Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Service Discussion
Merits 6 from 3 users
Topic OP
KYC methods which make identity theft more difficult - are they possible?
by
d5000
on 12/12/2023, 00:53:00 UTC
⭐ Merited by 1miau (4) ,tranthidung (1) ,ETFbitcoin (1)
The whole mixer discussion and also the ever-tightening regulations of Bitcoin/cryptocurrency services let me think about if KYC at least could be more friendly. Particularly, if it could be made in a way it doesn't allow hackers to steal the identity of the service users if they steal their personal data.

Of course in general I strongly prefer non-kyc services (for well-known reasons). But in particular for the fiat-Bitcoin on- and offboarding step the services are limited, above all in some lesser-known currencies.

In reality, not the KYC data collecting itself is problematic but the verification process, which often involves images and videos of the user and his/her documents.

So here I want to collect methods which at least make it more difficult to lead to identity theft.

- Offline verification services. In some countries "old-style" verification methods exist, like Postident in Germany. In these cases you go to a store, show your ID document, and the store employee thus confirms to the service provider that you are the person you impersonate. Sometimes, a copy of your passport has to be delivered, which makes the whole process a bit more vulnerable if this is stored digitally, but on the whole I think these methods are still preferrable because a black-and-white passport copy has often low resolution and would not be useful for a crimininal trying to get online KYC.
- Registration without email or phone. While email addresses or phone numbers seem not to matter that much if you have to submit an ID, photo or video, they are elements which could be linked to the rest of your data, making the construction of a fake identity easier. Thus, a registration based, for example, on a public key/private key pair (like on the Nostr network), is a little bit less dangerous.
- Selfies with dates and service names on paper (to link the photo/video to the registration date and the service). This is actually quite common, but I guess with the advent of AI imagery tools it is less efficient than it was before.

Do other such methods exist which still allow an trustable verification making identity theft difficult? Are there examples in the Bitcoin/crypto service world?

I could imagine methods based on cryptography, where an image for example can only be considered valid if the user signs it digitally together with a message that links it to a service and date. It would be basically the "digital variant" of the third method mentioned above. But the problem here is that this would have to be an universal standard, because the photo could also be used on another service which requires it.