Moving into the digital age, those of us in the banking system has had to deal with more encroachment on privacy and limitations on our access to our money and other financial products and services. We are used t using these captured on-ramps and have normalised their processes.
Even now, with bitcoin, it’s getting harder to find places where you can purchase it without having to reveal your identity.
If you’ve tried to purchase bitcoin from a regulated exchange, you’ve probably had to go through the annoying process of KYC and AML. These laws require a user to provide their identity or passport documentation and facial and sometimes biometric data.
We are told it’s for our safety and to protect the financial rails from being used for criminal activity, but very few ask if it’s effective and what are the other downstream effects of KYC.
Having forced KYC access to money is financial exclusion.
When you put up barriers like KYC, you restrict certain people from accessing something they would like to acquire. Why should we provide proof of anything to receive money or property? In the physical cash system, people can earn a wage without having to sign anything or hand over any ID. They could purchase what they wanted with the rewards of their labour.
If your money is enough, no one is going to shy away from making that transaction with you because your money is proof enough.
Yet, in the digital world, we’re forced to jump through hoops and provide far too much data to use our money. I thought going digital was about making things easier for people, not harder.
If you’re thinking, I am being hyperbolic, and oh, it’s just handing over a few documents and a selfie, I urge you to reconsider and here are my reasons why.
Bitcoin is a pseudo-anonymous ledger since the only data available about people are public addresses on the blockchain. When you KYC with an exchange, you provide a way to link public addresses to your identity. If people can view your balances online and can find out who you are and where you live, this leaves you wide open for a physical attack.
It is only a matter of time before KYC data for some of these larger exchanges are breached. Binance (the world’s largest crypto exchange by volume) has not only suffered a cryptocurrency hack but also recently suffered a KYC data breach, and this is what hackers want. The bigger the pile of KYC data, the more victims they can comb through and sell off to all sorts of unsavoury characters.
While criminals are a possible factor, a definite factor is the greatest criminal of all your national government. Leveraging KYC allows them to find every person with bitcoin and levy heavy taxes on them by changing rules or, worse, seizing your bitcoin in a 6102 style order. KYC means you have zero protection against governments becoming tyrannical.
Data breaches happen more often than you think
KYC and AML laws force us to give over our data to providers we want to conduct business with, and they are duty bowned to protect that data, but it’s easier said than done; even the biggest names in finance fall victim to breaches.
Data breaches like the recent Capital One breach, the LinkedIn breach from a few years ago, and Cambridge Analytica are a few different examples of how varied the data sets are.
By forcing companies to collect large sums of data, you create attractive and profitable honeypots for hackers and even internal actors to go after to make a healthy profit.
What data could be on the line?
If we isolate it to bitcoin and think of the data, we have to provide, or we create using exchanges. Also assuming that the attackers can collate the data on every user using the breached centralised exchange, they could make away with data like:
- physical address
- photos including images of the account holder/passports/licenses
- withdrawal addresses (This information tied with the physical address is THE information that a potential attacker would need to carry out monitoring/attempts on your crypto)
- IP information (This can be mitigated using a VPN but it won’t help obfuscate your KYC information that the attackers also obtain)
- financials (source of wealth, employer, bank account information) This doesn’t affect every KYC’d account, but the larger accounts will have needed to supply this which would then make these the larger targets.
- trading activity (trading activity shows how much capital is flowing through the account)
- login activity
KYC is encouraging identity theft and scams
As more people enter the ecosystem through regulated off-ramps, they create larger and larger datasets. Data sets that become more valuable the larger they become. Since they have more transactions, it’s less likely they would be flagged as suspicious if taken over by a scammer.
Scammers actively look to breach large exchanges and even combine data sets they get from various sources to provide more robust profiles that can be sold off for scammers to use for other operations.
KYC helps scammers stay undetected
If I am a scammer and I would like to use a regulated exchange, it would be smart of me to approach hackers to purchase KYC data I can use to verify a host of different cryptocurrency exchange accounts. Once my accounts are verified, I can pretty much go to town, as long as my IP is hidden or obscured. If the account does get flagged and taken down, I can always spin up a new one with other KYC data I have and keep going.
I can then waste investigator time having them follow up with the people whose data I’ve used while I’ve long since made off with the money.
KYC losses don’t outweigh the gains
Now that we see the potential threats to honest people wanting to use bitcoin, what is the real point? It hurts all of us for the sake of hopefully catching a few criminals putting money into these systems. We are all treated as guilty from the start, and since criminals have found aways around it, KYC continues to be a useless process that forces companies to endanger their customers.
If you’re coming to terms with the dangers of KYC and don’t like that you hear, there are ways to remain off the KYC trail, but they are a little clunky and a bit more expensive when acquiring bitcoin, but this is the trade-off you need to make to have that peace of mind.
No one is going to look after your data as well as you would. People should be the biggest protectors of their own data.