KYC for crypto: Ensuring crypto security and compliance

Crypto can be an attractive target for fraud and bad actors. Learn about how KYC for crypto limits fraud risk and improves compliance.

March 08, 2024

Tom Sullivan Pic
Tom Sullivan

Tom is a fintech industry writer who creates whitepapers and articles for Plaid. His work has been featured in publications like Forbes, Fortune, and Inc. He's passionate about the freedom that the union between financial services and technology can create.

Cryptocurrency has created a financial revolution with promises of decentralization, speed, and anonymity. However, there are also significant challenges, especially related to fraud risk. 

For example, neobanks can reverse fraudulent charges and return stolen funds. However, crypto transactions cannot be reversed, and they are often significantly larger. These large deposits and the irreversibility of payments make crypto an attractive target, increasing the need for security and fraud prevention.

Many crypto companies have limited controls for identity verification and fraud prevention, contributing to a higher risk of fraud. According to Coindesk, crypto users lost $4 billion in 2022 due to scams, rug pulls, and hacks. The rate decreased significantly in 2023 but still resulted in crypto users losing $2 billion to fraudsters. Crypto companies must use better checks to mitigate risk and stop fraud. 

This article defines KYC compliance in the crypto space, addresses common KYC crypto challenges, and explores how Plaid can help crypto companies create robust KYC processes without harming their new-customer onboarding flows.

What is KYC in crypto?

Know Your Customer (KYC) is a process financial institutions use to verify a customer's identity before allowing them to open a new account. The KYC process limits fraud, money laundering, terrorist financing, and other illegal or illicit activities. KYC helps financial institutions comply with customer due diligence (CDD) and anti-money laundering (AML) regulations under the Bank Secrecy Act (BSA).  

Some crypto companies are considered ‘financial institutions’ and subject to BSA regulations. These companies operate as money transmitters, meaning they convert fiat currency, such as the US dollar, to cryptocurrency, such as Bitcoin. As such, a KYC program is the best way to fulfill their legal obligation.  

The KYC crypto process uses several steps to verify customers’ identities and screen them for illicit activity before they can access the crypto exchange, wallet, or another crypto platform. This can include collecting and verifying the following information:

  • Name

  • Address

  • Date of birth

  • Government-issued identification documents

If a new customer is considered suspicious, they can be subjected to enhanced due diligence. When this occurs, the institution may collect additional information such as the source of funds, information on their business, and information on hidden owners/stakeholders known as ultimate beneficial owners (UBOs), who shell companies may conceal. 

Find out how much identity verification is worth to your organization

Prevent fraud, win users, and protect your bottom line

The history of KYC in crypto and Liberty Reserve

The history of KYC in the cryptocurrency industry is closely tied to the rise and fall of Liberty Reserve, a digital currency platform founded in 2006. Liberty Reserve allowed users to transfer funds with minimal oversight. It quickly became popular with cybercriminals and money launderers looking to exploit the lack of controls to conduct illegal transactions. 

In 2013, a joint US government task force shut down Liberty Reserve after discovering it had laundered over $6 billion in proceeds from criminal activities, including identity theft, credit card fraud, and computer hacking. In 2016, Liberty Reserve’s founder, Arthur Budovsky, pleaded guilty to running a money-laundering enterprise and laundering over $250 million. A Manhattan federal court later sentenced him to 20 years in prison

This high-profile case casts a bright light on the crypto industry, highlighting the need for KYC procedures. It also put cryptocurrency on the radar of many regulators and financial industry leaders. 

Currently, KYC in crypto has become a standard procedure, especially for cryptocurrency platforms that move money. While regulation in the crypto industry has evolved, regulators worldwide are advocating for rules that prioritize identity verification and the prevention of illegal activities. This includes a 2023 White House roadmap to mitigate cryptocurrency risks.

A note on crypto regulation: Privacy vs anonymity

Regulations aim to prevent illegal activity in the cryptocurrency space, not eliminate privacy. Privacy and anonymity are not the same: Privacy is a fundamental right to control your personally identifiable information (PII). Anonymity is hiding your identity, which can be used for malicious activities. 

Cryptocurrencies like Bitcoin are not inherently anonymous. However, they do offer a level of privacy that can be strengthened with secure and encrypted channels for sharing sensitive information. KYC can help crypto users maintain control over their privacy while protecting crypto platforms from exploitation by anonymous users. 

What problems does KYC solve for the crypto Industry?

Beyond compliance with the Bank Secrecy Act, KYC helps the crypto industry maintain a secure and trustworthy environment by addressing the following concerns:

Compliance with jurisdictional requirements

Cryptocurrency trading and investment regulations vary by country, which complicates compliance. Some platforms only serve US customers, while others may be prohibited from serving them at all. For example, the once-popular Bittrex exchange had to shut down US operations due to regulatory changes and later closed entirely. 

The KYC process can help crypto platforms verify the location and identity of their users, effectively ‘geo-gating’ their services to meet local regulations. This helps prevent companies from accidentally violating the rules of other countries while meeting the guidelines of the countries they’re allowed to operate in.  

Combating social engineering scams

Social engineering scams occur when fraudsters manipulate victims into revealing personal information they can use to create or take over accounts. In some cases, fraudsters trick consumers into transferring funds themselves, often using irreversible and harder-to-trace cryptocurrencies. Social engineering is widespread; 84% of US adults have experienced some form of it—most often phishing scams. 

While KYC’s primary purpose is to improve compliance with Bank Secrecy Act regulations, it can be combined with anti-fraud tools to limit bad actors' ability to use crypto platforms for financial crimes. Platforms with robust KYC measures can link a fraudulent or manipulative transaction back to the scammer’s identity, improving the chances of catching them in the act. 

Tackling ID theft and synthetic ID fraud

Identity theft using stolen IDs from the dark web is prevalent in the crypto space. In 2023, over 1.04 million instances of ID theft fraud were reported to the Federal Trade Commission (FTC), making it one of the top types of fraud in the US. Synthetic identity theft, where fraudsters use a mix of real and fake personal information to create a fraudulent identity and open an account, is also increasingly common. 

Crypto platforms are a prime target for identity theft fraud since transactions made under false identities cannot be reversed. Scammers even use presentation attacks that employ stolen biometric information, such as facial images or fingerprints, to impersonate people and falsely verify their identity. 

Plaid Identity Verification fights this using ‘liveness detection’, which also supports KYC procedures. Liveness detection uses real-time selfie videos to match ID documents to a user’s face. Another helpful tool is lightning checks, which can identify forgeries by examining the ID's security features and cross-referencing them with a database of known fakes. 

Fighting evolving fraud tactics

Fraud in the crypto industry is constantly evolving as criminals develop more sophisticated methods, such as presentation fraud, synthetic identities, and increasingly advanced credential stuffing. KYC verification for crypto must stay ahead of these threats to keep crypto companies and their customers safe. Identity verification solutions like Plaid IDV strive to evolve with fraudsters and beat them at their own game. 

Crypto companies that attempt to fight new fraud tactics on their own are generally at a disadvantage compared to those that partner with an identity verification solution. That’s because identity verification solutions protect many companies at once. Consequently, they’re more likely to spot new types of fraud—and then evolve to combat them. 

Partnering with an identity verification solution that makes regular updates to stay ahead of cutting-edge fraud tactics is the easiest way for crypto companies to ensure they’re up to date. 

How can Plaid help with crypto KYC?

To help crypto companies with KYC requirements, Plaid offers a full-suite fraud prevention and KYC solution. This critical line of defense helps address numerous challenges, from mitigating their own risk to ensuring their customers’ safety. 

Plaid Identity Verification (IDV) = KYC + Anti-fraud tooling + onboarding optimization

Plaid Identity Verification (IDV) can confirm customer identities in over 200 countries using authoritative data sources, ID documents, and selfie verifications. To add another layer of security for crypto companies, it also includes a machine-learning-powered anti-fraud engine that can detect and minimize fraudulent activity. IDV uses eight vital data checks to ensure a robust verification process, eliminating the need for companies to work with multiple vendors for their KYC process. 

Plaid Monitor adds additional security to the onboarding process by helping identify potentially compromised or criminal individuals. It screens customers against sanctions and politically exposed persons (PEPs) watchlists and can provide continuous monitoring to re-screen customers over time. This helps crypto companies comply with AML screening requirements, supports their customer due diligence (CDD) process, and reduces the risk of a crypto platform unknowingly facilitating a crime. 

Using Plaid IDV and Monitor together creates a full-suite solution with the tools needed for both back-office and ongoing compliance management. Crypto companies can manage failed verifications, see a complete audit trail, and manage review queues in a way that works best for them.

Additionally, Identity Match (a feature within Plaid Identity Verification) can instantly match the name, phone number, address, and email address that a crypto company has on record to those details that the customer has on file with their linked bank account. This complements the KYC process by adding another layer of fast and accurate verification. 

Plaid’s KYC solutions offer the lowest friction available and are designed to help minimize customer drop-off—and can improve conversion rates by 10 to 20%. 

Self-sovereign identity (SSI) and the future of crypto KYC

As crypto evolves, so will the need for KYC and identity verification. One possible evolution of KYC in crypto is ‘self-sovereign identity’, or SSI, which has the potential to change the way KYC is conducted in the crypto industry. 

Understanding self-sovereign identity

Self-sovereign identity allows individuals to own, control, and share their personal information without relying on a central authority or third-party intermediaries. This decentralized approach empowers people to manage their digital identities securely, granting them control over who can access their data and under what circumstances.

SSI uses cryptographic techniques to secure personal information, allowing users to share verifiable credentials without exposing sensitive data. SSI not only enhances privacy but also reduces the risk of identity theft and fraud.

The peanut butter and jelly of crypto: SSI + KYC

Using SSI in the KYC process could be considered the 'peanut butter and jelly'—that is, the perfect match—for identity verification and crypto. They could create a seamless blend of regulatory compliance and user-owned processes that dramatically improve both security and convenience. 

SSI could help crypto platforms streamline KYC, since users could share pre-verified credentials for each platform they sign up to and not their ID documents. This would reduce user burden and the amount of personal data the platform would need to store, as well as minimize the risk of data breaches that expose personal information and ID documents. 

SSI fits well with the crypto industry's decentralized nature, promoting a core principle that many have been building on for over a decade. Mass adoption of SSI could create trust, transparency, and privacy without compromising security or user experience.

SSI is a vision for what the future could become for identity. Secure, reusable, and private. Crypto is the perfect industry to experiment with and deploy a version of ID verification that would exist if it could be rebuilt from the ground up.
Alain Meier, Head of Identity, Plaid

In today’s world, KYC remains an essential component of the new-user onboarding process for crypto. It helps ensure crypto companies remain compliant with various local jurisdictions and protect themselves and their customers against fraud. 

→ Learn more about Plaid Identity Verification and how it can help crypto companies run secure KYC processes without sacrificing conversion or user experience.

Find out how Plaid can help your business grow

By submitting this form, I confirm that I have read and understood Plaid’s Privacy Statement.

This form goes to our sales team. If you have questions about connecting your financial accounts to a Plaid-powered app, visit our consumer help center for more information.