The cryptocurrency industry is a resilient one that has weathered the challenges of the crypto winter and appears to be strong enough to endure the long haul. But with increasing pressure from financial regulators around the globe, can crypto companies afford to lag behind on their KYC- or is there a way to get ahead of the curve.
What is KYC?
KYC stands for ‘Know Your Customer’ and refers to the mandatory processes used to verify the identity of a customer. KYC is the responsibility of financial institutions who must comply with Anti-Money Laundering and Counter-Terrorism Financing regulations. These processes detect fraudulent transactions and assess risks associated with the customer during the onboarding process and beyond. If a potential customer fails a KYC check or is labelled high-risk, then the financial institution can report this to the relevant authorities or decline the onboarding attempt as they see fit.
Methods of identity verification in the crypto industry
In times gone by, we would rely on human agents being trained in detecting physical document authenticity markers on identity documents of all kinds. This was costly, time consuming, did not scale well, and had a high false-acceptance rate. Technology has progressed to create remote identity verification, where an individual only needs their identity document and a smartphone to prove that they are themselves.
One such remote identity verification method is video verification, where the individual holds their identity document up next to their face during a video call with a human agent who confirms their identity. This method falls prey to many of the same issues as in-person identity verification, with an added modern threat. The emergence of generative AI and deepfake technology into the mainstream means fraudsters can now spoof a document and a face during a video identification check with frightening ease.
It is likely that more people will be familiar with the widespread alternative Optical Character Recognition (OCR) method, where the user takes a picture of their identity document which is scanned by machine learning algorithms to determine the authenticity of the document and verify the holder’s identity. OCR technology is not fool proof- many solution providers still use human agents to double-check results. Although an OCR document scan may be harder to fool than video verification, it is by no means impossible. AI allows fraudsters with even a little knowledge to alter the appearance of an identity document and bypass OCR identity verification.
Both of these methods have large vulnerabilities and known false acceptance rates, creating potentially dangerous holes in a cryptocurrency businesses’ KYC compliance. Reliance on checking the outside of identity documents is not secure enough, but there is a way to check documents based on their insides- NFC chip verification. This is the only remote identity verification method that can bypass the vulnerabilities of video and OCR for 100% secure verification.
NFC chip verification
The International Civil Aviation Authority (ICAO) introduced the first draft of the Doc 9303 in 1980. This document outlines the standards surrounding chipped identity documents, or electronically machine readable travel documents (eMRTDs). These documents feature an NFC chip (like those in bank cards) that contains your personal and document information, as placed there by the issuing state. These documents include passports, ID cards, residence permits, driving licenses, and more. As of writing (November 2023), over 170 countries worldwide issue eMRTDs, meaning there are over a billion people already able to verify their identity this way.
All these billion or so people need to verify their identity with NFC is a modern smartphone. Using an app like Inverid’s ReadID Me, they can read the chip of their identity document in seconds and gain access to the highest trust level of remote identity verification.
NFC identity verification is highly secure. In the words of Gartner, the chips in eMRTDs “are generally regarded as tamper-proof today”. Advanced security mechanisms like Clone Detection enable NFC solutions like Inverid’s ReadID to detect if the data within a chip has been cloned or manipulated. Not only is the data read 100% correctly but with assurance that it is also 100% authentic.
With this in mind, at Inverid, we take an NFC-first approach to remote identity verification.
What is an NFC-First approach to identity verification?
At Inverid, we recognise that NFC is the most secure method of remote identity verification but understand that crypto companies have a diverse user base with different needs. Therefore, we are not an ‘NFC-only’ solution provider- we also have orchestrations for extra layers of security and assurance, such as biometric facial verification.
The NFC-First mindset includes being able to adapt to the circumstances our customers need. There may be instances where a customer does not have a chipped identity document, for example. We offer OCR verification through our partners as a backup in these instances.
ReadID is an adaptable solution in more than just orchestration capabilities. We offer ReadID’s NFC verification technology as a highly customisable SDK that can be integrated into an existing customer app or as ReadID Ready, our pre-made app that can be branded to customer specifications and integrated into a QR code-based web/mail or e-mail flow.
Questions?
Want to know more about NFC-First identity verification for your crypto exchange? Get in touch with our crypto expert Justin Markslag to learn more about how NFC identity verification is changing the game in customer onboarding and can keep your company ahead of the curve.