Author

Topic: KYC Norms / PAN Card for buying / selling Bitcoins (Read 1655 times)

full member
Activity: 144
Merit: 100
I am finding my way around the Bitcoin ecosystem in India. Apologies if some of these questions are too basic. I would appreciate a gentle pointer in the right direction.

I just singed up for an account on Coinsecure today, and quickly realized one needs to upload KYC documentation to get the account truly operational. Can someone enlighten me about:

(a) who has placed these KYC norms on companies like Coinsecure?

(b) Are Coinsecure and other companies regulated about how they store / use the personal information that is collected for this?

(c) What operational processes are in place to secure the documentation that is uploaded?

(d) I found logos of some prominent banks on Coinsecure website. What is the nature of these relationships? Is linking to an existing account with one of these banks an alternative to uploading sensitive personal documentation to a new / young company?

Yes, the same is needed at Unocoin also.
legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!

Benson, thank you for your response. I just found out you are one of the founders @ Coinsecure, apart from being a moderator here. That's very cool at some level.

I think voluntarily following some KYC norms is a great idea, and will proactively address money-laundering concerns authorities are naturally likely to have. It is definitely the sign of a mature approach. My initial queries are intended to understand exactly how mature our ecosystem's approach to these things are, and this is reassuring, thank you.

a - No One Places these norms... We have used them as advised by our legal counsel.
b - We, as all other Bitcoin companies in India are unregulated as on 2nd Jul 2015. However, we store all our customer information in an encrypted format on offline machines that never touch the net. We are very very careful with personal information and how it is stored as that sets the base for our business.

I am curious about this part. You accept them over the internet, yet store them on a server that does not touch the net? How exactly do you do that?

c - What operational tasks are you asking about? If you are asking about how we validate the details sent to us, then, we have a partner who validates the same - for a fee for us - This company was advised by our 'prominent' banking partners. We will not be disclosing that at the moment.

By operational processes and controls I had in mind the following:

1) how do you validate the details you obtain? I can understand if you do not want to disclose your checking partner, but it is good to know you do some checks at this level.

2) After you store the data on your servers, who has access to the documents, and other personal / sensitive information?

3) What sort of security processes do you follow for your employees? Who has access to your encryption keys? Are they safe from a disgruntled ex-employee, for e.g.?

This is the part that I am most interested from the security of my own personal information.

d - We have corporate banking partnerships and accounts with those 'prominent banks', that allow us to ensure AML compliance. These allow us to validate/ cross-check information a lot faster than most other banks. We would not be able to get into any more details as of now. We will be announcing few more banks shortly though.

Do you know of any industry-wide standardised self-regulation? Perhaps overseen by NASSCOM, or some such?


Quote
I am curious about this part. You accept them over the internet, yet store them on a server that does not touch the net? How exactly do you do that?
Once they are received on a physical server, they are moved to an offline system. Nothing stays on the online servers. From the input to the time they are deleted, everything is done with as much security in mind as possible.

Quote
1) how do you validate the details you obtain? I can understand if you do not want to disclose your checking partner, but it is good to know you do some checks at this level.
Not much that I can answer about this at this point, apart from what has already been answered.

Quote
2) After you store the data on your servers, who has access to the documents, and other personal / sensitive information?
Our Banking & Compliance Team has access to data that they need to process Verification's and Withdrawals.

Quote
3) What sort of security processes do you follow for your employees? Who has access to your encryption keys? Are they safe from a disgruntled ex-employee, for e.g.?
The directors of the company and myself, hold keys based on what functions we need them for.

Quote
Do you know of any industry-wide standardised self-regulation? Perhaps overseen by NASSCOM, or some such?
Not sure if Nasscom will oversee self-regulations, but I do know that they may be asked to join a think tank to help with the self-regulatory bits.
newbie
Activity: 6
Merit: 0

Benson, thank you for your response. I just found out you are one of the founders @ Coinsecure, apart from being a moderator here. That's very cool at some level.

I think voluntarily following some KYC norms is a great idea, and will proactively address money-laundering concerns authorities are naturally likely to have. It is definitely the sign of a mature approach. My initial queries are intended to understand exactly how mature our ecosystem's approach to these things are, and this is reassuring, thank you.

a - No One Places these norms... We have used them as advised by our legal counsel.
b - We, as all other Bitcoin companies in India are unregulated as on 2nd Jul 2015. However, we store all our customer information in an encrypted format on offline machines that never touch the net. We are very very careful with personal information and how it is stored as that sets the base for our business.

I am curious about this part. You accept them over the internet, yet store them on a server that does not touch the net? How exactly do you do that?

c - What operational tasks are you asking about? If you are asking about how we validate the details sent to us, then, we have a partner who validates the same - for a fee for us - This company was advised by our 'prominent' banking partners. We will not be disclosing that at the moment.

By operational processes and controls I had in mind the following:

1) how do you validate the details you obtain? I can understand if you do not want to disclose your checking partner, but it is good to know you do some checks at this level.

2) After you store the data on your servers, who has access to the documents, and other personal / sensitive information?

3) What sort of security processes do you follow for your employees? Who has access to your encryption keys? Are they safe from a disgruntled ex-employee, for e.g.?

This is the part that I am most interested from the security of my own personal information.

d - We have corporate banking partnerships and accounts with those 'prominent banks', that allow us to ensure AML compliance. These allow us to validate/ cross-check information a lot faster than most other banks. We would not be able to get into any more details as of now. We will be announcing few more banks shortly though.

Do you know of any industry-wide standardised self-regulation? Perhaps overseen by NASSCOM, or some such?
newbie
Activity: 6
Merit: 0

Just in case you are not informed, globally for almost all real time exchanges you need to submit identity proof to adhere to AML/KYC norms. In case you want to buy/sell small amount of bitcoin for personal use/storage, you may use direct trading exchanges like www.LocalBitcoins.com or www.100bit.co.in. There, you'll be performing direct trade with buyers/sellers where these identity submission is not required.

Thank you for  pointers to those sites. I am aware of requirements of exchanges in general. Almost all of such also happen to be regulated, and have pretty stringent (or atleast expensive) controls and processes. Bitcoin exchanges are a in a different league at the moment. Hence my queries.
legendary
Activity: 1662
Merit: 1050
I am finding my way around the Bitcoin ecosystem in India. Apologies if some of these questions are too basic. I would appreciate a gentle pointer in the right direction.

Just in case you are not informed, globally for almost all real time exchanges you need to submit identity proof to adhere to AML/KYC norms. In case you want to buy/sell small amount of bitcoin for personal use/storage, you may use direct trading exchanges like www.LocalBitcoins.com or www.100bit.co.in. There, you'll be performing direct trade with buyers/sellers where these identity submission is not required.
legendary
Activity: 1890
Merit: 1000
Landscaping Bitcoin for India!
I am finding my way around the Bitcoin ecosystem in India. Apologies if some of these questions are too basic. I would appreciate a gentle pointer in the right direction.

I just singed up for an account on Coinsecure today, and quickly realized one needs to upload KYC documentation to get the account truly operational. Can someone enlighten me about:

(a) who has placed these KYC norms on companies like Coinsecure?

(b) Are Coinsecure and other companies regulated about how they store / use the personal information that is collected for this?

(c) What operational processes are in place to secure the documentation that is uploaded?

(d) I found logos of some prominent banks on Coinsecure website. What is the nature of these relationships? Is linking to an existing account with one of these banks an alternative to uploading sensitive personal documentation to a new / young company?

a - No One Places these norms... We have used them as advised by our legal counsel.
b - We, as all other Bitcoin companies in India are unregulated as on 2nd Jul 2015. However, we store all our customer information in an encrypted format on offline machines that never touch the net. We are very very careful with personal information and how it is stored as that sets the base for our business.
c - What operational tasks are you asking about? If you are asking about how we validate the details sent to us, then, we have a partner who validates the same - for a fee for us - This company was advised by our 'prominent' banking partners. We will not be disclosing that at the moment.
d - We have corporate banking partnerships and accounts with those 'prominent banks', that allow us to ensure AML compliance. These allow us to validate/ cross-check information a lot faster than most other banks. We would not be able to get into any more details as of now. We will be announcing few more banks shortly though.
newbie
Activity: 6
Merit: 0
I am finding my way around the Bitcoin ecosystem in India. Apologies if some of these questions are too basic. I would appreciate a gentle pointer in the right direction.

I just singed up for an account on Coinsecure today, and quickly realized one needs to upload KYC documentation to get the account truly operational. Can someone enlighten me about:

(a) who has placed these KYC norms on companies like Coinsecure?

(b) Are Coinsecure and other companies regulated about how they store / use the personal information that is collected for this?

(c) What operational processes are in place to secure the documentation that is uploaded?

(d) I found logos of some prominent banks on Coinsecure website. What is the nature of these relationships? Is linking to an existing account with one of these banks an alternative to uploading sensitive personal documentation to a new / young company?
Jump to: