The KYC Problem
In the world of payments and transactions, how do you identify a person? Globally?
Some nations have ID cards, most don’t have it. Some have email, quite a few don’t. Many have mobile phones – which makes a great case for it being a unique identifier, but then comes along Mark Zuckerberg and David Marcus from Facebook – and they want to kill the telephone number. The (Facebook) Messenger is all you need, cites Mark.
Interesting concept, except that is one sided. It favors Facebook more than anyone else. An advantage, I’m not willing to give in to Facebook… yet!
So, the question that begs to be answered – How do we make a global registry? One that can not only be used to identify a person, but also be acceptable as a form of authenticated token for purposes of KYC. All the while, conforming to the various privacy laws of various countries.
I don’t have a clear cut answer, but I do have a suggestion for it.
Let me start tangentially, with OAuth. It is something of a brilliant concept. If I have taken time to register with Facebook, LinkedIn, Twitter, Google+, Microsoft (?), et. al. my credentials are good enough for basic registration with other online platforms.
Herein lies one-half part subtle clue to the answer. It most likely cannot be a singular entity. To have a global registry, we would have to build a Confidence & Trust scoring mechanism.
A complex equation like say the credit scoring app in the US, but complex on a scale of say the page ranking algorithm that Google has, which takes into account 10,000s of variables (if not more).
I previously wrote a brief article on this, what I call Federated Identity Management. The other half of the answer is tokenization.
If we can combine a global registry and issue a token, the token can then become our unique identifier. The token would have a public and private key.
While this may sound shallow at the moment (and I’ll admit it is), it does provide an interesting scenario to discuss on the sidelines.
The Global Registry
A global registry would be some modified form of a Blockchain. The concept is not entirely new (read: The Race to build a KYC Registry).
The modifications would be necessary to adopt various different consensus elements within it – this builds Trust lines amongst various silos.
Every country’s own format(s) for government issue ID. Telephone number formats. Third Party Vendors contributing towards it. Etc.
Let’s discuss an example. Country-X
- So Country X’s passport office can provide a token into the registry.
- The driving license authority can also provide a token into the registry.
- Mobile phone operator(s)
- Utility companies
Add to this mix, your social signals:
- LinkedIn (Seen the person in real-life)
- LinkedIn (just know them)
- LinkedIn (known them well, spoken to them, just haven’t met in real-life).
- Facebook (family, friends, associates)
- Twitter (seen, unseen)
Photography Mix: AI based comparison on the photographs that you are tagged in and a comparison of those photographs with government supplied photographs or as suggested/tagged by friends. For example, if you are tagged in “Anika’s” photo-album and are friends with Anika, you get a higher score. But if you’re tagged in her photo, and four other people also are tagged in and you are friends with all of them, you get an even higher score. However, if you’re tagged in, but are not friends with anyone them, your score is low.
- Profile pictures
If one were to dare even further, other data points such as call records, immigration entry/exits, payment records, etc. that are some how obfuscated as tokens can also contribute towards the registry – further increasing the trust level that the user is who he/she says he is.
Confidence levels would come from how comfortable people are in communicating with the registry as far as your data is concerned. The more the data is used, the more external agencies, online apps, and third parties accept your data for higher purposes (from basic KYC to transactions), the more confidence scores are allocated to you.
If you have a registry that has an established trust lines for a particular user from all facets of authority (passport, banks, schools, mobile carrier, friends, etc.) but has low confidence level (i.e. banks are not convinced) or financial transactions confidence tokens are not showing up, implies that there is not enough confidence in this user. Transactions, age of transactions, parties with whom transactions are done, etc. all contribute towards confidence. In a shallow sense, confidence shows the credit score of a person.
Why the need for a Global Registry?
Well for starters, it would be great to have an OAuth type token that can be used universally to gain access to social sites and be able to sign-up with institutions that require a deeper look at KYC.
But the more important aspect is that no one size can fit all, a global (multi-element) registry would perhaps offer the only universal methodology for identifying a person beyond doubt and one that has the various risk levels built into the registry’s scoring system. A person with a high risk (low confidence/trust) can only be assigned low risk signups or low value transactions. On the opposite end, a person with a high-confidence/trust can be assigned high-risk and high-value transactions.
Such registries are great for disparate financial institutions and financial services companies who would like to transact globally, but because of the KYC issues, cannot do so.
We cannot have each government / country to adhere to a single format for all things KYC, but we can have a framework that provides confidence building tools and containers for various organizations to contribute towards better recognition of a person (i.e. scoring system).
The idea of a global registry is not far fetched – its existing in micro silos right now, and to borrow a term from physics, we just need a unified equation to tie it all together. Just like the HTML standards or IEEE standards, the KYC registry can have a standard protocol on how to tie it all in, contribute towards it and query it.