The first time KYC (Know Your Customer) was implemented in Luxembourg by the Anti Money Laundering agency and dated back to 1993. Then in 2001, the US issues the Patriot Act raising the bar in what a proper KYC should look like, and during the time the process became more and more complex. It was normal somehow since the internet was penetrating all the businesses areas, including financial services, the way banking was happening was not “brick & mortar” anymore, but a lot of business was migrating to online, internet banking first (you had to have a bank account opened in the bank’s agency) and then mobile banking and nowadays you can open a bank account online and do your stuff, without actually stepping into a branch.
The Know Your Customer, process is part of the on-boarding process, but even still not being a core process, it started to consume more and more time (since the process itself became more complex) and it’s a repetitive task. Companies acting in financial services should maintain customer details up-to-date, a process is known as “data refreshment.” Failing to manage customer’s data up to date can get your banking license revoked. So the front-desk performs the KYC in the agency at account opening moment, but as long as the account is still open, regularly they have to make sure that the bank has the latest details on you. So you get a call from time to time from the bank asking you to drop them a visit to do a check-up on your latest details. Some banks are offering this option in their internet banking interface, but they are the exception from the rule, there are just a few banks that are embracing this process for data refreshment.
Is the KYC only for Banking sector?
The KYC process might be first used in the banking sector, but now it’s everywhere. Make no mistake, no matter if you’re creating an email address on Gmail or you sign-up for a new mobile package or you’re opening a bank account, the details requested to be onboard are the same (Gmail doesn’t ask for your address, but they have their ways and means to establish that unequivocally).
If everybody is doing it why the hassle?
BBack in 2001, when the Patriot Act changed the way the KYC process took place and went in more depth, all this eco-system of web applications and services we are using was not there. Facebook needed two more years to start, Gmail was in a beta release in 2004, internet banking services were in the testing phase, online marketing was like a frozen jellyfish compared to the shark it is these days. Tracking services were just a theory, and us, as individuals were not that vulnerable as we are today. So the way the KYC was designed didn’t take into consideration the level of entanglement would have been reached 18 years later. Now, your Spotify account gets hacked, and the unlocks a considerable door to have your identity substituted, Amazon shopping spree with your credit card and so on. Or the registration system of the hotel you stayed two weeks ago gets hacked, and every detail about you are now available on Dark Web. Let’s not forget about Marriot hack, Quora hack, and the most recent hack on Capital One.
Besides being insecure, because implies to have your details stored on servers or applications on which you have no control over, KYC costs a lot of money and most of the times, the KYC is a very time consuming process, frustrating the customers.
What is the solution?
Well, the right solution is to change the perspective. The companies should stop playing the custodian role for their customers’ details and stick to the purpose of KYC. The establish that an individual is who it claims to be. That’s all. This would mean less hassle for new customers, and companies would not be honeypots for the hackers and clients data would be safe, since they are in control over their details.
And here is where Persona comes into the picture. With the help of blockchain, Persona allows individuals to claim their identity and also control it. Individuals would be able to prove that they are who they claim to be without handing over control of their SSN or home address. The community can do the identity verification, usual people or the company can have its validators(notaries) if it has reduced risk appetite, and it wants to have its stuff validating the identity.
Once valid, the bank or the company that runs the validation will be in the position to offer something that was not available until now. They will be able to offer “identity as a services” allowing the company to turn a dry but mandatory process like the KYC into a new income stream. Imagine having your bank offering identity (baking you up) to your mobile carrier for a new service, or being able to book a hotel room without leaving your passport details in each hotel.
The data refreshment is no longer an issue. In Persona, unlike with any other remote KYC service, the attributes claimed are depreciating in time. This means that we, as individuals, will be in a continuous process of validation and the companies we have a relationship will have access to the latest version of our details. This translates into a frictionless process for us and brings a higher level of security and trust for the companies.
Persona is a trust protocol. This means that the KYC is just a use case. Persona could be used in the hospitality sector for self-service(room check-in/out), you could use Persona to establish the ownership for a specific article, you could use Persona to fight fake news and prove the originating point.
The way someone should Persona is like the “Waze for trust” Where everyone brings its contribution to make things simpler but raising the bar when it comes about safety, security and keeping personal data personal.