commit 496d2671eef8adac2ab1c20729cfc64cf54787c1
parent 47e5331656df4b574db28d487ead554579c57fd6
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 16 May 2023 12:00:22 +0200
comment
Diffstat:
1 file changed, 43 insertions(+), 13 deletions(-)
diff --git a/template/kyc.html.j2 b/template/kyc.html.j2
@@ -5,9 +5,37 @@
<h1>KYC providers</h1>
</header>
<main id="maincontent">
- <h3>Criteria</h3>
+ <p>
+ GNU Taler operators need to satisfy regulatory requirements in terms
+ of Know-your-customer (KYC) regulation and risk assessment (which
+ usually starts with checking for politically exposed people (PEPs)).
+ KYC usually requires at the minimum for the customer to upload some
+ identity documents, which then must be verified. KYC often also
+ requires some kind of lifeness checks to ensure tha the owner of the
+ documents it the one passing the documentation along.
+ To this end, we have tried to find KYC "solutions" that would
+ help us address this.
+ </p>
+ <p>
+ Naturally, the goal is to do this with Free Software. However, all
+ of the solutions we found so far are proprietary
+ <a href="https://www.gnu.org/philosophy/who-does-that-server-really-serve.html">SaaSS</a>.
+ If you know of a solution that is actually Free Software, we would be
+ eager to hear from you.
+ </p>
+ <p>
+ In the absence of a proper FLOSS solution, we have looked at other
+ important criteria, such as the solution offering at least FLOSS
+ integration on the client-side, having an open API specification
+ (no NDA!), or even supporting a standard API. Technically, we
+ also need the KYC provider to work nicely over the
+ Web (not just with a smart phone), and from a business perspective
+ we like transparent pricing (alas, this is the least important
+ point).
+ </p>
+ <h3>Criteria Summary</h3>
<p>
- These are the key evaluation criteria we have:
+ Thus, these are the key evaluation criteria we have:
<ul>
<li>Supports collecting and validating KYC information, including PEP lists and ID documents from Europe
</li>
@@ -31,7 +59,8 @@
</p>
<h3>Providers</h3>
<p>
- Here is a list of KYC solutions we have evaluated against the criteria above.
+ Here is a list of KYC solutions we have found and evaluated against the
+ criteria above.
<table>
<tr><td></td>
<th>KYC?</th><th>Open API?</th><th>Web?</th>
@@ -110,10 +139,10 @@
<td>❌</td><td>some</td><td>some</td>
<td>❌</td></tr>
</table>
- Note that not offering Web support is a hard
- criteria against a solution: we cannot use them
- for the WebExtension, which is the most
- FLOSS-friendly wallet.
+ Of these, we have for now selected KYCAID and WithPersona for our
+ first implementations as they seem closest to our objectives.
+ That said, the room for improvement for both towards respecting
+ their user's freedoms is huge.
</p>
<h3>❌t quite KYC Providers</h3>
<p>
@@ -121,6 +150,13 @@
searching for KYC providers that don't actually do the kind
of KYC (with identity document verification and PEP list checks)
that would be needed.
+ Note that not offering KYC support with document validation
+ and PEP lists is a absolutely hard
+ criteria against the solution: we believe such providers
+ would not usually satisfy the legal requirements.
+ These providers
+ are only listed so that they do not get re-evaluated as they
+ came up in a search.
<table>
<tr><td></td>
<th>KYC?</th><th>Open API?</th><th>Web?</th>
@@ -169,12 +205,6 @@
<td>✅</td><td>?</td><td>❌</td>
<td>❌</td></tr>
</table>
- Note that not offering KYC support with document validation
- and PEP lists is a absolutely hard
- criteria against the solution: we believe such providers
- would not satisfy the legal requirements. These providers
- are only listed so that they do not get re-evaluated as they
- came up in a search.
</p>
</main>
</article>
