The challenge of fulfilling Know Your Customer checks using blockchain
- Claus Christensen, CEO at KYC
- 23.02.2018 09:30 am Blockchain , KYC
The advent of blockchain heralds the biggest change in banking for 400 years. Banks were originally established to lend and safely hold money and to act as a central point of authority with the banking ledger being the absolute record of truth held by an independent third party. With blockchain, we now have a centralised distributed digital ledger.
This centralised distributed ledger - the backbone of blockchain - is the point of departure for currency, registering property, tokens and pretty much anything else where trust is needed between distributed buyers and sellers. There is no limit to of what can be traded through blockchain providing that everyone is comfortable with identities, which is where things start to get interesting.
The building block of trust – Who are you?
In the digital world, an identity is made up of a username and password; the trouble being that we can’t tell if that identity is human or digital. This, of course, is where the potential for identity fraud comes into play – a challenge that blockchain technology is specifically equipped to address.
Encryption – the key to trust?
The argument goes that if identities were on the blockchain, it would give everyone using the system more control, and with proper process allow sharing only the minimum amount of information needed to identify someone. But is encryption technology used in blockchain really the key to trust? I think so – and it is already happening. The use of a Public Key Infrastructure (PKI) is no longer the preserve of the CIA and GCHQ and coupled with biometric authentication goes a long way to increasing security. The theory is simple: I have a private key to enter a transaction, a matching public key is generated to connect me to the party with whom I am transacting, and the connection - or ‘handshake’ - between the two creates the trust required.
My key is my bond?
However much still needs to be done in the digital creation of legally binding agreements. If a PKI generates a digital signature, can that signature be used to cement a legally binding contract between two parties? In theory, I don’t see why not. There is no reason why I couldn't enter into a legally binding agreement for a bank loan for example where both sides issue digital signatures which are encrypted and our matching keys make the transaction legally binding. However, there is still the challenge of linking digital ID to a real individual or entity.
Web of trust
Running a KYC company, I spend most of my time helping my customers ensure that the people and businesses they are working with are really who they claim to be. When you can’t link a digital ID to something physical, it is as likely to be fictitious as real. Currently, when I open a digital bank account I still need to present a physical document such as a passport, driver’s licence or utility bill. These in turn connect digital data e.g. passport number or post code - to a physical person: me. But how would this work in an all-digital environment like blockchain?
Web of trust is something McAfee has worked on as part of its Pretty Good Privacy (PGP) solution, where other digital identities vouch for who I am. So, for example, my bank can contact my father to ask him to confirm I am his son or it can ask my university if I actually studied there. The more entities that can help identify a person the greater the reliability and trust for example, an accountant or lawyer will be a member of a professional body; a bank will be answerable to a regulatory authority, and so on. Using the same theory, initiatives such as UKGovVerify are a perfect way to prove online identity in a robust manner because they anchor a digital identity to a government authority.
Standardising the non-standard
While the building blocks are now in place for blockchain to deliver what some have dreamed about. The industry is still grappling with the issue of standardising an electronic ID. Once an entity has been created on blockchain, it can’t be amended, so if your definition of ID is different from mine, it has a negative impact on trust between us as well as the ability to transact. The W3C and the Open Identity eXchange are examples of groups working hard to create a standard for expressing identities but there needs to be international consensus and this where we are likely to see inertia.
What’s next?
In the coming months there will of course be a great deal more hype in the market about blockchain as well as announcements about new initiatives launched and how this technology is likely to change the world. However, the reality is that behind the scenes there is still a great deal of work to be done. Fundamentally the issue of identity is one that needs to be addressed with robust and secure solutions that are in line with the aspirations of blockchain - something that we are working on. At Know Your Customer we have already developed some proof-of -concepts in this area that will help make KYC on blockchain a reality rather than an aspiration - something we look forward to sharing in the not-to-distance future.