Technology, Privacy, and Regulation: Inside the ID Verification Battle for Cryptocurrency

Since the advent of Bitcoin in 2009, cryptocurrency has slowly but surely made its way into use. And while the idea of entirely digital transactions sounds appealing in today’s world, it also presents new opportunities for fraud. As a result, in order for cryptocurrencies to continue to make their way into the mainstream, the industry needs to solve problems around ID verification sooner rather than later.

ID Verification Proves Murky in the Cryptocurrency Market

Cryptocurrency is an unprecedented way to exchange money, and many financial and government organizations have even questioned whether exchanging cryptocurrency counts as making a monetary investment. Because of these questions, regulation has been slow to come to cryptocurrency transactions.

As of 2017, regulations are still murky. In fact, even though a majority of cryptocurrency exchanges are now subject to regulation, there are still many that aren’t. That includes four popular exchanges (Local Bitcoins, Wall of Coins, Bitquick, and Bitsquare) that don’t require any ID verification. These exchanges’ arguments for avoiding ID verification include maintaining privacy by allowing users not to share information that would make them susceptible to hacking and not making users jump through hoops to use their service.

On the other hand, even cryptocurrency exchanges that do run ID verification have yet to figure out a rock-solid process. As the New York Times reported recently, hackers have found it easy to steal users’ mobile phone numbers, and once they have that, bypassing ID verification for cryptocurrency exchanges is simple. According to the report, because many cryptocurrency exchanges use two-factor authentication through mobile phone for ID verification, anyone who has a SIM card tied to a user’s phone number can easily reset passwords and take control of the account.

Regulations Rush to Catch Up to Technology

From exchanges with no ID verification to exchanges with ID verification methods that have obvious loopholes, it’s clear that regulations are rushing to catch up to the technology behind cryptocurrency. In fact, the SEC didn’t even start to regulate cryptocurrency until recently — and most of those regulations only came after a high-profile hacking. Still, questions remain about whether to treat cryptocurrency as securities, assets, currencies, or something else, and the answers to those questions directly impact regulations.

So what regulations apply to cryptocurrency? The US Financial Crimes Enforcement Network (FinCEN) issued guidance in 2013 around the application of regulations for those administering, exchanging, or using virtual currency. According to this guidance, any administrator or exchanger of cryptocurrency qualifies as a money service business (MSB) and is therefore subject to regulations under the Bank Secrecy Act, including:

 

• Anti-Money Laundering (AML) laws with which all financial institutions must comply under the Bank Secrecy Act. These laws require institutions to file a report for any individual who makes a transaction of over $10,000. Those reports are then investigated by FinCEN for signs of suspicious activity.

• Know Your Customer (KYC) program, which is required by the Bank Secrecy Act and U.S. Patriot Act to confirm that customers only open accounts in their own legal name. The program also calls for financial institutions to have a general understanding of where money in an account comes from and to monitor transactions in order to prevent money laundering activities.

• Customer Identification Program (CIP), which is part of KYC and is meant to curb identity fraud. Under CIP, financial institutions must verify the identity of customers including their name, date of birth, address, and taxpayer ID number (for US citizens) or passport or alien ID number (for non-US citizens).

 

However, users (defined as someone who obtains cryptocurrency and uses it to purchase goods) are not subject to these regulations.

Applying Regulation to Cryptocurrency: Problems Abound

Applying these regulations to the cryptocurrency market has not proven to be smooth sailing. Take the case of Charlie Shrem, co-founder of Bitcoin exchange BitInstant, who was arrested for money laundering in 2014 for not complying with AML and KYC regulations. Although Shrem did not knowingly aid in money laundering, he did not follow the guidelines stipulated by these regulations (including proper customer identification and understanding the source of funds) and was therefore in violation.

Meanwhile, New York state has introduced its own regulations for Bitcoin, known as BitLicense, that call for higher levels of ID verification and reporting for Bitcoin transactions. Citing the “invasive” nature of these requirements alongside the fact that most of their users are looking for privacy, several Bitcoin businesses left New York in 2015.

A New Solution for Cryptocurrency ID Verification

Today, ID verification in the cryptocurrency market is something of a Catch-22: Administrators and exchangers now face regulations with which they must comply in order to avoid fraud and money laundering charges, but users want privacy. Quite ironically, even though ID verification and the associated regulations are meant to prevent identity theft, users don’t want to give up personally identifiable information for fear of that information being exposed to hackers.

The solution? Direct-from-source data for ID verification. Rather than having users submit their information like address and date of birth and scan images of a driver’s license, passport, or utility bill (all of which then sit on the cryptocurrency exchange’s server), direct-from-source data uses a feed to obtain those details. Users simply log in to an account, such as their utility account, through the cryptocurrency exchange so that the administrator can pull the ID verification data from the account through a one-time data feed.

This method allows the cryptocurrency exchanges to satisfy regulations around ID verification but gives users peace of mind since their data doesn’t end up sitting on the exchange’s server as a prime target for hacking. Additionally, unlike current methods of ID verification for cryptocurrency, including uploading and scanning information and/or using a mobile phone number, direct-from-source data is much more difficult for hackers to fabricate.

Contact one of our data specialists to learn how utility data can help with your ID verification needs.

Related Resources:

• How Blockchain Technology is Changing the Energy Market
• Webinar: Staking Out the Enemy: Understanding ID Verification in a Digital World
• Solutions Sheet: Utility Data for Identity Verification

---

---