The Number One Way ICOs Are Abusing You — And What You Can Do About It

At this moment of writing, there are 131 live ICOs. No matter what you think of coins like PornCoin, CatCoin, and the Cthulu Offering, there’s one, simple and surefire way to tell if a project plans to be around in the long run — how they treat you during the ICO. Specifically, how they treat your data.

The problem is, no matter how legitimate an ICO appears, they are all extracting a massive toll in risk and work they are requiring from their customers to KYC themselves (Know Your Customer is a basic foundation of compliance that is widely understood to be required by all ICOs). Doing this badly is irresponsible, selfish, and short-sighted — and it’s hurting everyone in the industry.

ICOs are still requiring identity information in ineffective and compromising ways, such as asking you to take a photo of your passport at email it to them. This is a big deal because there are so many other secure ways for this to happen.

An informal survey we have completed at Glyph ID has found that three-quarters of ICOs are doing KYC in-house themselves — mostly using systems they just made up. Less than a quarter get outside assistance of any type, and many of those use systems that ask for the same information to be collected and re-submitted time after time.

In other words, most ICOs are lazy and selfish because they are putting their own needs above the needs of their customers. To save a few dollars per person they are requiring their customers spend significant time and shoulder massive personal risk.

The relationship between pump and dump ICOs with no value, and bad KYC

ICOs imagine that KYC (which has only just become known to them as a thing), is not a compliance function, but an operations role. It’s an annoyance, a tick box exercise, and therefore somewhere to save money. That’s great for them, but terrible for you. It means:

1. You have to keep resubmitting your information, often via insecure channels
2. Massive backlogs because they don’t know what they are doing and they are not prepared for what’s actually involved, or the peak load of checking the credentials for thousands of people in a very short amount of time
3. They will almost all go out of business, and some of those will leave your information sitting on servers and otherwise exposed once they turn the lights off
4. They don’t know how to treat the data once they have it. They save it unencrypted, or on a server accessible to the whole team or partners, putting you at risk (hey, even Facebook did that)
5. They don’t tell you what they are going to do with your data, they have no contact information and no ongoing support or updates. Most don’t even have a privacy policy or terms and conditions
6. Then, after making you suffer through all of that, the KYC is so backlogged that they fail you anyway without leaving you enough time to resubmit. You miss the sale. So you get all the pain and none of the benefit.

Let’s just think through that for a minute: most ICOs are making you do something that is inconvenient, painful and risky, so they can save a few dollars.

ICOs are making you jump through hoops at your personal expense. Photo courtesy of Pixabay.com

That’s not just bad service. That’s abuse. They are abusing you.

That’s a bold claim. How do I know that? Because I talk to them all the time. When I or my team talk to ICOs about the above issues and show them solutions to make life better for their customers, they aren’t interested.

It’s not that they don’t know there is a better way to do this. They could find a solution if they wanted to. They straight up don’t care.

There is one thing they do all care about: that’s getting their hands on your money. They do care about making a quick buck.

The best way to tell if a project plans to be around in the long-term then is how they treat you during the ICO. We all know to treat our customers well. On the other hand, we don’t care how marks feel after we take their cash.

Brady Dale from CoinDesk explained this well in a series of tweets about companies trying to get fronted on their news site:

In fact, I would go as far to say as anyone who makes you submit KYC information in insecure or inconvenient ways doesn’t deserve to be invested in.

Most ICOs haven’t thought this through. But neither have customers. Bottom line is, we still accept this rubbish. We allow it by participating in it.

So how do we change it?

When you are talking to these ICOs through their Telegram or when you meet them at events, you need to call them on it. Demand that they use a service that enables rapid, encrypted KYC — preferably reusable KYC so you don’t have to keep doing the same thing time after time.

ICOs will move to what customers demand.

Right now, you are allowing terrible service. It’s like you’ve gone to a Michelin Star restaurant, but before you’re allowed in to have dinner, you have to crawl through a muddy ditch full of barbed wire. Then we all sit there, together, covered in mud.

And because you’ve never had it any other way, you just go along with it, because oh well, that’s just the way it is.

But isn’t this supposed to be a forward-thinking, dynamic industry that’s driving change? Why are we putting up with this rubbish?

You don’t have to.