Topic: Who is behind KYC info? Why we don't ask them for KYP? (Read 423 times)

The issues of conducting KYC have remained largely unregulated so far. While everything is clear with regard to government agencies, they must have clear rights and obligations in accordance with local laws, in relation to commercial organizations, this is still the "wild west." They conduct KYC at their own discretion, and at their discretion, they will request the amount of confidential information provided to them. They have no idea what to do next with such information, where and for what period of time to store it and how to use it. Overall, this is very dangerous. Therefore, such passages of KYC should always be avoided.

this is a very irritating question in the crypto world, because many companies related to cryptocurrencies are just sites without any physical office, without license and anonymous. it is ridiculous to do KYC on an exchange that the owner is anonymous or that the exchange is of dubious conduct. I know that people can say: "If you don't like the exchange policy, just change the exchange". true it would be very good if it were that simple. there are few reliable exchanges and there are also few exchanges that have had few cases of scam. but all exchanges do not bet on the creation of physical offices what leaves people with doubts where the documents we deliver go? does any government inspect the exchanges to see if our documents are properly secured? are questions that I keep asking myself all the time. there was a time I didn't sleep thinking about it

Generally, you know exactly who is handling your KYC information. Its the company you are directly dealing with, which is registered as a business, and therefore through the freedom of information act you can gather certain amounts of information about them. The issue is, the selling of data between companies. That's the real problem, I actually believe in the movement of not allowing companies to sell any customer data whatsoever. Obviously, this will never become a reality as advertising is such a big market these days.

So, although you do know who's handling the data directly, you don't know exactly who they might be selling this data too. Its worth checking their terms of service, and whether they explicitly state that they don't sell your data. However, that's not a guarantee in this day, and age where big companies are often caught breaking the rules in one way or another, and largely getting away with it.

I don't know who is behind of KYC info. Because we never asked them for KYP. This is really a clever idea to asked them KYP. But i think they don't give it to us.

When the whole world is faced with the choice of legalizing cryptocurrency or banning it - KYC is part of why it is legalized. Projects that request such conditions have more confidence and, as a result, get what they need faster. Collect money, form a community. If everything is anonymous, it is unlikely that governments looking at this circumstance will agree with the policy of allowing cryptocurrency and integrating it into national financial systems. Something has to be sacrificed. I think bona fide investors and cryptocurrency holders are also interested in this.

According to the FATF recommendation of June 2019, which is mandatory for more than 200 member states, KYC should be carried out only for the purpose of preventing money laundering and combating the financing of terrorism, and at the same time for transactions that exceed one thousand euros. For other purposes, KYC should not be required. Based on this general recommendation, the states should have passed the appropriate national laws within one year, which should specify who and to what extent can use the KYC check and under what conditions it should be stored.
This casts doubt on the legality of the KYC requirement by the teams of new ICO projects. Apparently, for this reason, we do not see the requirements for passing KYC when participating in bounty companies.

I agree with your observation that is why I only do KYC to popular and compliant exchange, I never do KYC to newly launch KYC or ICO and airdrop that is why I missed a lot of bounty campaign because I do not want to be part of these campaigns that ask for bounty campaign, if they do not show compliant and who are the team behind I'll never do KYC.

The best alternative is to use private-oriented cryptocurrencies, many of them use decentralized exchanges like Bisq. In the future, many crypto projects will turn into this type of business, because of the privacy advantages they offer.

If we begin to constantly exchange confidential information in cryptocurrency, it will be some kind of nonsense. We do not need KYC checks on small transactions. Decentralization in this matter will not solve the problem. Clear rules are required to comply with the KYC procedure, such as, for example, FATF requirements. According to the recommendations of this organization, a KYC check should be applied if transactions exceed one thousand euros. More than two hundred participating States must comply with this binding recommendation by June 21 of this year. This will be an acceptable solution to the KYC problem in cryptocurrency.

KYP is just common sense.

When I chose a bank, I visit the bank first. I walk in, looking at the building and the people there. I would never consider opening an account online to some new online bank like Mistertango or the like. You may also check a bank rating on Fitch, or some other provider of credit ratings.

When it comes to exchanges, I look for the large, old and established ones. Sadly, that was not enough, I lose money with Poloniex last year. You have to be very cautious.

What OP is asking for or talking about in real life is called unveiling the mask or legal personality. This is the court that judicare on that but I don't know how that relief can be granted for online business or is going to be based on mutual agreement from exchange operators in the spirit of transparency.

i never read terms and conditions to be honest but i still dont think that they will put on it on thier terms if what would they do on your kyc because that is already a serious matter  .

 no one will know if what will their doing with our  kyc's but one thing is for sure that legit and trusted companies will never done  harm on your data's  while fraud and scam company can say that they will keep your data's safe but deep inside they are doing another business with it  .

KYC is dangerous for users because it's our money and privacy at stake.

If I physically go to an exchange willing to change $500k into 500 EUR and they ask me to declare where the $500k comes from, I have the option to take my money back and leave the exchange. Here though, you have no option. You can send them your money but they'll hold it in their own accounts unless you give them what they need. It's some kind of a hostage situation, the hostage being your money.

In reality, this would look like: you give me your wallet to take a look at it and I'll seize it unless you give me your documents.

If there are no other alternatives to KYC, then change the law. Make it so it is mandatory pre-depositing or upon account creation to validate your identity. Or don't apply KYC at all. Ironicall, I feel safer on an exchange without KYC than on one with it implemented.

How are you able to judge if it KYC is practical or not if there are no known alternatives for it except for the service being KYC-free? Also there is no such thing as "KYP" at least that's not what it's really called, OP is just creating a counter on the KYC we are having for the companies and services asking for it yet he completely forgets the fact that in order for them to fully operate and run legally they need to be a registered and  a certified company or at least comply with the requirements of the SEC. The process itself is a good as a KYC equivalent for them since they need to submit their own personal information to build their own company/project. Also don't expect services that don't require KYC to remain KYC-free inevitably the authorities will catch up to them and require them KYC.

In the end, the users have the power of choice, they can accept or not provide KYC if they want to use centralized services.

KYP and KYC are not practical and dangerous for users. These verification systems are not suitable, but so far there are no alternatives, we can not do anything. There remains the option of interacting with exchanges which do not require KYC, however, I doubt that your assets will be safe

KYP is a great addition but i think some projects publicly announced which is their KYP. Specially i know that about 2 projects Datablockchain and Moozicore public their KYP partner. Here is my fear when i provide KYC in the some bounties. Mostly project asking kyc and i always frustrated about my privacy, in previous a few of bounties scammed here i was completely it.  

Well, sound like a good point. But as far as I remember, every KYC registration requires the user to read terms and conditions. They would state there where would they put your information and why. The company that possess your sensitive information and an assurance that they will keep it confidential and will only use it for verification purposes. Am I correct? --please correct me if I'm wrong.

Yes, they are registered, but the level above of them are people working for centralized organizations, and who is asking these centralized organizations for transparency, accountability, data protection? etc? a lot of people are indifferent and don't question authorities...

something I found online and I agree what they say:
"KYC is identity theft. When you use an exchange, you’re trusting them with your funds, not the other way round. Unless they provide you with passport copies, bank statements, selfies, & proof of residence of all their staff members - you shouldn’t have to provide a thing"

"KYP" exists and maybe you just don't realize it by now, these businesses won't even be legal if they haven't submitted the appropriate documents needed to be fully operational in their country. Before one can even erect their business they must provide things such as their articles of incorporation, certificate of business registration, valid IDs, Proof of address and dozens more that if they screw up it will be easier for them to be found. All of the information they have provided to the government will also be accessible to you if you know where to find them such as their SEC's website or a company registration list in your country.

No buddy, you are not getting my point here! We can ask N numbers of KYP data from our providers. Including how they are storing our data and who all are having access to it etc. But my point is that, how do you prove that a company sold off your data to a third party? What action would you take after knowing that fact? Remember, we are free to go to consumer protection forum at any point of time. But how do we prove that that company actually sold off our data? It's a big gap!

Data protection is a big issue these days, hopefully, blockchain will bring solutions to that.

I don't necessarily have a problem with this, but my gripe is that KYC isn't for transparency at all; it's for accountability. It's a requirement set by regulators, so it's not like providers are requiring it just for the sake of having your data. Also, as far as reciprocality goes, isn't it reciprocal that regulators are also asking company heads for their personal data? For as long as a business is legitimately registered, you will have access to all the information you need for a lawsuit (which means they can be held accountable) -- that tells me that provider transparency or reciprocality isn't the problem with KYC, unless your solution to private data being mishandled is doxxing them.

If the problem is that providers are able to get away scot-free from mishandling data, then way I see it, there are two simple solutions: 1) abolish KYC entirely -- meaning providers won't have an excuse to ask for our personal information anymore or 2) stronger data privacy laws -- impose penalties that will actually make providers think twice and thrice about being reckless or doing anything shady with customer data. We know KYC won't be abolished, but we can actually urge lawmakers to pay more attention to data protection.

I see where you're coming from though. I personally stay away from KYC unless absolutely necessary.

So far costumers are used to providing personal information without demanding their providers for transparency. As we know this is the result of how indoctrinated the system is making the masses, that people have forgotten to claim for what is fair and reciprocal.

That makes sense. I have been looking at how trustless exchanges on Ethereum work and I have to say that I'm very impressed with the state of the whole ecosystem. It's so easy to exchange one ERC20 token for the other on one of the several dexes that I hope to see Bitcoin adopt some of these features as well.

That's how you make centralized exchanges asking for KYC and whatnot obsolete. It has been the goal for many people since the very beginning and it's getting closer and closer, but it seems that Bitcoin itself has still a lot of catching up to do in order to stop seeing the gap with Ethereum widen further on that front.

In this scenario use your common sense.

I'm fine doing it with somewhere like Coinbase. It's not great but at least I know they're vaguely competent.

I would not be fine doing it with some piece of shit airdrop on here or any shitcoin exchange.

As for them giving you their details, that ain't happening.

It's a good idea you know, it's the first time to hear/read that we're going to demand it to the providers or businesses that we want to use. But basically, they wouldn't do this kind of compliance just for the sake of a customer and that is why they have "About Us" and it's the least that they can provide.

I highly doubt it that they will provide those important details about them such as #2 given example of avikz but the rest including the address, name, company's organizational chart and other details that can be publicly displayed can easily be asked to them.

Once a business is legally registered, all of its information can be found in government agencies where they got their legal status to do business. I am sure those data can be retrieved by anyone asking for it. Now, what we should be worrying are illegal firms pretending to be legal and have more chance of dealing with the information from their customers not accordance to the law existing to protect data misuse. However, I think the idea of KYP has no chance of progressing so it is all up to us to do our due diligence and use our right to choose the providers whom we think are behaving well, though admittedly that can be a difficult one to determine because even famous names online are also mismanaging data of their own customers and users (remember Facebook?). Data gathering, handling and management will always be an issue all because we are already in the data era and data can be a good mine for money and can have big potential economic power one can use well or abuse.

That is a good list, and I am sure that at some point in time there will be some blockchain projects using smart contracts in order to set all these questions into a contract, so clients and providers can benefit from settle down the basics of protecting users with data privacy, and enforcing KYP at the same time.

Right now we know that doing the process of KYC is a pain in the ass.

Well, avikz's list is a good start, but what interests me the most is what they'll do with my data:

• How is it stored (which medium, firewalls, unrouted networks, which database vendor, which OS,...)
• Where is it stored (which countrie(s), where do they keep their backups, is there a guard in the datacenter,...)
• How long will it be stored (x months after transaction, forever,...)
• Who will be able to access my data (all employees, certain employees, only the person in charge of KYC, partners of the company, anybody giving the company money, everybody in general, a 3 letter agency without a warrant,...)

I'd like this info from every company i give my info to... And it should be verified by a trustworthy thirth party before i believe anything they say.

Far to often i've heared from companies that keep sensitive data in a web accessible relational database on an unpatched, unfirewalled system... I've seen companies keeping their backups on a public accessible ftp server (with an old, vulnerable ftp daemon). I've even seen companies that had backupsets that were available on their website (backups taken with phpmyadmin into a remote accessible path that were not moved to safety after the backup had run).
In these cases, it didn't even matter if you knew the legal name of the company. Sure, you'll have someone to drag to court, but the harm has already been done. I'd rather not have to sew a company than getting some money from them because they lost all my private information and it's now for sale for a couple bucks on some darknet marketplace forever....

Y'all need proper data protection laws.

GDPR got a lot of flak for forcing people to cLicK aWaY uNneCesSaRy cOoKie wARnInGs but it's the sort of legislation created for redeeming exactly that.

For EU citizens there's the Right of access, which includings, amongst other things, information regarding:


(yes, I'm aware of the irony of quoting a UK site just a couple days short of Brexit)

Apart from that, if you're tired of using opaque and untrustworthy exchanges... stop using them. It's a free market, there's plenty of alternatives out there these days.

Know Your Customer, Know Your Partner. What comes next?

I think we should be looking for ways to stop this KYC policy instead, as in my opinion it only does more harm than good. Look around what's going on with the platforms using KYC and see for yourself.

Bittrex basically confiscated my funds by enforcing a mandatory KYC verification post-deposit. I only care about the safety of my funds, and KYC lowers the safety of them a lot more than lawmakers might've expected.

KYP wouldn't make things fair for both sides. What would knowing who's behind Bittrex help me with if they've confiscated my money thanks to KYC? It's exactly the same thing, but more privacy is invaded. Instead of making things better, it would make them worse. Instead of adding this policy, I would work on changing the KYC first so stealing of funds won't be legal anymore... because KYC basically makes money stealing legal. Fair? Obviously not.


If KYP would be implemented, platforms would offer it from registration phase. And then it would function just like it does right now, without KYP implemented.

I'm not sure if having their ID public is a good idea, and it certainly isn't as fair as you suggest. Your KYC details aren't made publicly available and neither should theirs, unless they freely do it on their own. But hey, ironically enough, they do need to provide all of these details if they follow legal procedures in setting up a business, meaning you should be able to get a hold of SEC (or your country's equivalent) to be able to verify the details of their registration (or if they're even properly registered). I'm not sure if they'll tell you the names of the heads without a legal proceeding underway, but those details will be available to people who can hold them accountable anyway (i.e. the authorities).

It is a good idea, however, to get to know who will potentially handle your data, so you should always do KYP anyway; except IMO more on what they do, how reputable they are, etc., and less on their personal identity which you won't be able to do anything with anyway.

Then simply boycott anyone asking for kyc if they don't offer kyp.

Theres none for sure and after such complaint.Then whats next? This is why its a total waste of time if you do pursue or trying to fight on.
KYP is good but pretty sure that majority of those providers wont surely comply nor wont mind on such request.

Don't have any list, this is just a general idea first and sees how it develops with the input of many other clever, thinking, creative minds here!

For the first one you suggested, it should be for both physical person full name, and company/corporation names, and if it is a corporation or business name, which it has a big list of all its members behind, which normally companies have always their member's name hidden, which need to be always upfront available to anyone to verify who they are.


For the second question about what to do when a company is selling people's data... As we know we are still in a new field, where there are few options for the clients to do when things like that happen. But I am sure this will soon be different if people keep talking and bring new ideas to stop the abuser from selling personal data!

Do you have a list of details which we must know about our providers before conducting any business? If not, let me give you one,

1. Legal name
2. Tax ID/SSN/PAN
3. Registered address
4. Details of grievance redressal officer and escalation matrix

Can you think of aything else? Now lets assume the company sells off your data to a third party. What extra will you do apart from going to the consumer protection bureau? Let's be practical!

We know that centralization is a big problem for society these days, because of its many issues like bureaucracy, inefficiency, corruption, manipulation, data privacy, steal and sale of private information, etc!

KYC is another issue because nobody knows where their info will be ended and who will see it or use it.

The problem with KYC is who is asking for it and what use they will give. There should be a KYP (Know your provider) so far we don't have such a thing! and nobody is thinking about it!

The first step before doing our KYC, we the users should apply KYP and make sure we know who is holding our personal info, the people behind centralized companies need to have their full names and id publicly, they need to be accountable, and transparent. after that, we should proceed to do KYC.

Clever ideas?