Kurt Wuckert Jr.

KYC sucks

Know Your Customer (KYC) laws are a relatively new entrant in the toolbox of government regulators and law enforcement. As a subset of Anti Money Laundering (AML) laws and regulations, KYC places a lot of burden on companies to secure client data. While some certainly do a decent job of it (and money others do not), sometimes the government itself is culpable in the mishandling of all kinds of private data—most typically financial data—of citizens who have done nothing wrong, but get put into positions of undue risk.

A generation ago, the President had dementia, Russia was the big bad guy, and Americans could simply make an investment from home while providing very little information!

Meme, Know Your Customer
Wait a minute…

In the 1980s and into the 90s, financial crimes were all the rage, and the government was cracking down as technology began replacing personal relationships in the investment space. Then at the tail end of what was a slow journey, 9/11 happened, KYC became mandatory due to emergency powers and the Patriot Act.

The problem with new KYC laws, like most other things, was the enforcement and added cost of compliance. When costs are unreasonably high, corners get cut and breaches happen. As KYC laws have strengthened, the honeypots of customer data have become increasingly difficult to secure which has made them an extremely valuable target for cybercriminals.

Hardly a year goes by when some major breach of client data isn’t sold on the dark web, and a gigantic tranche of legal proceedings and years of remediation come into play.

It’s worse in crypto

When Equifax, Facebook or US Voter data leaks, it sucks. Credit scores, social security numbers, political affiliations and other data can’t be put back in the bottle, but insurance and other remediation are available. When your crypto holdings get doxed, they’re extra juicy for criminals because, to date, once stolen, the funds are difficult to recover and easy to launder.

So leaks about cryptocurrency holdings have led to violent attacks, armed burglary and worse…

That’s why I have been particularly irritated about having my personal information leaked ahead of the Celsius bankruptcy creditor’s list being plastered across the internet. As a researcher and journalist in the blockchain space, I have an account basically everywhere, and I deposited a bit of money into Celsius to see what the experience was like. And like many other things, I forgot about it.

Well, when the data leaked, the site incorrectly calculated for exponential numbers making me look like I lost over $100,000 in the bankruptcy which puts my family at risk.

Celsius Network

The error has now been fixed, determining that my Celsius holdings were indeed minimal, but the damage was done as this screenshot was plastered all over Twitter where my critics were laughing about what a fool I am to put BTC in Celsius, and what a hypocrite I am to have so much BTC and so little BSV.

Can we fix it?

Let’s assume we don’t like our social security numbers, passwords, nude photos and crypto portfolios leaked, ok? Well, believe it or not, bitcoin fixes this!

KYC is an annoyance, an extra cost, and a security risk, but it’s probably not a genie that we can ever put back in the bottle. So, the next best thing is to use an open and auditable protocol to hash identity data onto a public blockchain (encrypted, of course) where ownership, possession and attestations of validity can be saved on chain.

Then, instead of sending an absurd amount of information to every entity that needs to comply with KYC/AML laws, Bitcoin users can simply show a hashed attestation that their identity exists and has been validated by organizations that are mandated to observe the truth and issue a token of acceptance of the truth for use out in the economy. That’s right! A whole business model where an agency validates age, title, location, and various other data in the presence of the user, issues a token attesting to the facts, and then gives back the documents. Then, the private citizen would be able to leave with an encrypted version of their identity data and source documents. Nothing for the agency to hold, secure or comply with. And the user gets an attestation of age, health and other relevant data points that cannot be hacked, leaked or easily lost.

Then, whenever the user decides, they can simply spend the token, and it’s burned.

Come to think of it, all of this is what VXPASS offers to the world… So Bitcoin fixes this, and the technology is already in the marketplace to build the business!

Until people start to care about privacy and security as much as people like to pretend they do, and make the switch to Bitcoin, we’re stuck with KYC honeypots, and that really, really sucks.

Watch: BSV Global Blockchain Convention panel, The Future of Digital Asset Exchanges & Investment

New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.

[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]
[id^="_form"]
[id^="_form"]
[id$="_submit"]
[id$="_submit"]
[^;]
[^;]
[?&]
[?&]
[^&#]
[^&#]
[(d+)]
[(d+)]
[elem.name]
[elem.name]
[+_a-z0-9-'&=]
[+_a-z0-9-'&=]
[+_a-z0-9-']
[+_a-z0-9-']
[a-z0-9-]
[a-z0-9-]
[a-z]
[a-z]
[el.name]
[el.name]