KYC Done Right With IOTA

Privacy Meets Compliance: Tokenized KYC Solution for Web3

TL;DR:
The IOTA Foundation, walt.id, IDnow, Bloom Wallet, and SPYCE.5 have built a system to authenticate users in Web3 environments in a way that respects the privacy and autonomy of the individual. The identification process is tokenized, enabling users to verify their identity in Web3 applications while maintaining control over their information.

To prevent money laundering and terrorism financing in crypto markets, upcoming EU and global crypto regulations will require obligated entities to implement strict anti-money laundering (AML) and Know Your Customer (KYC) measures. However, available tools for authenticating users in Web3 applications lack the strong guarantees needed to truly identify the person behind an address on the blockchain.

To provide a solution that meets strict authentication requirements while also respecting user privacy and minimizing the burden on dApps, the IOTA Foundation is collaborating with a walt.id, IDnow, Bloom Wallet, and SPYCE.5 to develop an innovative KYC solution that incorporates tokenization for efficient and secure user authentication in Web3 applications, both on- and off-chain.

The new Transfer of Funds Regulation (TFR) and the upcoming Anti-Money-Laundering Regulation (AMLR) extend anti-money laundering obligations to Crypto Asset Service Providers (CASPs) such as crypto-asset exchanges, requiring them to collect information about users and the identity of customers using self-hosted wallets.

According to the TFR, all crypto-asset transactions involving CASPs must include information about the sender and the recipient, as is the case with bank transfers. In addition, if the transfer exceeds EUR 1000 to/from a self-hosted address, the CASP needs to assess whether the address is owned by the originator/beneficiary. Furthermore, AMLR will require all CASPs to adhere to similar anti-money laundering regulations as other financial institutions.

Faced with these regulatory demands, Web3 applications will have to find ways to ensure that their users can be identified while adhering to the privacy and security principles of distributed ledger technology. For example, no personal data should be recorded on the blockchain, and the data should be collected in a manner that protects the privacy of the customer. This is especially important as regulators begin to consider approaches for regulating decentralized finance (DeFi).

Our solution aims to protect personal data and ensures that it is never recorded on-chain. Users have complete control over their data and can seamlessly identify themselves with various Web3 applications. As regulatory requirements in the crypto-asset industry continue to roll out, we anticipate an increased demand for easy and simple identity verification tools for Web3 applications.

Tokenized KYC Process: Privacy-Preserving Onboarding for Web3

Together with our partners, we’ve designed a reusable KYC system to onboard users to any dApp or app – seamlessly, efficiently, and fully compliant with regulatory standards. To enable privacy-preserving authentication, each step of the process has been designed to make the user experience as easy as possible.

  • First, a remote identification process is performed by IDnow and is regulated and recognized in compliance with current anti-money laundering and countering the financing of terrorism (AML/CFT) rules.
  • After that, the identification process is tokenized by walt.id, allowing applications to have confidence that the process has occurred.
  • The resulting token is then stored in the user’s Bloom wallet (or other compatible wallets) and it is bound to the authenticated address (in other words, it becomes a soulbound token). It can then be used for on-chain processes, facilitating Web3 native interactions with the assurance that the user has been authenticated, without revealing any personal information at this stage.
  • The collected identity information can later be revealed if requested by an authorized party, such as law enforcement, and the token can also be revoked if invalidation is needed (e.g., watchlist changes).
  • In addition to the token, the identity information can be issued in the W3C Verifiable Credential format, enabling users to receive their verified information and share it in a permissionless way in off-chain use cases.

Watch the video below to learn more about the solution.

About the Partners

IDnow is a leading identity verification platform provider in Europe with a vision to make the connected world a safer place. The IDnow platform provides a broad portfolio of identity verification solutions, ranging from automated to human-assisted from purely online to point-of-sale, each of them optimized for user conversion rates and security.

In this project, IDnow provides the identity verification solution, which confirms the user’s identity either through a fully automated process or a human-assisted verification, depending on the specific needs of each case. Find out more here.

walt.id is a leading provider of open-source decentralized identity and wallet infrastructure already used by thousands of developers as well as governments, public authorities, DAOs, and businesses across industries.

As part of this project, walt.id provides the onboarding flow in which the identity verification conducted by IDnow takes place, it securely issues ID tokens to users' wallets and enables dApps/apps to authenticate and verify users based on these tokens. Read more here.

Bloom is an all-in-one wallet for the IOTA, Shimmer, and EVM ecosystem. In this project, the identity token is stored in the Bloom wallet, enabling the user to prove their identity in the Web3 ecosystem.

SPYCE.5 specializes in the integration of hybrid blockchain technologies. Spyce5 provides the dedicated EVM-compatible KYC chain infrastructure, which is anchored to the Shimmer network. This enables interchain communication and transaction validation, ensuring the system’s overall efficiency and regulatory compliance. Find out more here.

Web3 KYC Evolution

In an era where data privacy and regulatory compliance are paramount, IOTA and its partners are working on a groundbreaking KYC solution for Web3 while respecting individual autonomy and privacy. By tokenizing the identification process, users will be able to confidently engage with Web3 applications, knowing their personal information remains secure and off-chain.

As the regulatory landscape evolves, solutions like this will play a pivotal role in ensuring that DeFi and Web3 applications meet KYC compliance standards. To dive deeper into the IOTA Foundation’s work on user authentication and Digital Identities, please see the IOTA Identity Framework. Stay informed and empowered in the evolving world of Web3 authentication.


Links in this article