KYC/VC - requirements discussion

Related to work item 1 on KYC Credentials.

My two pennies

  • this is a broad and deep set of requirements; broad because of complexities introduced by different geographic requirements, deep because different use cases require different levels of granularity. It might make sense to think about what implementation gets you the most breadth and depth for the least amount of functionality and then extend from there with specific use cases in mind. While developing around onboarding Alice, a US citizen, based in the US, to tdDEX, is a natural starting point, I would still recommend you start with what set of functionality gets you the most breadth and depth for the least amount of work, because you will probably find that develops the necessary primitives for fast iterations into a broader and deeper array of use cases. This I am sure you already know.

task - define the the minimum set of requirements for maximum return

  • the Online Protection bill in the UK will have huge consequences for businesses. While the bill doesn’t explicitly require age verification, it will be contingent on platforms hosting user-generated content to ensure children are not exposed to inappropriate content. It will be difficult for them to comply without verifying a user’s age.
  • It is not obvious the bill will pass and it is not obvious that similar legislation will be passed into other jurisdictions, but the nudge toward age verification is noteworthy. It is my opinion that privacy requirements and age verification requirements necessarily suggest anonymous verified credentials are the only workable solution that both protects privacy and ensures businesses can operate safely.

is verifying age the minimum requirement with the maximum return?

  • I suspect the degree to which this particular deliverable gets traction beyond tbDEX will be, at least in part, a function of how cheap it is to use. Commercial VC services (checking paper credentials and issuing VCs) appear to be priced north of $1 per VC. If you are shooting for scale, that is pretty brutal. My guess on why the price is so high; there are few suppliers selling to few buyers. As adoption increases, economies of scale suggest prices will likely fall and, as more suppliers come online, the price should fall. But can you afford to wait? The price is also likely to be high because of manual intervention; my guess is a significant percentage of issuance still requires final human checks. Improving the technology might help but that takes you off into a different development tangent. Ultimately, you need to figure out how to plug trusted VC issuers into your pipeline. Making the pipeline efficient and driving costs down will clearly accelerate adoption. This is why working with government issuers makes the most long-term sense. Initial handholding might be painful but assuming government agencies consider VC issuance to be a public good, that gives you the highest probability route to zero-cost (to the user) VC issuance.
  • that said, what if the smartest course of action is to supply pipes to whoever is currently doing KYC (banks etc) and pay them $1 per VC (Checq model) that makes it easy for them to issue VCs and easy for you to use. This probably gives you the second-fastest time to market (after commercial issuers) but it will take relationship management, implementation resources etc. The upfront human cost will be high.
  • I think the point I am trying to make is that technology alone won’t cut it. Standards alone won’t cut it. To the extent KYC will rely on VC issuers, and those issuers require help with integration/implementation, it might make sense to figure out who else can help you fund this semi-public good.

task - which current and potential issuers can help reduce the issuance cost the most. Form partnerships.

2 Likes

Thanks for the post nick. Check out the document we just published, I think we’re aligned to what you’re describing: credentials-working-group/vc1-requirements-to-accept-a-kyc-vc.md at main · TBD54566975/credentials-working-group · GitHub

Thanks Nick, very insightful comments and observations. Some thoughts:

  1. In regards to the complexity of KYC/VCs we are in agreement here. TBD has a global mission and that should be visible in the products and deliverables we contribute to around decentralized identity. For KYC, there are specific regional requirements that need to be met when conducting financial transactions. We decided to tackle these regional requirements by creating a full list of the vocabulary needed to issue KYC/VCs globally. This way we can build the infrastructure for global KYC/VCs but still focus our efforts on designing templates for 1-2 specific regions, to demonstrate how the vocabulary can be used. It is our hope that others (who have the experience and qualifications) will decide to design and issue regional KYC/VCs. Simply put, we want to provide the building blocks so that the community can build for a variety of different use cases.
  2. +1 on VCs for age verification in a privacy perserving way. VCs would solve a variety of different age verification requirements that exist today from proving you are old enough to purchase alcohol or tobacco in person to proving you are old enough for certain online content, all without disclosing personal information such as your date of birth and other PII. While this is not specific to KYC VCs it is certainly tangental, so we are very much interested in the conversation.
  3. You make a couple of good points here, so will try to address them all.
  • The cost of issuing a KYC VC to a consumer/individual. Today this cost is incurred by the company who conducts the KYC (usually a financial institution). As these are compliance costs that are included in the CAC (Customer Acquisition Cost). In the early stages of VC adoption, we anticipate that financial institutions will continue to bear this cost. They need to onboard customers, so it will continue to be a cost of doing business. However, with VCs there will be one advantage, since the customer can take their identity with them, all financial institutions will benefit from the passportability of identity IF they accept KYC/VCs. Not only does the customer reduce the amount of times they have to enter personal information, but the companies can reduce CAC for any customer who brings their decentralized identity with them. The biggest threat of this model is to the identity verification vendors who operate a revenue model that allows them to charge every time they verify an identity. Widespread adoption of KYC/VCs will disrupt this duplicate revenue stream as identity gets recycled across different financial institutions. At this stage, we anticipate some of these identity vendors transition from a B2B model to a B2C model where they offer identity services directly to consumers and issue a KYC/VC at a price point of around $1.00.

  • Manual intervention in identity verification is certainly a fact of life today. Depending on the number of vendors you have connected (to create a waterfall) and the quality of those vendors, financial institutions have varying degrees of success with automated identity verification (anywhere from 50% - 80%+). These rates are also lower with certain types of identity cards, and for identity cards from certain regions. So in these cases, a manual review of the photo ID is needed (think 4-eyes principle) to validate the authenticity of the document. What is so great about Verifiable Credentials is that identity proof can be directly transferred to the digital world when digital credentials are issued directly by the government agency (examples are the eID in Europe or the mobile drivers license (mDL) in the US). We expect adoption by government agencies to take time, but once it occurs the quality and reliability of KYC/VCs will increase significantly and the need for manual reviews will decrease.

On that note, I will end with this. We are looking for partners, collaborators and intelligent minds to help us on this journey to make Verifiable Credentials a reality. We vehemently believe that this technology will enhance consumer privacy, reduce online fraud and identity theft, provide better more efficient identity verification methods, and remove the artificial bridge that has been created between the physical and digital worlds, ultimately making it safer and easier to transact online. Please reach out if you’re a company or individual thought leader in this space and want to contribute to the self-sovereign identity work that we are a part of.

2 Likes

I totally agree with Nick and I feel the type of KYC has to be clarified first before moving on. There’s zero prospect of removing human verification for financial/other official ID use cases. It seems like it’s more about creating a second layer for important but one-off situations like the age check? As in, something a verifier can provide for a fee to the user, and they can use it as a form of online age id? I mean, in person verification includes things like looking at the edges of a passport to see if it’s been sliced open with a razor and tampered with, for example. I can see this can be a kneejerk motivation for VCs (can’t be sliced open!) but it doesn’t actually solve the issue.

1 Like

Just a thought, maybe there’s a way to create, say, Trust Your Customer first and then this can be turned into KYC by adding on (VC, direct communication, offline verification, etc).

2 Likes

Regarding Costs. IF you simply look at the cost of remote KYC solutions, the can even get lower than $1, like Sumsub KYC.

If you compare the CAC or Retention Cost of a customer against the remote KYC cost… you have a lot of range to play with.

Average Customer Acquisition Cost By Industry

As I have mentioned, your average customer acquisition depends on both the type of website you operate and the industry you operate in. In this section, I will talk about how the industry you operate in affects your customer acquisition cost.

Below you will find a list of some industries and why

  • SaaS Companies usually has an average Acquisition cost 205 USD. You can consider this pricing range to be the median of overall average customer acquisition costs among the industries.
  • According to the estimates, the highest average customer acquisition belongs to the education industry with 862 USD. This is is probably due to the selective nature of high education.
  • According to HockeyStack’s calculations, the lowers customer acquisition cost belongs to the online marketing companies, which has been increasing its customer reach ever since the rise of COVID-19 pandemic. It costs around 87 United States Dollars.
  • Financial services is among the more expensive industries when it comes to average customer acquisition costs. The average Customer Acquisition cost in this industry is 640 USD.
  • Business Consulting has an average customer acquisition cost of 410 United States Dollars.

Here is a short table summarizing what I have explained so far:

Company Type Average Customer Acquisition Cost (In USD)
SaaS Companies 205
Education Industry 862
Online Marketing Companies 87
Financial Services 640
Business Consulting 410

source: https://firstpagesage.com/

Do keep in mind that these numbers are recent and often prone to change. You should do your own analyses for your own sector to figure out if you are falling behind the industry’s curve.

1 Like

Regarding data integrity, a combination of ML and Human interaction is being used to resolve that issue and monetized by Sumsub as well… Fraud Detection Solution - Anti-Fraud Software | Sumsub

Thank you NIck and All, good explanation. My point is that, if VC can provide additional value, its price could be justified. For example, in

  • [Personal finances]
  • [Lending]
  • [Wealth]
  • [Consumer payments]
    If Alice can get a higher credit line by buying a VC of her income info from some bank, why not pay for it?

Having read more about how DWNs work, perhaps this is a service that can utilise delegated DIDs? As in, the user can terminate it at any time (control over data) but the service provider (bank, credit checker, or a separate agency altogether) has responsibility. The user will have ready made credentials to use via the service, and can see when it’s updated and what’s being added/removed as the data is synced with their own DWN(s).

This link is broken currently…

thanks for letting me know. fixed.