishing and DDoS attacks;
- human error.
How it will be with the blockchain. A system built on the basis of a decentralized distribution registry removes the risk of monopolizing control. The constancy of the data recorded in the blockchain and open source code make it possible to make sure that the rules of the game are the same for all participants and there are no “black inputs” in the program. Automation and standardization of basic processes limits and controls the degree of human participation (the blockchain records who did what, and this information cannot be deleted).
What are the benefits:
- protection against human error and fraud;
- the ability to automate key regulatory issues, such as risk assessment processes conducted by banks and insurers;
- reducing the risk of violation of the law by KYC service providers;
- reducing the likelihood of monopolization of the industry.
KYC data qualityHow it is. In the existing client-server data storage system based on centralized repositories, where all ecosystem participants are forced to constantly exchange personal information of users, there is a steady tendency to generate poor-quality data (errors, inaccuracies, inconsistencies, fake data, etc.). And this trend is increasing with the increase in the number of participants.
This is a direct consequence of the lack of uniform standards in the industry, as well as the fact that banks, companies, start-ups, government agencies and KYC service providers use different approaches to storing and transferring data, different communication protocols, API, platforms and data management systems.
How it will be with the blockchain. A KYC solution based on a decentralized distribution registry will allow you to create a system where data would be stored on one platform accessible to all. This will automatically lead to industry standardization and will make most interactions between participants unnecessary - there is no point in exchanging information if all of it is recorded on the blockchain, to which everyone has access.
What are the benefits:
- the quality of data will be improved (no errors, inaccuracies, inconsistencies, fake data, etc.);
- data security will increase (they will no longer be transferred from one participant to another several times a day);
- industry standardization will increase.
Communication and transparencyHow it is. In a traditional KYC system, an ordinary person (user) does not control anything. He does not affect what documents and in what form he needs to pass for the KYC procedure, and he, in fact, does not know how his personal data will be disposed of. Moreover, banks, companies and KYC service providers also cease to control the process after the data is transferred to other participants. The existing system is opaque and there is no control in it.
How it will be with the blockchain. The combination of an open source platform, which in itself is a source of truth, with smart contracts allows you to build a system of relationships where all participants will know the rules of the game and all participants will be sure that no one can break or circumvent these rules.
What are the benefits:
- increasing the level of participants' confidence in each other, as well as in the industry as a whole;
- eliminating the need for secondary verification or cross-checking processes;
- reducing the number of frauds (if everyone knows what you are doing, it is difficult to hide the deception and / or avoid responsibility);
- increasing the efficiency of reporting and communication processes (saving time and money).
Warning about suspicious activityHow it is. Despite the fact that business and the state are constantly increasing the costs of KYC processes, they still do not have an effective tool for tracking violations of the law in this industry. Participants can falsify data, somehow dispose of them and circumvent the law in various ways. As a result, the increase in the incidence and size of money laundering and the financing of terrorism in the world (despite the tightening of the rules of KYC & AML)
How it will be with the blockchain. Thanks to a shared distributed ledger and smart contracts, the KYC process can be easily regulated and controlled by all parties. Any change or update of customer data will be monitored by the system, and if someone breaks the rules, it will become known to all parties.
What are the benefits:
- acceleration of the fraud detection process (the system can independently notify all interested parties of attempts to violate the rules, attacks on the platform, and the like).
Applications for KYC systems on the blockchainKYC on the blockchain can be useful for many industries, in addition to banks and other financial institutions. Many companies, organizations and government agencies are vitally interested in knowing for sure who they are interacting with.
The most promising examples of using KYC on the blockchain are:
- Personal identification in various plebiscites: local, regional, state, corporate and public.
- Identification of citizens by government agencies for the provision of various social services and the payment of taxes.
- Verification of user age by video game and media content providers to prohibit access to materials in accordance with PEGI (European Union), ESRB (US), RARS (Russia), USK (Germany), ACB (Australia) rules.
- Identification of loyalty program participants.
- Identity check when crossing the border.
- Online purchases.
5 KYC cases on the blockchain#1: IBM Blockchain Trusted Identity. Decentralized platform for identification processes based on the blockchain and artificial intelligence, created by the standards of the Decentralized Identity Foundation (DIF) and the World Wide Web (W3C). Like many other IBM blockchain products, this is not a final product, but a basis that can be used to create commercial solutions.
#2: ASEAN Association Project. OCBC Bank, HSBC Singapore and Mitsubishi UFJ Financial Group (MUFG) together with the Infocomm Media Development Authority (IMDA) became the first consortium in Southeast Asia to successfully complete the blockchain concept for the KYC procedure. This is a corporate solution for the banking sector, developed with the participation and on the basis of IBM technologies.
#3: uPort. Open identification infrastructure created with a focus on ordinary users. The platform allows anyone to create an account, verify their own identity, request and send credentials, sign transactions and securely manage keys and data. The system was developed on the Ethereum blockchain, and its main platform is mobile devices.
#4: Cambridge Blockchain. The digital identity system, which became famous due to the fact that this is the first blockchain-start-up in which PayPal invested. The project is based on the blockchain, sharpened by identity verification according to the rules of KYC and laws like the European “General Data Protection Regulations” (GDPR).
#5: KYC-Chain. White label Ethereum-based B2B solution. The platform distributes responsibilities between “trusted custodians” who verify, authorize and issue digital documents. There is built-in support for basic KYC templates, sanction checking and support for various platforms.