diff options
author | Christian Grothoff <christian@grothoff.org> | 2023-05-16 12:00:22 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2023-05-16 12:00:22 +0200 |
commit | 496d2671eef8adac2ab1c20729cfc64cf54787c1 (patch) | |
tree | 63474529365cdb96b37edb8976c3bfb25a3a78be /template | |
parent | 47e5331656df4b574db28d487ead554579c57fd6 (diff) | |
download | www-496d2671eef8adac2ab1c20729cfc64cf54787c1.tar.gz www-496d2671eef8adac2ab1c20729cfc64cf54787c1.tar.bz2 www-496d2671eef8adac2ab1c20729cfc64cf54787c1.zip |
comment
Diffstat (limited to 'template')
-rw-r--r-- | template/kyc.html.j2 | 56 |
1 files changed, 43 insertions, 13 deletions
diff --git a/template/kyc.html.j2 b/template/kyc.html.j2 index 9004b0ea..b24fdbf4 100644 --- a/template/kyc.html.j2 +++ b/template/kyc.html.j2 @@ -5,9 +5,37 @@ <h1>KYC providers</h1> </header> <main id="maincontent"> - <h3>Criteria</h3> + <p> + GNU Taler operators need to satisfy regulatory requirements in terms + of Know-your-customer (KYC) regulation and risk assessment (which + usually starts with checking for politically exposed people (PEPs)). + KYC usually requires at the minimum for the customer to upload some + identity documents, which then must be verified. KYC often also + requires some kind of lifeness checks to ensure tha the owner of the + documents it the one passing the documentation along. + To this end, we have tried to find KYC "solutions" that would + help us address this. + </p> + <p> + Naturally, the goal is to do this with Free Software. However, all + of the solutions we found so far are proprietary + <a href="https://www.gnu.org/philosophy/who-does-that-server-really-serve.html">SaaSS</a>. + If you know of a solution that is actually Free Software, we would be + eager to hear from you. + </p> + <p> + In the absence of a proper FLOSS solution, we have looked at other + important criteria, such as the solution offering at least FLOSS + integration on the client-side, having an open API specification + (no NDA!), or even supporting a standard API. Technically, we + also need the KYC provider to work nicely over the + Web (not just with a smart phone), and from a business perspective + we like transparent pricing (alas, this is the least important + point). + </p> + <h3>Criteria Summary</h3> <p> - These are the key evaluation criteria we have: + Thus, these are the key evaluation criteria we have: <ul> <li>Supports collecting and validating KYC information, including PEP lists and ID documents from Europe </li> @@ -31,7 +59,8 @@ </p> <h3>Providers</h3> <p> - Here is a list of KYC solutions we have evaluated against the criteria above. + Here is a list of KYC solutions we have found and evaluated against the + criteria above. <table> <tr><td></td> <th>KYC?</th><th>Open API?</th><th>Web?</th> @@ -110,10 +139,10 @@ <td>❌</td><td>some</td><td>some</td> <td>❌</td></tr> </table> - Note that not offering Web support is a hard - criteria against a solution: we cannot use them - for the WebExtension, which is the most - FLOSS-friendly wallet. + Of these, we have for now selected KYCAID and WithPersona for our + first implementations as they seem closest to our objectives. + That said, the room for improvement for both towards respecting + their user's freedoms is huge. </p> <h3>❌t quite KYC Providers</h3> <p> @@ -121,6 +150,13 @@ searching for KYC providers that don't actually do the kind of KYC (with identity document verification and PEP list checks) that would be needed. + Note that not offering KYC support with document validation + and PEP lists is a absolutely hard + criteria against the solution: we believe such providers + would not usually satisfy the legal requirements. + These providers + are only listed so that they do not get re-evaluated as they + came up in a search. <table> <tr><td></td> <th>KYC?</th><th>Open API?</th><th>Web?</th> @@ -169,12 +205,6 @@ <td>✅</td><td>?</td><td>❌</td> <td>❌</td></tr> </table> - Note that not offering KYC support with document validation - and PEP lists is a absolutely hard - criteria against the solution: we believe such providers - would not satisfy the legal requirements. These providers - are only listed so that they do not get re-evaluated as they - came up in a search. </p> </main> </article> |