KYC in Web3: How DiD is Saving the Day for Projects & Companies

DiD is short for Decentralized Identity, something that’s become increasingly popular with the rise of regulatory norms surrounding the crypto space — and, as a result, the blockchain industry.

As countries big on crypto tighten their regulations regarding digital wallets and transactions, Web3-related projects have been forced to impose certain measures to verify the users’ and token holders’ personal information — just like banks and other financial institutions have been doing for decades now via KYCs, which stands for “Know Your Customer”.

It’s fair to say that a big share of crypto users wasn’t too happy about this decision, with some even abandoning the projects that imposed such requirements, arguing one of the Web3 space’s core values is decentralization — making people give out their personal information to an entity goes against that same principle, as it centralizes such data. In 2018, Shapeshift suffered from this mandatory ruling with a decrease of 95% of its users, according to its CEO.

Companies had to find a solution that satisfied both blockchain users and governments. Enter Decentralized Identity (DiD). Still in the making — like most things blockchain — this is Web3’s new tool to fight the centralization of data, but still meet the regulatory requirements. It comes in various formats, but the gist is that it offers ways to ask users for their data without actually storing them. Some companies’ DiD models even allow customers to disclose only the needed information and enable them to retract it at any given time. This doesn’t happen with traditional companies — especially online ones, where users have to give their personal data and accept terms & conditions, usually stating the company will store and even use it for marketing and demographic purposes.

In general terms, KYC in traditional companies and institutions such as banks dictates they should be able, one way or another, to prove that the person opening a new account or requesting a house loan is, in fact, who he says he is. Usually, the higher the amount involved, the higher the volume of info required. Opening a bank account might only require details such as name, proof of address and workplace, and date of birth — whereas, for a house loan, you might need a bit more, bank extracts, your work contract, and other things. This was one thing, among others, that Web3 was trying to avoid with decentralization: preventing entities from having access to and storing people’s data; in a way, it remanded power to the people.

Proving without disclosing

Yes, when it comes to preserving privacy, the fact that DID allows for proof without actually requiring the disclosing or storing of sensitive data is of the utmost importance. However, it’s also becoming a turning point for institutions all over the world that are required to do background checks and ask for clients’ and customers’ information. When it comes to traditional KYC processes, companies usually use a third party to complete the process, therefore adding an extra layer of data sharing to the operation.

Several governments have already implemented mobile applications where citizens can store their identity documents — for legal purposes, they’re as valid as the physical ones. A great advantage of combining these digital identity applications with KYC is the ease and security that comes with it. Customers would feel safer knowing their personal data is under their control, and companies would not only save millions because they wouldn’t need third parties, but also have cheaper, and easier ways to verify and validate their clients’ identities.

On one hand, it’s understandable that KYC remains a mandatory step for many companies — it gives them certain assurances about their clients and who they get in business with, to a level, even preventing fraudulent behavior. However, it’s also easy to see why these processes are frowned upon by Web3 users (especially those involved with crypto) because it seem to disrupt one of its principles. Recent news says Uniswap — a decentralized exchange — is considering the implementation of KYC in order to vet its users. The option is there already, but still not mandatory. This has been causing quite a stir online.

Web3 projects are trying to figure out ways to make both institutions and customers happy. KYC processes are important, especially in a world where cyberattacks and fraudulent action keep rising. KILT is one of such projects. They’ve developed a DiD application that might work for KYC purposes, and other things too. It basically attests to your identity without actually revealing or storing it. Their SocialKYC service allows you to issue proof of email or social media account identity. Once issued, you can store it in a safe (digital) space and use it for several things. Rest assured your data won’t be online nor shared with third parties, as “only a hash representing the validity of your credential — not the information itself — is anchored on the blockchain”.

Other great examples are the solutions from Polymec in collaboration with Deloitte to bring reusable on-chain KYC credentials for fundraising to the market and Litentry, which is an identity middle layer that allows users to reclaim control over their data sovereignty.

DiD seems like one of the best avenues to pursue when it comes to identification and personal data. We will always have to prove our identity to governments and certain institutions. But that doesn’t mean we have to comply with data sharing and storage. There are ways to circumvent this, and more are being developed as we speak. Data is gold. That’s why it should be protected.