Biometrics for Cryptocurrency Exchanges: Identity Verification Made Simple

Did you know? Out in San Francisco, there’s a man with ~$240m locked up in a Bitcoin wallet that he can’t remember the password to. He owns over 7,002 Bitcoin–gifted when they were worth a mere few dollars each. He only has two more guesses left before the wallet becomes inaccessible forever. 

Some people store their cryptocurrency in “cold wallets”, like our man from San Francisco. But to buy and sell cryptocurrency—either for fiat currency or another crypto—most create an account with exchanges, like Binance and Crypto.com. Some users opt to store their assets on these exchanges over longer periods, too.

But with this financial responsibility comes increasing regulation and legal scrutiny and regulation, such as Know Your Customer (KYC) and Anti-money Laundering  (AML) checks. In some jurisdictions exchanges are covered by AML regulations, such as AML6 in Europe, while in others the laws surrounding digital assets are still being solidified. 

In this article, we’re zeroing in on cryptocurrency exchanges. Ultimately, many cryptocurrency exchanges with weak KYC and AML processes in place may face compliance risks. iProov technology can help by verifying the asserted identity as part of an onboarding and authentication process that’s secure, inclusive, and  effortless. This is the foundation of proper KYC and AML compliance efforts. 

What is cryptocurrency? 

Cryptocurrencies are digital currencies that are secured using cryptography. Often, they make use of blockchain technology, which stores a record of each transaction made on each computer that interacts with the blockchain. This means that transactions are immutable and unchangeable, aiming to create trust across the network. This also enables them to operate without the need for any central authority to authorize transactions (such as a bank).

Cryptocurrencies have become a frenzied frontier of speculation and investment, with the market reaching a peak capitalization of $3 trillion in November 2021. Whatever your opinion on cryptocurrency, it doesn’t look like it’s going anywhere anytime soon.

What are cryptocurrency exchanges?

Exchanges act as a bridge between traditional fiat currencies and cryptocurrencies, allowing users to create an account and they can buy and sell crypto. 

Some users ultimately opt to store their cryptocurrency on exchanges, so they don’t end up locked out of their funds like the man with two password guesses remaining.  If users forget their password, the exchange can usually help them verify their identity and restore access to the account (unlike with cold wallets). 

Despite this financial responsibility, over two thirds of the top 120 cryptocurrency exchanges have weak KYC controls. 

So, why and how should cryptocurrency exchanges use biometric face verification? 

Crucially, cryptocurrency exchanges need to keep untrustworthy people out while making identity verification easy and quick for legitimate customers. This is especially important in an expanding and competitive market: potential customers value effortless onboarding and authentication.

Traditional financial institutions devote significant resources to KYC and AML compliance because they’re regulated entities and otherwise face fines and sanctions. Cryptocurrency exchanges will likely need to follow suit.

iProov is a cutting-edge solution to the above problems. Enabling strong identity verification of a customer using face biometrics is the most crucial step in anti-money laundering and KYC requirements. It enables exchanges to prove they’re engaging with the real person, right person, right now–rather than bots or bad actors–while offering a seamless user experience. 

It’s worth noting again that some jurisdictions still don’t classify crypto as a currency and therefore existing regulations will not apply uniformly. However, the crypto space is changing quickly and exchanges should put best practices in place. Many of the top exchanges are hiring or have hired compliance leads to prepare.

iProov use cases for cryptocurrency exchanges

Using iProov, exchanges can assure genuine presence with a facial biometric verification as they onboard new users or authenticate returning ones. This maximizes security and  user experience. 

There are three main components iProov can facilitate for crypto exchanges:

• Onboarding: To onboard a new user, you need to accurately verify the asserted identity against a photo from a trusted identity document (such as passport or driver’s license), and carry out an iProov GPA or Liveness check to create a biometric profile–linking the face to the document and verifying the new user.
• Ongoing authentication: Exchanges then need to be sure the same user is returning to the exchange rather than a fraudster or imposter. Using the biometric template provided during onboarding, you can log users back in securely and effortlessly with a brief facial scan. Other methods of securing authentication, such as OTPs, can have serious usability and security flaws. Read more on authentication types here.
• Identity recovery: If a user loses their device, or it breaks or gets stolen, they lose the ability to authenticate themselves. iProov’s cloud-based identity verification enables them to securely access their account via any other device without needing to re-enroll.

iProov technology is already supporting the relationships cryptocurrency organizations such as Synaps have with regulators, helping the world of digital assets to flourish. 

Benefits of iProov face biometrics for cryptocurrency exchanges

• Delights customers and improves net promoter score: Passive verification enable customers to remotely and securely prove who they are, with no additional burden.
• Maximizes inclusivity: Authentication irrespective of cognitive ability, age or ethnicity. No complex instructions to read, understand or execute.
• Device agnostic, omni-channel authentication: No need for special hardware, users can authenticate themselves on any device with a user-facing camera. This includes smartphones, laptops, desktops, tablets or via kiosk terminals.
• User centric design: Fast and accurate authentication means that iProov users can complete biometric authentication of their identity in 1.1 attempts versus other vendors, whose users often require 2.4 attempts.
• High level of accuracy: Delivers market leading biometric authentication and anti-spoofing across a range of attacks; not just standard presentation attacks but also highly scalable injection attacks using deepfakes and replays.
• Rapid deployment: Fast and easy integration with lightweight SDK. iProov is available on Web, iOS, Android.
• Cloud-based security: iProov does not rely on the user’s device for security, removing the risk from compromised devices or sensors. This maintains the integrity of the authentication process and can not be reverse engineered by attackers.
• Active threat management: The iProov Security Operations Centre (iSOC) provides resilience against sophisticated emerging attacks by combining advanced technology with responsive processes.
• Protects privacy: iProov uses a privacy firewall and strong encryption techniques to protect highly sensitive data such as face biometric to safeguard the user’s confidentiality.

Genuine Presence Assurance for cryptocurrency exchanges

Genuine Presence Assurance (GPA) uses a simple, passive face scan to assure that an individual…

• Is the right person, using face matching and matching the identity to a trusted photo identity document.
• Is a real person, and not a presentation attack (a physical or digital artifact presented to the device sensor, like a photo or mask).
• Is authenticating right now, and not a digitally injected attack using a deepfake or other synthetic media (ensured by GPA’s one-time biometric delivered by Flashmark).

iProov offers both Liveness Assurance and Genuine Presence Assurance. GPA assures users are authenticating in real-time and comes with iSOC active threat management in addition to liveness detection, so is the recommended technology for verifying the identity of users in higher-risk scenarios. 

Biometric Liveness Detection for cryptocurrency exchanges

Liveness Assurance technology verifies that a remote user is the right person (not an imposter or criminal) and a real, living person (not a photograph, mask, or digital screen).

Liveness solutions usually offer protection against known attacks, such as presentation attacks, but cannot verify that an online user is present in real time, nor can they react and respond to new and emerging threats (like Genuine Presence Assurance can).

iProov’s Liveness Assurance is a best of breed liveness solution and delivers an effortless, passive user experience. However, it’s better suited to lower-risk scenarios. Due to the risk profile carried by cryptocurrency exchanges and potential KYC and AML regulatory scrutiny, GPA is recommended. 

Cryptocurrency and biometrics: a summary 

• Most countries seem to agree that the commercial exchange of cryptocurrency for fiat currency should be subject to KYC, AML, and counter terrorism financing obligations. Many jurisdictions are already subject to regulation, such as AML6. 
• This means that cryptocurrency exchanges need proper KYC and AML procedures and technologies in place. iProov technology offers the most secure, inclusive, and effortless method of onboarding and authenticating users–which is the foundation of KYC and AML good practice.
• Cryptocurrency exchanges should implement secure biometric verification and authentication technology as a priority. Those that can show they value customers’ safety and engage with compliance rules and regulations. 
• iProov recommends using Genuine Presence Assurance to ascertain that each crypto exchange user is the right person, a real person, authenticating right now.

If you’d like to see how iProov’s Genuine Presence Assurance technology can secure and streamline your online customer onboarding and authentication in the cryptocurrency sector, book an iProov demo here.