KYC for crypto platforms: The power of knowing your customer to prevent fraud using ID verification
Protect your business while using cryptocurrency
An increasing amount of worlds’ population is using the blockchain to trade in cryptocurrencies and NFTs. In January 2021, the downloads of cryptocurrency apps reached an amount of 5.6 million. This is 31.07% of all the app downloads from 2020. Fraudsters have followed this trend. Research by Trading Platforms UK has found that a total of $513 million worth of cryptocurrencies has been lost due to hacks and thefts in 2020. Looking at the graph below, this is an increase of 38.38% compared to 2019. This has raised the attention of regulators who justify the need to take an active role in cryptocurrency security. Providers of the crypto exchange platforms and wallets have to deal with assuring the safety of use of their platforms due to regulatory pressure and to satisfy their customers. Assuring the safety and creating solutions to prevent fraudsters from entering the system is only possible when the risks and requirements for an exchange are known by the organization.
As shown above, there are a lot of fraudulent practices with regard to the cryptocurrency market. This blog helps to better understand the risks involved in the cryptocurrency market, especially focused on the cryptocurrency platforms. Furthermore, it outlines the KYC and AML requirements set by the government and what you, as a crypto platform provider, can do to prevent yourself and your customer from fraud.
Value of cryptocurrency theft worldwide from 2016 to 2020 (in million U.S. dollars)
Source: Statista 2021
Risks of cryptocurrency during the onboarding process
As a crypto exchange and/or wallet provider you want to exclude the fraudsters in the beginning of the process. The cryptocurrency market is interesting for fraudsters as it is an upcoming- and capital- intensive market. The problems arising within this market consists of users not having experience with fraud and criminality in this market. The most important fraud during the onboarding process consists of documentation fraud, identity fraud and technical fraud.
1. Documentation fraud
Documentation fraud consists of tampered documents and fake documents. With tampered documents the image is being replaced or the data is overwritten. However, most of the time fraudsters use fake passports or IDs, which are being used by fraudsters to imitate the appearance of a person. This way the fraudster can open an account on a crypto exchange provider while even being underaged.
2. Identity fraud
Compared to documentation fraud, identity fraud is more focused on the impersonation. Where fraudsters intentionally use the identities of others for the verification process to gain access to someone else profile. These identities are mostly stolen or bought on the dark web.
3. Technical fraud
Fraudsters with technical skills edit images/videos belonging to others into their own documentation so that it looks as the person is being live during the identification process.
Requirements from regulation
The need for regulation within the cryptocurrency landscape is growing, as the cryptocurrency market is becoming more mature The specific requirements for crypto currency exchanges and wallets differ for each country and region. These can be found on the websites of FinCEN (US), BaFin (Germany), FMA (Austria), and so on. In general, crypto is recognized as a financial service and should therefore comply to the same regulations that are being used in the financial world such as Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations.
What can you do to protect your crypto platform against fraud and comply with legal requirements?
The most important aspect for crypto platforms is to know your customer (KYC). KYC describes the process of the verification of the identity of your customer. To prevent illegal activities, such as document fraud, investment scams, and money laundering, you want to know who you are doing business with. KYC procedures are helpful and for major cryptocurrency exchanges the KYC process is even mandatory, as this ensures compliance with relevant laws.
There is however no one solution that fits all. What you can do to protect your organization and which requirements you should take into consideration depends on the country, sector, and business relationship.
KYC verification processes for cryptocurrency consists (mostly) of three parts
1. Customer Identification Program (CIP)
The first step consists of the collection and verification of the customer data. Which data needs to be collected depends on the local jurisdiction. For cryptocurrency exchanges the collection and verification of customer data occurs after the registration.
2. Customer Due Diligence (CDD)
CDD is part of the KYC procedure and involves the verification of a customer by checking documents and received information. An organization may choose to perform a background check on the customer to perform a risk assessment and to find out if this person has been denoted as a financial risk. Based on the risk, organizations can choose to perform a Simplified Due Diligence (SDD), basic or an Enhanced Due Diligence (EDD).
3. Ongoing Monitoring
As the regulations can change quickly it is important to keep the data up to date. This is possible by repeating the KYC process periodically and continuously screening the gathered data by comparing it with the PEP watchlists and the global sanctions lists.
4. Risk Management
To find suspicious behavior, it is essential to pay attention to the behavior and the transactions of its customers.
Different ways to reduce the risk of fraud exists, organizations could consider:
· Identify verification
· Network and device analyses
· Face verification
· Bank account verification
· Address verification
· Control of duplication (document/user/device)
· Source of funds
· Fraud verification/sanctions check
The verification process of most cryptocurrency exchange providers is divided into different levels depending on the amount of money involved. The onboarding process always starts with the identity verification whereby your personal information is gathered such as date of birth and name. Next, the most common requirement is the verification of customers identity. Which includes the gathering of data from an identity document (e.g.: Nationality, photo, Social Security Number/Personal Identification Number, Document number), this can be seen as the first level. The second level consists of an address verification which can be done by providing a bank statement, utility bill, credit card statement, or tax document and a biometric verification. The biometric verification consists of a facial verification and a liveness check which reduces the false acceptance rate of documents. The last level is only required exchanges with very large transactions value and requires a source of wealth declaration form.
Furthermore, upcoming is the data gathering on search behavior, the sanctions check (UN, EU, OFAC, OFSI) and sanctions lists for Anti-Money Laundering (AML) purposes. Important here is to use multiple sources, as this will decrease the risk of fraud.
Tradeoff: preventing fraud without losing customers
Having measures to prevent fraud, it takes some time and effort of your customers. You don’t want this to be a major drawback for your customers to stop making use of your service. Therefore, the onboarding process should not take more than a few minutes. Furthermore, the onboarding process should be made user-friendly. This can be guaranteed by an automatic KYC process.
What can Verifai mean to you?
Verifai can play an important part in the protection against fraud as it is a developer and supplier of smart Identity verification software. Customers can verify their identity digitally and in real-time via simple steps, which allows a fast and seamless customer experience. Adapting the KYC procedures your crypto platform can increase the conversion rate and ensures a high security level. Verifai performs the following steps:
The software of Verifai can recognize the identity document and imports the data that is needed and for which permission has been given.
By performing the liveness check the document holder should be present during the KYC check. Fraudsters cannot use technical skills, false photo or identity document to commit fraud.
What makes Verifai unique is fast and secure authentication of customers through a NFC check, which only takes a few seconds. This guarantees authenticity at government level.
Users might be concerned about their anonymity as personal data needs to be processed and flows to a decentralized blockchain. However, this fear is not necessary as Verifai has a robust KYC system which secures consumer information. Furthermore, Verifai offers privacy filters to minimize the processing of sensitive personal data.
Concluding, due to the increasing level of fraud among crypto platform and the negative consequences, there is a growing interest to combat this. The most important aspect for crypto platforms is to know their customer, which can fulfilled by the KYC procedures such as identity verification, liveness check and face verification. These measures will reduce the amount of fraud and protect your customers from risky transactions.
