As Regulators Move In, KYC is Becoming Crucial in Crypto World

In the U.S. and other developed countries, regulators are viewing initial coin offerings (ICOs) as traditional securities, which means the crypto world is beginning to receive the same scrutiny as Wall Street firms.

There’s much at stake: Last year, startups raised over $7 billion through ICOs. These days, there are more calls to protect the general public from fraud (which is common in this new Wild West) and for governments to prevent shady transactions. But that also means eliminating one of bitcoin’s attractive features: the ability to send and receive digital money anonymously without fear of being traced by authorities or by unscrupulous third parties.

Enter know-your-customer (KYC) rules.

Companies say it’s too costly. For example, Amazon.com (AMZN) recently requested India’s regulators to exempt the company from full KYC compliance, especially for small retail transactions. Imagine having to completely identify tens of thousands of customers, many of whom spend just a few dollars online to buy common products. Identity-based regulations can be especially burdensome for small businesses.

“Many ICOs use in-house systems and cumbersome processes to store confidential information. The problem is they provide limited data protection, if at all,” says Steve Hyduchak, founder of Bridge Protocol, a KYC solutions firm based in North Carolina. “There are ways to simplify the process and reduce KYC costs, which range from $30,000 to $50,000 per ICO.”

Identifying and verifying customers may sound ideal in the digital age, but there are risks when companies store sensitive data. Scammers perpetrate ID theft for profit. Companies often lose data to hackers, who hold the data hostage in exchange for large ransoms. They also impersonate real individuals to defraud banks and merchants. For example, stolen data from a driver’s license can be used to fraudulently obtain a credit card.

Large companies with big budgets and sophisticated IT staff are hardly immune to cyberattacks. In 2016, cybercrime worldwide amounted to $445 billion, according to Center for Strategic and International Studies. And it’s estimated that 3 billion stolen U.S. records are being trafficked online. Complying with strict KYC rules means giving a small portion of stored data to hackers who inevitably succeed in data theft.

Experts think that the same innovations that led to the rise of cryptocurrencies can be leveraged to secure identities and personal information.

“Private blockchains and encryption technology can be used to protect people’s sensitive information,” says Steve Hyduchak of Bridge Protocol. “These innovations can prevent hackers from destroying a person’s financial life. Moreover, these cybercrimes are resulting in huge losses for firms.”

He adds, “KYC is a double-edge sword, and the key is to find the right balance. Companies should only get information that’s actually needed. Users should also be given more control over their personal information such as having the ability to specify what data gets shared and to whom.” In the financial industry, card issuers are expected to lose $89 billion worldwide over the next four years due to ID fraud.

“KYC can get complicated because unsecured data eventually gets stored on multiple platforms,” says Hyduchak, who launched his own ICO earlier this month. “Small transactions should only require basic information such as name, address, email and payment behavior while larger transactions can require sensitive data such as social security number and government-issued ID. It’s one way to reduce KYC compliance costs while ensuring that people don’t get data unnecessarily exposed to risk. Why store someone’s SSN or driver’s license when he’s simply trying to buy a book online?”