taler-www

kyc.html.j2 (11323B)

---

 {% extends "common/base.j2" %}
 {% block subtitle %}{{ _("KYC providers")}}{% endblock subtitle %}
 {% block body_content %}
 <main id="maincontent">
   <article class="container">
     <h1>KYC providers</h1>
     <p>
       GNU Taler operators need to satisfy regulatory requirements in terms
       of Know-your-customer (KYC) regulation and risk assessment (which
       usually starts with checking for politically exposed persons (PEPs)).
       KYC usually requires at the minimum for the customer to upload some
       identity documents, which then must be verified. KYC often also
       requires some kind of lifeness checks to ensure that the owner of the
       documents is the one passing the documentation along.
       To this end, we have tried to find KYC "solutions" that would
       help us address this.
     </p>
     <p>
       Naturally, the goal is to do this with Free Software.  However, all
       of the solutions we found so far are proprietary
       <a href="https://www.gnu.org/philosophy/who-does-that-server-really-serve.html">SaaSS</a>.
       If you know of a solution that is actually Free Software, we would be
       eager to hear from you.
     </p>
     <p>
       In the absence of a proper FLOSS solution, we have looked at other
       important criteria, such as the solution offering at least FLOSS
       integration on the client-side, having an open API specification
       (no NDA!), or even supporting a standard API.  Technically, we
       also need the KYC provider to work nicely over the
       Web (not just with a smartphone), and from a business perspective
       we like transparent pricing (alas, this is the least important
       point).
     </p>
       <h3>Criteria Summary</h3>
       <p>
         Thus, these are the key evaluation criteria we have:
         <ul>
           <li>Supports collecting and validating KYC information, including PEP lists and ID documents from Europe
           </li>
           <li>Open API specification (no NDA, directly on web site)
           </li>
           <li>Web interface support (no required app-only integration, can run KYC process just in a browser)
           </li>
           <li>Supports standard open API (OpenID, OIDC, etc.)
           </li>
           <li>Client-side code is FLOSS (no proprietary JavaScript and/or FLOSS app integrations)
           </li>
           <li>Transparent pricing (prices not only upon inquiry)
           </li>
           <li>Server-side is fully FLOSS (not SaaSS)
           </li>
        </ul>
        The list is not intended to be complete. Other criteria would include where
        data is hosted, and how privacy-friendly the solution is overall (e.g. is
        additional data collected, can profiles be easily deleted, etc.). However,
        already the above list narrows down the field to basically nobody.
       </p>
       <h3>Supported Providers</h3>
       <p>
         These are the KYC solutions for which a GNU Taler integration is
         available or under active development:
         <table>
           <tr><td></td>
              <th>KYC?</th><th>Open API?</th><th>Web?</th>
              <th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th>
              <th>FLOSS server?</th></tr>
           <tr><th><a href="https://git-www.taler.net/challenger.git/">Challenger</a></th>
              <td>&#10060;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#9989;</td><td>&#9989;</td><td>free</td>
              <td>&#9989;</td></tr>
           <tr><th>kycaid.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#9989;</td>
              <td>&#10060;</td></tr>
           <tr><th>withpersona.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#10060;</td><td>some</td><td>some</td>
              <td>&#10060;</td></tr>
         </table>
         <a href="https://docs.taler.net/taler-challenger-manual.html">Challenger</a>
         is our own home-brewed address validation service
         (under development); it doesn't actually do real KYC by our
         definition, but may still be useful in some legal scenarios.
         We additionally selected KYCAID and WithPersona for our
         first implementations as they seem closest to our objectives
         (see below for lists of other providers we considered),
         and we needed <em>some</em> KYC support.
         That said, there is room for improvement for both of these
         solutions towards respecting their users' freedom.
       </p>
       <p>
         Adding support for additional KYC providers largely requires
         implementing a KYC plugin, that is a shared library exporting
         the <a href="https://git-www.taler.net/exchange.git/tree/src/include/taler_kyclogic_plugin.h">
         KYC plugin API</a>. If you need help implementing additional
         KYC adapters, please do not hesitate to contact
         <a href="https://taler-systems.com/en/company.html#contact">us</a>, we will
         be happy to support your efforts!
       </p>
       <h3>Other providers</h3>
       <p>
         Here is a list of other KYC solutions we have found and evaluated against the
         criteria above.
         <table>
           <tr><td></td>
              <th>KYC?</th><th>Open API?</th><th>Web?</th>
              <th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th>
              <th>FLOSS server?</th></tr>
           <tr><th>Actico.com</th>
              <td>&#9989;</td><td>&#10060;</td><td>?</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>iDenfy.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#10060;</td><td>some</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>idnow.io</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>idscan.net</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#10060;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>jumio.com</th>
              <td>&#9989;</td><td>&#10060;</td><td>?</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>kyc2020.com</th>
              <td>&#9989;</td><td>&#10060;</td><td>&#9989;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#9989;</td>
              <td>&#10060;</td></tr> <!-- consider -->
           <tr><th>metamap.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>passbase.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#9989;</td><td>&#10060;</td><td>&#9989;</td>
              <td>&#10060;</td></tr> <!-- consider -->
           <tr><th>plaid.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#10060;</td><td>some</td><td>&#10060;</td>
              <td>&#10060;</td></tr> <!-- consider -->
           <tr><th>shuftipro.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#10060;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>SumSub.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#9989;</td>
              <td>&#10060;</td></tr>
           <tr><th>swiftdil.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>tricky</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#9989;</td>
              <td>&#10060;</td></tr>
           <tr><th>tokenoftrust.com</th>
              <td>&#9989;</td><td>weird</td><td>&#9989;</td>
              <td>&#10060;</td><td>some</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>Trulioo.com</th>
              <td>&#9989;</td><td>&#10060;</td><td>?</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>Ondato.com</th>
              <td>&#9989;</td><td>&#10060;</td><td>?</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#9989;</td>
              <td>&#10060;</td></tr>
           <tr><th>onfido.com</th>
              <td>&#9989;</td><td>&#9989;</td><td>?</td>
              <td>&#10060;</td><td>some</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
         </table>
       </p>
       <h3>Not quite KYC Providers</h3>
       <p>
         Here is a list of identity management solutions we found
         searching for KYC providers that don't actually do the kind
         of KYC (with identity document verification and PEP list checks)
         that would be needed.
         Note that not offering KYC support with document validation
         and PEP lists is a absolutely hard
         criteria against the solution: we believe such providers
         would not usually satisfy the legal requirements.
         These providers
         are only listed so that they do not get re-evaluated as they
         came up in a search (and it took time to understand that
         they do not actually offer KYC).
         <table>
           <tr><td></td>
              <th>KYC?</th><th>Open API?</th><th>Web?</th>
              <th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th>
              <th>FLOSS server?</th></tr>
           <tr><th>accubits/smart-kyc</th>
              <td>&#10060;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#10060;</td><td>&#9989;</td><td>free</td>
              <td>&#9989;</td></tr>
           <tr><th>Authlete.com</th>
              <td>&#10060;</td><td>&#9989;</td><td>?</td>
              <td>&#9989;</td><td>n/a</td><td>&#9989;</td>
              <td>&#10060;</td></tr>
           <tr><th>Gluu.org</th>
              <td>&#10060;</td><td>&#9989;</td><td>?</td>
              <td>&#9989;</td><td>?</td><td>free</td>
              <td>&#9989;</td></tr>
           <tr><th>microblink.com</th>
              <td>&#10060;</td><td>&#10060;</td><td>?</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>nomidio.com</th>
              <td>&#10060;</td><td>&#9989;</td><td>?</td>
              <td>&#9989;</td><td>?</td><td>&#9989;</td>
              <td>&#10060;</td></tr>
           <tr><th>privo.com</th>
              <td>&#10060;</td><td>&#10060;</td><td>?</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>scytales.com</th>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
           <tr><th>Seon.io</th>
              <td>&#10060;</td><td>&#9989;</td><td>&#10060;</td>
              <td>&#10060;</td><td>&#10060;</td><td>&#9989;</td>
              <td>&#10060;</td></tr>
           <tr><th>Signicat.com</th>
              <td>&#10060;</td><td>&#9989;</td><td>&#9989;</td>
              <td>&#9989;</td><td>?</td><td>&#10060;</td>
              <td>&#10060;</td></tr>
         </table>
       </p>
 </article>
 {% endblock body_content %}