KYC for crypto: Ensuring crypto security and compliance

Crypto can be an attractive target for fraud and bad actors. Learn about how KYC for crypto helps with fraud, risk, and compliance.

May 17, 2023

Tom Sullivan Pic
Tom Sullivan

Tom is a fintech industry writer who creates whitepapers and articles for Plaid. His work has been featured in publications like Forbes, Fortune, and Inc. He's passionate about the freedom that the union between financial services and technology can create.

Cryptocurrency has created a financial revolution with promises of decentralization, speed, and anonymity across all transactions. Yet it has also come up against significant challenges and unstable times, especially around the risk of fraud. 

That’s because, once stolen, crypto funds are irreversibly lost. As opposed to neobanks—where fraud can be reversed and stolen funds returned. Additionally, crypto transactions are often significantly larger. These high-value amounts, coupled with irreversibility, make crypto an attractive target for criminals and increase the need for security and fraud prevention.

Since crypto’s inception, many crypto companies have maintained lax controls around identity verification and fraud prevention, contributing to numerous instances of fraud. According to a recent CoinJournal study, there were 120 well-known instances of crypto fraud in 2022, resulting in over $2.1B in stolen funds. That is up from 94 instances in 2021, a 28% increase.

To get ahead of fraudsters, crypto companies need to implement comprehensive KYC procedures and stringent anti-fraud measures. In this article, we’ll define KYC for the crypto space, address common challenges crypto companies face with KYC, and explain how Plaid can help crypto companies create strong KYC processes without hurting their new-customer onboarding flows.

What is KYC in crypto?

Know Your Customer (KYC) is a common practice for financial institutions, in which they undergo a series of steps to ‘know their customer’ before allowing them to open a new account. The KYC process aims to prevent fraud, money laundering, terrorist financing, and other illegal or illicit activities. KYC helps financial institutions comply with customer due diligence (CDD) and anti-money laundering (AML) regulations under the Bank Secrecy Act (BSA).  

Some, but not all, crypto companies are considered ‘financial institutions’, and therefore subject to BSA regulations. These are companies operating as money transmitters—meaning they convert fiat currency such as the US dollar to cryptocurrency such as Bitcoin. As such, a KYC program is the best way to fulfill their legal obligation.  

The KYC process for crypto companies involves a series of steps to verify their customers’ identities and screen them for illicit activity before they can access their exchange or wallet, or another crypto platform. This can include collecting and verifying the following information:

  • Name

  • Address

  • Date of birth

  • Government-issued identification documents

If a new customer is considered suspicious, they may be subject to enhanced due diligence. This is an extended form of KYC that collects additional information such as the source of funds, information on their business, and information on hidden owners/stakeholders known as ultimate beneficial owners (UBOs), who may be hidden by shell companies.

Guide to calculating the value of identity verification

Prevent fraud, win users, and protect your bottom line

The history of crypto KYC and Liberty Reserve

The history of KYC in the cryptocurrency industry is closely tied to the rise and fall of Liberty Reserve, a digital currency platform that was founded in 2006. Liberty Reserve enabled users to transfer funds with minimal identity verification and oversight. It quickly became popular with cybercriminals and money launderers looking to exploit the lack of controls to conduct illegal transactions. 

In 2013, a joint US government task force shut down Liberty Reserve after it was found to have laundered over $6 billion in proceeds from criminal activities such as identity theft, credit card fraud, computer hacking, and more. In 2016, Liberty Reserve’s founder, Arthur Budovsky, pleaded guilty to running a money-laundering enterprise and laundering over $250 million. He was later sentenced by a Manhattan federal court to 20 years in prison

This high-profile case cast a bright light on the crypto industry, highlighting the urgent need for KYC procedures in the space. It also put cryptocurrency on the radar of many regulators and financial industry leaders. 

Currently, KYC in crypto has become a standard procedure, especially for cryptocurrency platforms that move money. While regulation in the crypto industry has been in flux, regulators across the globe have called for rules that ensure identity verification and the prevention of illegal activity. This includes a 2023 White House roadmap to mitigate cryptocurrency risks.

A note on crypto regulation: Privacy vs anonymity

It's important to note that regulations seek to prevent illegal activity in the cryptocurrency space—not eliminate privacy. Privacy and anonymity are not the same: Privacy is a fundamental right to control one’s personally identifiable information (PII). Anonymity, on the other hand, is a way of hiding one’s identity—which can be used for malicious activities. 

Cryptocurrencies like Bitcoin are not inherently anonymous. They do, however, offer a level of privacy that can be strengthened through the use of secure and encrypted channels for sharing sensitive information. KYC can help crypto users maintain control over their privacy while protecting crypto platforms from exploitation by anonymous users.

What problems does KYC solve for the crypto Industry?

Beyond compliance with the Bank Secrecy Act, KYC helps the crypto industry maintain a secure and trustworthy environment by addressing the following concerns:

Compliance with jurisdictional requirements

When it comes to cryptocurrency trading and investment, regulations vary by country. Some platforms may be set up to only serve US customers, while others may be prohibited from serving them at all. For example, the once-popular Bittrex exchange will shut down US operations due to regulatory changes but will continue operating in other countries. 

The KYC process can help crypto platforms verify the location and identity of their users, effectively ‘geo-gating’ their services for jurisdictional requirements. This helps prevent companies from inadvertently violating the regulations of other jurisdictions while adhering to the guidelines of the countries in which they’re allowed to operate. 

Combating social engineering scams

Social engineering scams involve fraudsters deceiving and manipulating victims into either revealing sensitive information or transferring funds, often using irreversible and harder-to-trace cryptocurrencies. Social engineering is widespread, with 84% of US adults having experienced some form of it—most commonly phishing scams. 

While KYC’s main purpose is to help ensure compliance with Bank Secrecy Act regulations, its processes are commonly combined with anti-fraud tools that can help crypto companies stop bad actors from using their platforms. That’s because platforms with robust KYC can link a fraudulent or manipulative transaction back to the scammer’s identity, making the chances of getting caught much higher. 

Tackling ID theft and synthetic ID fraud

Identity theft using stolen IDs from the dark web is prevalent in the crypto space. In 2022, over 1.1 million instances of ID theft fraud were reported to the Federal Trade Commission (FTC), making it the most prevalent type of fraud in the US. Synthetic identity theft, where fraudsters use a mixture of real and fake personal information to create a fraudulent identity to open an account, is also increasingly common. 

Crypto platforms are a prime target for identity theft fraud since transactions made under false identities cannot be reversed. Scammers go as far as using presentation attacks that employ stolen biometric information such as facial images or fingerprints to impersonate people and falsely verify their identity. 

Plaid Identity Verification fights this by using ‘liveness detection’, which also supports KYC procedures. Liveness detection uses real-time selfie videos to match ID documents to a user’s face. Another useful tool is lightning checks, which can identify forgeries by examining the ID's security features and cross-referencing them with a database of known fakes. 

Fighting evolving fraud tactics

Fraud in the crypto industry is constantly evolving as criminals develop new and more sophisticated methods, such as presentation attacks, synthetic identities, or increasingly advanced credential stuffing. KYC verification processes must stay ahead of these threats to keep crypto companies and their customers safe. Identity verification solutions like Plaid IDV strive to evolve with fraudsters and beat them at their own game. 

Crypto companies that attempt to fight new fraud tactics on their own are generally at a disadvantage compared to those that partner with an identity verification solution. That’s because identity verification solutions protect many companies at once. Consequently, they’re much more likely to be the first to spot new types of fraud—and then evolve to combat them. 

Partnering with an identity verification solution that makes regular updates to stay ahead of cutting-edge fraud tactics is the easiest way for crypto companies to ensure they’re up to date.

How can Plaid help with crypto KYC?

To help crypto companies with KYC, Plaid offers a full-suite fraud prevention and KYC solution. This critical line of defense in the crypto space helps address numerous challenges, from mitigating their own risk to ensuring their customers’ safety. 

Plaid Identity Verification (IDV) = KYC + Anti-fraud tooling + onboarding optimization

Plaid IDV can confirm customer identities in over 200 countries using authoritative data sources, ID documents, and selfie verifications. To add another layer of security for crypto companies, it also includes a machine-learning-powered anti-fraud engine that can detect and minimize fraudulent activity. IDV uses seven vital data checks to ensure a robust verification process, eliminating the need for companies to work with multiple vendors for their KYC process. 

Plaid Monitor adds additional security to the onboarding process by helping identify potentially compromised or criminal individuals. It screens customers against sanctions and politically exposed persons (PEPs) watchlists and can provide continuous monitoring to re-screen customers over time. This helps crypto companies comply with AML screening requirements, supports their customer due diligence (CDD) process, and reduces the risk of a crypto platform unknowingly facilitating a crime. 

Using Plaid IDV and Monitor together creates a full-suite solution with the tools needed for both back-office and ongoing compliance management. Crypto companies can manage failed verifications, see a complete audit trail, and manage review queues in a way that works best for them.

Additionally, Identity Match (a feature within Plaid Identity Verification), can instantly match the name, phone number, address, and email address that a crypto company has on record to those details that the customer has on file with their linked bank account. This complements the KYC process by adding another layer of fast and accurate verification. 

Plaid’s KYC solutions offer the lowest friction available and are designed to help minimize customer drop-off—and can improve conversion rates by 10 to 20%.

Self-sovereign identity (SSI) and the future of crypto KYC

As crypto evolves, so will the need for KYC and identity verification. A preferred vision for many in the industry is known as ‘self-sovereign identity’, or SSI, which has the potential to change the way KYC is conducted in the crypto industry. 

Understanding self-sovereign identity

Self-sovereign identity allows individuals to own, control, and share their personal information without relying on a central authority or third-party intermediaries. This decentralized approach to identity empowers people to create and manage their digital identities securely, granting them control over who can access their data and under what circumstances.

SSI uses cryptographic techniques to secure personal information. Users can share verifiable credentials without exposing sensitive data. SSI not only enhances privacy but also reduces the risk of identity theft and fraud.

The peanut butter and jelly of crypto: SSI + KYC

Bringing SSI into the KYC process could be considered the 'peanut butter and jelly'—that is, the perfect match—for identity verification and crypto. The potential is a seamless blend of regulatory compliance and user-owned / user-centric processes that dramatically improve both security and convenience. 

SSI could help crypto platforms streamline KYC, as users would need only share their pre-verified credentials for each platform they sign up to—and not their ID documents. This would reduce user burden and the amount of personal data the platform would need to store, as well as minimize the risk of data breaches that expose personal information and ID documents. 

Not only that, SSI would fit well within the decentralized nature of the crypto industry, promoting a core principle that many have been building on for over a decade. Mass adoption of SSI could lead to more trust, transparency, and privacy without compromising security or user experience.

SSI is a vision for what the future could become for identity. Secure, reusable, and private. Crypto is the perfect industry to experiment with and deploy a version of ID verification that would exist if it could be rebuilt from the ground up.
Alain Meier, Head of Identity, Plaid

Back in today’s world, KYC for crypto companies remains an essential component of the new-user onboarding process. It helps ensure crypto companies remain compliant with various local jurisdictions and protect themselves and their customers against fraud. 

→ Learn more about Plaid Identity Verification and how it can help crypto companies run secure KYC processes without sacrificing conversion or user experience. 

Find out how Plaid can help your business grow

By submitting this form, I confirm that I have read and understood Plaid’s Privacy Statement.

This form goes to our sales team. If you have questions about connecting your financial accounts to a Plaid-powered app, visit our consumer help center for more information.