The e-KYC industry is expanding rapidly. The global market is estimated to have reached a valuation of USD 447.53 Million in 2021 and is projected to maintain a Compound Annual Growth Rate (CAGR) of 22.0% during the forecast period. Notably, the number of companies providing KYC solutions is also rising.
There are several existing Web2 KYC solutions available in the market today.. The most common of these include:
- The web-based solution is a simple and convenient option that doesn’t require any installation or specialized software. It can be accessed from any location and is particularly popular among small businesses due to its affordability and lack of additional investment requirements.
- The cloud-based solution is another common web2 KYC solution that involves storing sensitive data online. If you opt for this solution, it’s crucial to have a backup plan in place for your data and ensure you have access to a stable internet connection.
- The on-premise solution is a preferred choice for organizations that prefer to store their data on their own servers and workstations. However, this option can be costly due to the upfront expenses and ongoing maintenance fees.
In the traditional Web2 landscape, certain middleware providers offer KYC solutions for their customers. These solutions encompass a range of functionalities, such as authentication management, identity management, and permission management. Some service providers have also migrated their established KYC solutions to the Web3 landscape, while others have introduced the notion of “decentralized KYC.” Regardless of whether they are centralized or decentralized, these solutions are typically implemented using a similar model.
Participants include:
- Verifier: Business user or project owner that uses KYC services.
- Prover: Ordinary user.
- KYC Service Provider.
- Issuer: Financial institutions such as IDD (International Driver Document), banks, online social media platforms such as Twitter, etc.
Preparatory work:
- The identity issuer opens the verification API.
- The KYC service provider connects with as many identity issuers as possible to obtain an identity verification API.
- The verifier must register with the KYC service provider and get an API Key.
A Complete KYC Process:
- The prover obtains the KYC Service Access Token from the verifier.
- The prover uses the token to send personal information to the KYC service provider.
- The KYC service provider gets the user’s personal information, forwards it to the corresponding identity issuer for verification, and obtains the results.
- The KYC service provider returns the KYC results to the verifier through redirection.
- The verifier performs subsequent business logic processing based on the KYC results.
Based on the above KYC context, it’s evident that the KYC service provider must be viewed as a centralized and trustworthy institution for the overall system to function correctly. However, this mode of operation falls short in terms of decentralization. It fails to guarantee the protection of users’ private data, as evidenced by the 2019 KYC data leak incident where an exchange was hacked for ransom. Moreover, this centralized approach carries a significant risk of malfeasance by KYC service providers, who may collect and misuse private data for their purposes.
Problems
In addition to the significant flaws mentioned above, this KYC model is also plagued by several other issues.
- Users’ private identity data is being collected repeatedly by multiple verifiers, with no control over how their information is used.
- KYC service providers can block requests from certain providers, thus preventing users from participating in relevant business and project ecosystems.
- The entire system relies heavily on the authentication API provided by the identity issuer, making it challenging for KYC service providers to meet specific KYC requirements.
- KYC service providers cannot offer programmable KYC services, leading to additional user privacy information being leaked to verifiers. For example, if a verifier requires proof that a user’s bank deposit is over $1 million, the KYC service provider must disclose the user’s deposit balance to the verifier.
A decentralized KYC solution should be adopted to safeguard users' privacy, such as a blockchain-based platform that empowers users to manage their data. This platform should impose minimal requirements for user information and give users the flexibility to decide whether or not they want to share their data with a given service provider. Furthermore, it should enable users to choose which personal information they want to share with each service provider, with no single entity having access to all their data.
In light of this, the zkPass Protocol was created.
