It’s an unavoidable fact that we all need to carry out Know Your Customer (KYC) and Anti Money Laundering (AML) checks at some point. Whether it’s a new bank account, cryptocurrency exchange verification, or just getting a gym membership, people need to know* that you, are you.
*Well not everyone but try telling that to the gym that doesn’t want you cancelling your membership… ever.
KYC and AML are the result of government policies designed to ensure consumer safety and prevent money laundering. The checks are unavoidable if you want to open an account that deals with money and/or securities and, if you refuse, you may get denied, receive a limited service, or lose out financially.
The question you should be asking yourself is “do I really need this thing enough to send out all my personal data?”.
If you are buying a house, getting a bank account, or verifying an account with a reputable cryptocurrency exchange so you can withdraw your sweet gains, then the answer is probably, yes.
If you are signing up to a shoddy Initial Coin Offering (ICO) with random celebrities on the ‘advisors’ page, then the answer is a resounding no.
We post a huge amount of data online. Name, address, date of birth, gender, email, phone numbers, bank account details, passwords, photos, passport scans… you get the idea. We enter these details into forms and websites without a second thought ever questioning ‘who has access to this?’.
We should be asking that question every time.
It’s not like data breaches are rare. If you follow the news or any social media you will see data breaches almost every day, and it’s not just small companies. Big institutions like British Airways, Facebook and Equifax have all fallen victim (at least their customers have fallen victims).
It’s big business – with some estimating that the global cost of data breaches will reach $5 trillion in 2024.
What’s the problem?
In one word, centralisation – all of these breaches occur as a result of companies using centralised databases..
A single database is a single point of weakness and once a hacker breaches that database they have access to everything on it. They can sell, give away, or use the information freely, and before you know it someone has drained your account, or taken out a loan in your name.
What can be done?
At Numio we have developed a new KYC system that allows the user to retain full control of their data whilst conforming to the requirements of global regulatory authorities.
How does this work?
When you download and register on the Numio app, you are not just using a “simple” product. It may look simple on the outside, but the technology behind it is extremely robust, and quite powerful.
Let’s have a quick look at how it works…
NumioCloud is our proprietary cloud storage service. Built on top of Amazon Web Services (AWS) cloud storage, NumioCloud utilises zero-knowledge proofs to secure your data. A zero-knowledge proof, or “zkProof”, allows you to prove to another party that you hold a certain amount of information, without needing to expose that information publicly.
KYC/AML checks are an ideal use case for zkProofs as it allows you to prove that you are in possession of certain personal data (driving license, passport, SSN etc) without compromising security. This allows end users to store their private documents and information on NumioCloud and know that it’s virtually impossible for a breach to occur within that database..
When you go through the KYC verification process we are using various functionalities on the backend. These include 3D face-mapping, liveness detection, Optical character recognition (OCR), and cross referencing users with various sanctions lists.
The process is as follows;
- You first take a 3D scan of your face using the Numio mobile app. The technology used is able to detect and confirm that you are actually present, and not an image, model, or recording.
- After completing your face scan, you then take a picture of your Photo ID (i.e. Drivers License/Govt. Issued Document, or Passport).
- Artificial intelligence verifies that the face from the document is the same ‘real person’ from Step 1.
- The document is then verified to make sure it is not fake or falsified. Data points using machine readable zones (MRZs) are extracted from the document, encrypted and sent to NumioCloud.
- This data is then cross-referenced with AML compliance requirements (e.g. politically exposed persons (PEPs) and global watchlists) to ensure compliance with local government bodies – All this takes just seconds.
- After completing this verification process, a log of this data is accessible on your device, including platforms where you have been verified, and what information was requested.
It might sound complicated but it is all very simple (and free) for the user. Once you have been verified by Numio you can verify on any partner platform instantly (without sending or uploading your documents again).
Want to learn more?
If you are interested in integrating Numio tech into your platform, having a demo, or simply want a chat with our devs, then please contact us at [email protected] or via one of the following channels.