July 26, 2021

KYC in the XSL Labs ecosystem


KYC in the XSL Labs ecosystem

In our previous articles we discussed in detail about “Verifiable Credentials”. At the core of the ecosystem developed by XSL Labs, these identification and certification’s informations will verify the integrity and validity of an SDI subject’s data in the Internet of Trust. 

To succeed in obtaining digitally the same level of trust as that of interactions in the physical world is a big challenge. While at the same time, the physical world is constantly evolving towards more control over the identity of people. the evolution of regulations, particularly in the financial sector since the 2000s, places increasingly more constraints on companies and their customers.

In addition, regulations represent a growing cost for companies in the sector, hence the emergence of regtechs that deploy technologies to meet regulatory obligations in the area of financial activities. It costs to businesses an estimated 48 million dollars to comply to these regulations. For the 10% of the biggest and global financial institutions, the cost grows to more than 100 million dollars(1).    

Decentralized identifiers could represent an effective mean to meet regulations while reducing costs for businesses. More generally, solutions such as SDI from XSL Labs will allow the digital world to evolve to create an Internet of Trust.

KYC (Know Your Customer), refers to the process by which the identity of a customers is verified. This process, which makes it possible to ensure the real identity of people when they subscribe to financial services (for example the opening of a bank account), involves the submission of proof of identity (typically, documents identity, proof of address).

This procedure is only applied when opening a service.

Closely related to KYC, AML stands for Anti-Money Laundering and refers to the set of background checks that businesses and organizations must perform in order to fight money laundering.

Businesses’ obligations may include risk assessment, identification and verification of the identity of customers and their beneficiaries, due diligence measures at entry and during business relationships, reporting obligations, internal control measures and even freezing of assets.

Beyond these specific long-term obligations that will probably affect other sectors of activity, the issue of trust in the digital world is crucial since the digital becomes ever closer with the physical world. Digital services are already part of everyone’s life even if they are invisible. There is therefore an essential need to establish and maintain trust in digital interactions through verified identities. To fulfill this need it requires processes similar to the previously mentioned regulations, which is why the SDI will rely on KYC mechanisms in its development and use.

In our ecosystem, the ONE dApp will enable the integration of KYC. The KYC certification, which will be sharable and verifiable, will help to build trust between participants and to take a step forward towards the Internet of trust.

It is also through a KYC protocol that the SDIs created will be legitimized and be able to comply to regulatory obligations when subscribing to services.

When creating an SDI, it will first have an unverified status, that is, the digital identity of the user will be imperfect. Upgrading the SDI to become verified will go through a KYC protocol.

This verification may concern identity data such as those included in an ID document, but also biometric characteristics such as fingerprints or photographs (facial recognition), various certifications (for example driving license, diploma), or even more in-depth data according to the needs of SDI’s users and the services to which they wish to access.

This will be a two-step process. The first step will be the creation of KYC. At present, XSL Labs cannot propose a service of KYC, their legitimacy will therefore depend initially on external service providers that will be available especially when subscribing to services. KYC services will be integrated into the ecosystem as trusted issuers[2].

KYC services will have a public profile available on IPFS so that the identity of these trusted issuers can be verified.

The second step concerns technologies developed by XSL Labs. Once the KYC protocol is completed, the trusted issuer will be able to return Verifiable Credentials to the SDI’s subject through the XSL Labs’ tools under development.

So far as the KYC will meet the expectations of the various services providers, it will be reusable by the SDI’s user. Portable and easy to access, the SDI with a validated KYC will simplify many procedures for its user.

In practice, the SDI subject will send the documents necessary for the development of his KYC to a trusted issuer. Once the information in the documents has been validated, which will involve ever more cutting-edge technologies such as sophisticated artificial intelligences, the various information making up the KYC will be each issued (for example, date of birth, surname, first name, address) in the form of Verifiable Credentials which will allow the SDI user to prove the validity of these data, their origin and specially to share only the credentials necessary to get access to a service.

This is the process for creating Verifiable Presentations: the SDI user has Verifiable Credentials for each identity data. He can then choose which credentials to provide when accessing a service and group them together into a Verifiable Presentation. Making it possible, for two services requiring different information, to create two different presentations with the same KYC.

Such processes or protocols for verifying a person’s identity, although they are being developed, are not of common practice on the Internet of today.

In dating apps for example, fake profiles are widespread, affecting the user experience who can be confronted with fraud attempts and more. The use of SDI in such a context, because of its verified and verifiable identity, would introduce trust and security between users because it would ensure that the users of such sites and apps are indeed who they claim to be.

For example, John creates his SDI and then applies for a KYC, submitting his ID documents and other records/files. The issuer returns the Verifiable Credential attesting to the authenticity of the information transmitted. John can then attest to his identity on a dating app using his SDI. His profile becomes authenticated and he enjoys an optimization of the trust between him and other users of the app.

This solution can be applied in many areas. In the context of video games, the authentication provided by KYC protocol will allow a player to have a unique identifier while remaining anonymous on all games and platforms in which he participates, allowing him to justify his gaming experience. In addition, this identifier can greatly reduce the risk of cheating linked to the use of illicit software because once banned from a server, a player will no longer be able to simply recreate a new profile or even a new SDI since his unique identifier will be intimately linked to his identity.

Thus, the SDI and the use of KYC protocol will shape the digital world of tomorrow and make interactions on it safer by providing guarantees that can meet the same requirements as the physical world and everyday interactions or even exceed them.

[1] See https://www.forbes.com/sites/forbestechcouncil/2018/07/10/know-your-customer-kyc-will-be-a-great-thing-when-it-works/#1ae985a78dbb

[2] For more information about trusted issuers, you can read our article about Verifiable Credentials : https://www.xsl-labs.org/blog/verifiable-credentials-fr/

Copyright © 2020 XSL Labs – All rights reserved