Cryptocurrency has created a financial revolution with promises of decentralization, speed, and anonymity. However, there are also significant challenges, especially related to fraud risk.
For example, neobanks can reverse fraudulent charges and return stolen funds. However, crypto transactions cannot be reversed, and they are often significantly larger. These large deposits and the irreversibility of payments make crypto an attractive target, increasing the need for security and fraud prevention.
Many crypto companies have limited controls for identity verification and fraud prevention, contributing to a higher risk of fraud. According to Coindesk, crypto users lost $2 billion in 2023 due to scams, rug pulls, and hacks. Crypto companies must use better checks to mitigate risk and stop fraud.
This article defines KYC compliance in the crypto space, addresses common KYC crypto challenges, and explores how Plaid can help crypto companies create robust KYC processes without harming their new-customer onboarding flows.
What is KYC in cryptocurrency?
Know Your Customer (KYC) is a process financial institutions use to verify a customer's identity before allowing them to open a new account. The crypto KYC process helps limit fraud, money laundering, terrorist financing, and other illegal or illicit activities. KYC helps financial institutions comply with customer due diligence (CDD) and anti-money laundering (AML) regulations under the Bank Secrecy Act (BSA).
Some crypto companies are considered ‘financial institutions’ and subject to BSA regulations. These companies operate as money transmitters, meaning they convert fiat currency, such as the US dollar, to cryptocurrency, such as Bitcoin. As such, a KYC program is the best way to fulfill their legal obligation. You may also hear it referred to as bitcoin KYC, but bitcoin is merely a type of cryptocurrency.
Crypto KYC requirements
Crypto KYC providers use several steps to verify customers' identities and check for illegal activity before users can use the crypto exchange, wallet, or other crypto platforms.
This can include collecting and verifying:
Name
Address
Date of birth
Government-issued identification documents
If a new customer is considered suspicious, the company may collect additional information such as the source of funds, information on their business, and information on hidden owners/stakeholders known as ultimate beneficial owners (UBOs), who shell companies may conceal.
Find out how much identity verification is worth to your organization
Prevent fraud, win users, and protect your bottom line
The history of KYC in crypto and Liberty Reserve
The history of KYC in the cryptocurrency industry is closely tied to the rise and fall of Liberty Reserve, a digital currency platform founded in 2006. Liberty Reserve allowed users to transfer funds with minimal oversight and quickly became popular with cybercriminals and money launderers looking to exploit the lack of controls.
In 2013, a joint US government task force shut down Liberty Reserve after discovering it had laundered over $6 billion in proceeds from criminal activities, including identity theft, credit card fraud, and computer hacking. In 2016, Liberty Reserve’s founder, Arthur Budovsky, pleaded guilty to running a money-laundering enterprise and was later sentenced to 20 years in prison.
This high-profile case highlighted the need for KYC procedures and put cryptocurrency on the radar of many regulators and financial industry leaders.
Currently, KYC in crypto has become a standard procedure, especially for cryptocurrency platforms that provide financial services. While regulation in the crypto industry has evolved, regulators worldwide are advocating for rules that prioritize identity verification and the prevention of illegal activities. This includes a 2023 White House roadmap to mitigate cryptocurrency risks.
A note on crypto regulation: Privacy vs anonymity
Regulations aim to prevent illegal activity in the cryptocurrency space, not eliminate privacy. Privacy and anonymity are not the same: Privacy is a fundamental right to control your personally identifiable information (PII). Anonymity is hiding your identity, which can be used for malicious activities.
Cryptocurrencies like Bitcoin are not inherently anonymous. However, they do offer a level of privacy that can be strengthened with secure and encrypted channels for sharing sensitive information. KYC can help crypto users maintain control over their privacy while protecting crypto platforms from exploitation by anonymous users.
What problems does KYC solve for the crypto Industry?
Beyond compliance with the Bank Secrecy Act, KYC helps the crypto industry maintain a secure and trustworthy environment by addressing the following concerns:
Compliance with jurisdictional requirements
Cryptocurrency trading and investment regulations vary by country, complicating compliance. A KYC crypto exchange can help verify the location and identity of its users, effectively ‘geo-gating’ its services to meet local regulations. This helps prevent companies from accidentally violating the rules of other countries while meeting the guidelines of the countries they’re allowed to operate in.
Combating social engineering scams
Social engineering scams occur when fraudsters manipulate victims into revealing personal information they can use to create or take over accounts. In some cases, fraudsters trick consumers into transferring funds themselves, often using irreversible and harder-to-trace cryptocurrencies. Social engineering is widespread; 84% of US adults have experienced some form of it—most often phishing scams.
KYC-compliant crypto platforms can link a fraudulent or manipulative transaction back to the scammer’s identity, improving the chances of catching them in the act.
Tackling ID theft and synthetic ID fraud
Crypto platforms are a prime target for identity theft fraud since transactions made under false identities cannot be reversed. Scammers even use presentation attacks that employ stolen biometric information, such as facial images or fingerprints, to impersonate people and falsely verify their identity.
Plaid Identity Verification fights this using ‘liveness detection,’ which also supports KYC procedures. Liveness detection uses real-time selfie videos to match ID documents to a user’s face. In a later section, we'll discuss other ways Plaid helps limit fraud and prevent money laundering.
Fighting evolving fraud tactics
Fraud in the crypto industry is constantly evolving as criminals develop more sophisticated methods, such as presentation fraud, synthetic identities, and increasingly advanced credential stuffing. KYC verification for crypto must stay ahead of these threats to keep crypto companies and their customers safe. Identity verification solutions like Plaid IDV strive to evolve with fraudsters and beat them at their own game.
Crypto companies that attempt to fight new fraud tactics on their own are generally at a disadvantage compared to those that partner with an identity verification solution. That’s because identity verification solutions protect many companies at once. Consequently, they’re more likely to spot new types of fraud—and then evolve to combat them.
How can Plaid help with crypto KYC?
To help cryptocurrency exchanges with KYC requirements, Plaid offers a full-suite fraud prevention and KYC solution. This critical line of defense helps address numerous challenges, from mitigating their own risk to ensuring their customers’ safety.
Plaid Identity Verification (IDV) = KYC + anti-fraud tools + onboarding optimization
Plaid Identity Verification (IDV) can confirm customer identities in over 200 countries using authoritative data sources, ID documents, and selfie verifications. It also includes a machine-learning-powered anti-fraud engine that can detect and minimize fraudulent activity. IDV uses eight vital data checks to ensure a robust verification process, eliminating the need for companies to work with multiple vendors for their KYC process.
Plaid Monitor adds additional security to the onboarding process by helping identify potentially compromised or criminal individuals. It screens customers against sanctions and politically exposed persons (PEPs) watchlists and can provide continuous monitoring to re-screen customers over time.
Using Plaid IDV and Monitor together creates a full-suite crypto KYC solution with the tools needed for both back-office and ongoing compliance management. Crypto companies can manage failed verifications, see a complete audit trail, and manage review queues in a way that works best for them.
Additionally, Identity Match (a feature within Plaid Identity Verification) can instantly match the name, phone number, address, and email address that a crypto company has on record to those details that the customer has on file with their linked bank account. This complements the KYC process by adding another layer of fast and accurate verification.
Plaid’s KYC solutions offer the lowest friction available, are designed to minimize customer drop-off, and can improve conversion rates by 10 to 20%.
Self-sovereign identity (SSI) and the future of crypto KYC
As crypto evolves, so will the need for KYC and identity verification. One possible evolution of KYC in crypto is ‘self-sovereign identity,’ or SSI, which has the potential to change the way KYC is conducted in the crypto industry.
Understanding self-sovereign identity
Self-sovereign identity allows individuals to own, control, and share their personal information without relying on a central authority or third-party intermediaries. This decentralized approach empowers people to manage their digital identities securely, granting them control over who can access their data and under what circumstances.
SSI uses cryptographic techniques to secure personal information, allowing users to share verifiable credentials without exposing sensitive data. SSI not only enhances privacy but also reduces the risk of identity theft and fraud.
The peanut butter and jelly of crypto: SSI + KYC
Using SSI in the KYC process could be considered the 'peanut butter and jelly'—that is, the perfect match—for identity verification and crypto. It could create a seamless blend of regulatory compliance and user-owned processes that dramatically improve both security and convenience.
SSI could help crypto platforms streamline KYC by allowing users to share pre-verified credentials instead of their ID documents when signing up for each platform. This would reduce user burden and the amount of personal data the platform would need to store to help prevent fraud.
SSI is a vision for what the future could become for identity. Secure, reusable, and private. Crypto is the perfect industry to experiment with and deploy a version of ID verification that would exist if it could be rebuilt from the ground up.
Alain Meier, Head of Identity, Plaid
In today’s world, KYC remains an essential component of the crypto onboarding process for new users. It helps ensure crypto companies remain compliant with various local jurisdictions and protect themselves and their customers against fraud.
→ Learn more about Plaid Identity Verification and how it can help crypto companies run secure KYC processes without sacrificing conversion or user experience.