Trusted KYC Sharing

KYC details are vital to compliance. Minimize the number of times a person is asked to enter their details.

Comment

Inspiration

  • entering a payment pointer doesn't give enough information to satisfy any real world compliance requirements
  • this will lead to someone somewhere having to enter full details over and over again
  • this will be error prone, and annoying

What it does

give trusted access to verified KYC details attained by the payment pointer issuer/authority between peers

Backstory

  • payment pointer authority does need to know something about the person/company associated with the payment pointer
  • we don't really want KYC information to be pubic
    • "publicName" is not sufficient

we need a trusted way to get the information needed for compliance

  • full name
  • dob
  • full address
  • timestamp / version / etag

an initial request would not have any prior knowledge of anything associated with the payment pointer.

the name can be used to verify with the user that they have the right payment pointer - i.e. that I entered $fynbos.me/adrian instead of $finbos.me/adrian or even just $fynbos.me/adriana (each an edit distance of 1 from each other).

the "peer" would then also have the information required for sanction screening and any other processes required by the sender (i.e. bank).

that information is screened and saved, along with the version

when making a payment, we need to verify that information again

  • to make sure the ultimate beneficiary information hasn't changed
  • to make sure that we are still allowed to send that money
  • adrian may have become a baddie

this would be a second request to the authority for information about the payment pointer, but would have the previous timestamp / version / etag retrieved

the authority can then check to see if the information has changed, and if not, simply return an appropriate status. If it has changed, return the new information which can be screen again.

once that second screening has completed, the payment can be processed.

What's next for Trusted KYC Sharing

  • have someone to peer with (hint hint)
  • proper key sharing between peers (just JWT with a role issued between peers?)
  • specification for details
  • watch it work for a while
  • add more data as required based on jurisdiction, etc.
  • legal review for all the fun acronyms like GDPR, UK GDPR, PIPEDA, CCPA, LGPD, and more alphabet soup

Built With

Share this project:

Updates