KYC (Know Your Customer) and its importance on exchanges
What is KYC?
KYC, or "Know Your Customer", is a mandatory system of identity verification and user identification on banking, e-commerce and stock exchange websites. This procedure requires the provision of documents that prove the identity of the customer. This can be a valid identity card (passport), a utility bill with the address of residence, insurance number and so on. Often exchanges have a two-stage verification process: first, you provide your ID card, which opens up a certain withdrawal and deposit limit and some features of the exchange, after which the user can request an extended verification, which will give even more opportunities. The KYC process is an important element of security and compliance. Let's talk about why KYC plays an important role on exchanges and how its implementation affects financial transactions.
The main purpose of KYC is to protect against fraud and ensure transparency in financial transactions. By verifying the identity of customers, an exchange aims to prevent its platform from being used for illegal purposes such as money laundering, terrorist financing, etc. In addition, KYC helps the exchange to comply with regulations and requirements of regulatory bodies.
This type of verification was first used back in the 1900s when banks started requiring customers to open accounts under their real names. In the world of the online space, this practice has been in active use since the 2000s. As the internet has evolved, KYC has found its way into social media, e-commerce platforms and other online spaces as it is designed to protect users from the activities of fraudsters.
Identity verification for security
KYC exists as we know it for the reason that robbers, scammers and hackers are clearly keen to maintain their anonymity, while people who have nothing to hide will have no problem providing the information they need.
Identity verification can be done through a variety of methods such as:
- Providing identification documents such as a passport, driver's license or birth certificate - a familiar verification option for every cryptan.
- Answering secret questions that are known only to the person whose identity needs to be verified. Very common questions for years have been: "What is your mother's maiden name?" or "What was the name of your first pet?".
- Biometric authentication, which uses a person's unique physical characteristics such as fingerprints, facial recognition or voice - for the most part, this type of verification is used by banks. For example, if you want to withdraw an unfamiliar amount of money from your account, a bank representative may call you and require voice verification.
Typically, the KYC process involves collecting the following data from the customer:
- FULL NAME
- Date of birth
- Passport details
- Residential address
- Telephone number
- Nationality
- Type of activity
Depending on the institution that asks you to undergo KYC verification, this list may vary.
Why do I need identity verification? Identity verification helps to ensure that the person trying to access resources or services is who they say they are. This helps prevent fraud. In addition, identity verification helps control access to resources and services. This helps to protect privacy and data security. Equally important, KYC provides transparency in actions and transactions. This helps in detecting and preventing illegal activities.
KYC is mandatory for most cryptocurrency exchanges that operate in regulated jurisdictions. In the US, KYC is mandatory for all exchanges, regardless of their jurisdiction.
Benefits of KYC for users
Cryptocurrencies, for the most part, do not fall under the control of centralized authorities. In addition, the anonymity and speed of transactions can attract malicious users. The "Know Your Customer" procedure aims to eliminate such illegal acts, prevent fraud and generally build trust in the crypto world. Also, this procedure ensures that crypto exchanges provide security in conducting financial transactions, creating a trustworthy environment for market participants.
Let's break down the benefits of KYC verification in more detail:
- Identity Protection:
- KYC helps in preventing unauthorized access to users' personal data, providing protection against cyberattacks and identity theft.
- Fraud prevention: KYC helps exchanges and platforms prevent fraudulent activities such as money laundering and terrorist financing, ensuring security and integrity in finance.
- Trust in the platform: users can trust an exchange or platform where KYC is implemented because it shows a serious commitment to security and compliance with the law
- KYC helps avoid instances where users may be inadvertently linked to illegal or authorized activity, which can have financial and legal consequences.
According to Crystal Blockchain, between 2011 and 2020, a total of $7.7 billion worth of cryptocurrency has been stolen by hackers and fraudsters. Litigation to compensate users of the MtGox and Cryptopia exchanges has dragged on for more than a year, partly due to the lack of KYC procedures or users' refusal to go through them. Moreover, in case of bankruptcy and the exchange's transition to external management, it will be much easier for verified users to receive compensation.
KYC is very helpful in curbing money laundering. In 2021, money laundering through cryptocurrencies increased by 30% compared to this figure in 2020. It is the KYC procedure that has been able to help cryptocurrency exchanges curb illegal money laundering.
Identity verification simply does not exist on most DeFi platforms, which is why illegal fraudulent activity primarily takes place on them. Centralized exchanges protect themselves and their users from potential problems thanks to KYC verification.
DeFi platforms gained particular popularity in 2020-2021. In 2020, DeFi platforms experienced nearly $162 million in cryptocurrency losses, representing 31% of total thefts during the year and 335% higher than in 2019. In 2021, that figure is up another 1330%. In other words, as DeFi platforms expand, so does the theft problem. This demonstrates the need for increased security in the sector. Users of centralized exchanges suffer from theft much less frequently. This is due to KYC verification, which is now mandatory on almost all popular exchanges.
The downside of KYC
Despite its advantages, the KYC process also has a number of problems. Essentially, all these endless attempts to "cut off the oxygen" to people who don't want to provide confidential information also contradict the ideals of the "open, peer-to-peer (p2p) and trusted intermediary-free cash system" that Nakamoto developed when creating BTC.
In addition, there are so-called vulnerabilities called "hanipots" ("honeypots"). It is the honeypots that attackers are so interested in, because with the help of information that users provide when creating an account on a centralized exchange or similar platform, you can do a lot of things. Over time, data breaches are becoming more frequent and widespread. The number of data breaches increased by more than 500% from 2005 to 2020. 80% of all data breaches in 2019 included users' personal information (e.g., name, credit card information, medical records). All third parties, including exchanges, are at risk of data breaches.
A prime example is the Ledger hack in 2020, which resulted in the data loss of over a million email addresses and personal information. After the Ledger customer database was hacked, users faced phishing attempts, threats and extortion, including threats of violence and even murder.
What did the hackers do with this information? Some users received phishing emails asking them to "download the latest version of Ledger Live" and follow instructions to set up a "new PIN" for their wallet.
Other users received threats in which the hackers promised to use certain information and publish it in the public domain if the user did not send them $500 in BTC. There were cases when the same hackers threatened people to link their emails to "child porn sites" and portray them as "pedophiles and child molesters" if they did not send the attackers the money they demanded. Such stories have unfortunately abounded after the information was stolen. Incidents such as the Ledger hack are just examples of the consequences that can arise from data leaks from the KYC process.
Of course, one might think that if people are not willing to share personal data, then they have something to hide and their activities are illegal. However, in fact, according to statistics from a US Senate committee, BTC is used in criminal activities much less than the US dollar. With this in mind, the likelihood of even accidentally facilitating criminal activity by purchasing BTC without KYC is slim.
How does KYC affect decentralization and anonymity?
Cryptocurrency and blockchain technology is primarily so special because of its decentralization - there is no central control over the system. But here, KYC collapses the entire system as the verification merges cryptocurrency exchanges and traditional financial institutions, handing over control to a central authority. That would all be fine, but what if there is a sudden data breach? Some fans of the crypto world prefer anonymity in decentralized blockchains precisely because of the fear of losing control over their information, because, indeed, there are exchanges that have yet to create a reliable KYC system to protect user information.
There have also been cases where hackers have actually gained access to users' KYC data through vulnerabilities in exchanges' software. This is why it is so important to choose a really reliable exchange to trade with. In addition, regulators are increasingly interested in the crypto sphere, which is why it has become almost impossible to maintain anonymity and use the services of licensed exchanges at the same time. Tax authorities are trying to identify users hiding income from cryptocurrency transactions, and law enforcement agencies are trying to track down criminals using cryptocurrencies. The U.S. Internal Revenue Service (IRS) stands out in tracking down tax law violators, having successfully won two court cases against exchanges Coinbase and Circle and gaining the right to access their customers' personal data and transactions.
Moreover, using an anonymous account makes it easier for attackers to withdraw funds because their data, including cryptocurrency wallet or bank account address, has not been verified by the system. On regulated exchanges, such scenarios are ruled out. Of course, no one is actually immune to data theft, as each of us is an internet user, visiting hundreds of websites every month, filling out forms to place certain orders and occasionally connecting to public Wi-Fi. Of course, you should only leave your data if you really trust a web page, but KYC verification is primarily an attempt to keep you safe as a user.
Steps to pass KYC
Passing KYC verification is generally the same on all exchanges: the user registers on the exchange, enters their personal official data, then provides a photo of the document and takes selfies so that the platform can verify the photo on the document and the surf. After successfully completing the KYC process, the user receives confirmation of their identity and authorization to make transactions on the platform. There are exchanges where it is possible to undergo KYC verification in several stages - each level of verification provides different opportunities. For full verification, you will usually need to provide a bank statement or an apartment bill to confirm the residential address you have provided. Some exchanges have fast identity verification: for example, the WhiteBit exchange allows users from Ukraine to verify via the Diya app, and then identity verification takes place in a matter of minutes.
KYC: a useful procedure or an attempt to centralize cryptocurrency: CRYPTOLOGY.KEY team's opinion
The KYC procedure on CEX exchanges remains a hotly debated topic in the crypto community. On the one hand, KYC is important in the context of combating fraud and illegal financial transactions. Through such procedures, exchanges seek to ensure the safety of their users by establishing their identity and preventing illegal activities.
However, there are also negative aspects. For example, if a user's account is mistakenly credited with "dirty" cryptocurrency, or if they unknowingly transfer funds to a wallet involved in illegal activity, this could result in the freezing of all of their funds, similar to if the user received authorized funds into a PrivatBank account.
Another important consideration is data privacy. Platforms collect a significant amount of personal information about users, and cannot always guarantee its reliable protection. Data leaks, unfortunately, are not uncommon, and they jeopardize the privacy of users. In addition, in some jurisdictions, platforms are required to share the collected data with government authorities, which contradicts the basic idea of cryptocurrencies as a means of ensuring independence from centralized systems.
There is an alternative in the form of DEX and hot wallets like MetaMask. These allow users to store and move their funds without having to undergo KYC. This gives greater freedom and anonymity, but also increases the user's responsibility for the security of their funds. For those interested in derivatives trading and leverage, KYC remains an inevitability on CEX as there are no such features on DEX. However, if your goal is investing, it is sufficient to create a wallet for yourself in MetaMask and not have to go through verifications. Nevertheless, we recommend splitting assets between different platforms to reduce potential risks.
Frequently asked questions about KYC
What is KYC verification?
What is the purpose of KYC?
Is KYC a compulsory check?
Crypto exchanges and trading