diff options
Diffstat (limited to 'template/kyc.html.j2')
| -rw-r--r-- | template/kyc.html.j2 | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/template/kyc.html.j2 b/template/kyc.html.j2 new file mode 100644 index 00000000..0ed6ebbc --- /dev/null +++ b/template/kyc.html.j2 @@ -0,0 +1,233 @@ +{% extends "common/base.j2" %} +{% block body_content %} +<main id="maincontent"> + <article class="container"> + <h1>KYC providers</h1> + <p> + GNU Taler operators need to satisfy regulatory requirements in terms + of Know-your-customer (KYC) regulation and risk assessment (which + usually starts with checking for politically exposed persons (PEPs)). + KYC usually requires at the minimum for the customer to upload some + identity documents, which then must be verified. KYC often also + requires some kind of lifeness checks to ensure that the owner of the + documents is the one passing the documentation along. + To this end, we have tried to find KYC "solutions" that would + help us address this. + </p> + <p> + Naturally, the goal is to do this with Free Software. However, all + of the solutions we found so far are proprietary + <a href="https://www.gnu.org/philosophy/who-does-that-server-really-serve.html">SaaSS</a>. + If you know of a solution that is actually Free Software, we would be + eager to hear from you. + </p> + <p> + In the absence of a proper FLOSS solution, we have looked at other + important criteria, such as the solution offering at least FLOSS + integration on the client-side, having an open API specification + (no NDA!), or even supporting a standard API. Technically, we + also need the KYC provider to work nicely over the + Web (not just with a smartphone), and from a business perspective + we like transparent pricing (alas, this is the least important + point). + </p> + <h3>Criteria Summary</h3> + <p> + Thus, these are the key evaluation criteria we have: + <ul> + <li>Supports collecting and validating KYC information, including PEP lists and ID documents from Europe + </li> + <li>Open API specification (no NDA, directly on web site) + </li> + <li>Web interface support (no required app-only integration, can run KYC process just in a browser) + </li> + <li>Supports standard open API (OpenID, OIDC, etc.) + </li> + <li>Client-side code is FLOSS (no proprietary JavaScript and/or FLOSS app integrations) + </li> + <li>Transparent pricing (prices not only upon inquiry) + </li> + <li>Server-side is fully FLOSS (not SaaSS) + </li> + </ul> + The list is not intended to be complete. Other criteria would include where + data is hosted, and how privacy-friendly the solution is overall (e.g. is + additional data collected, can profiles be easily deleted, etc.). However, + already the above list narrows down the field to basically nobody. + </p> + <h3>Supported Providers</h3> + <p> + These are the KYC solutions for which a GNU Taler integration is + available or under active development: + <table> + <tr><td></td> + <th>KYC?</th><th>Open API?</th><th>Web?</th> + <th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th> + <th>FLOSS server?</th></tr> + <tr><th><a href="https://git.taler.net/challenger.git/">Challenger</a></th> + <td>❌</td><td>✅</td><td>✅</td> + <td>✅</td><td>✅</td><td>free</td> + <td>✅</td></tr> + <tr><th>kycaid.com</th> + <td>✅</td><td>✅</td><td>✅</td> + <td>❌</td><td>❌</td><td>✅</td> + <td>❌</td></tr> + <tr><th>withpersona.com</th> + <td>✅</td><td>✅</td><td>✅</td> + <td>❌</td><td>some</td><td>some</td> + <td>❌</td></tr> + </table> + <a href="https://docs.taler.net/taler-challenger-manual.html">Challenger</a> + is our own home-brewed address validation service + (under development); it doesn't actually do real KYC by our + definition, but may still be useful in some legal scenarios. + We additionally selected KYCAID and WithPersona for our + first implementations as they seem closest to our objectives + (see below for lists of other providers we considered), + and we needed <em>some</em> KYC support. + That said, there is room for improvement for both of these + solutions towards respecting their users' freedom. + </p> + <p> + Adding support for additional KYC providers largely requires + implementing a KYC plugin, that is a shared library exporting + the <a href="https://git.taler.net/exchange.git/tree/src/include/taler_kyclogic_plugin.h"> + KYC plugin API</a>. If you need help implementing additional + KYC adapters, please do not hesitate to contact + <a href="https://taler-systems.com/en/company.html#contact">us</a>, we will + be happy to support your efforts! + </p> + <h3>Other providers</h3> + <p> + Here is a list of other KYC solutions we have found and evaluated against the + criteria above. + <table> + <tr><td></td> + <th>KYC?</th><th>Open API?</th><th>Web?</th> + <th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th> + <th>FLOSS server?</th></tr> + <tr><th>Actico.com</th> + <td>✅</td><td>❌</td><td>?</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>iDenfy.com</th> + <td>✅</td><td>✅</td><td>✅</td> + <td>❌</td><td>some</td><td>❌</td> + <td>❌</td></tr> + <tr><th>idnow.io</th> + <td>✅</td><td>✅</td><td>✅</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>idscan.net</th> + <td>✅</td><td>✅</td><td>❌</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>jumio.com</th> + <td>✅</td><td>❌</td><td>?</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>kyc2020.com</th> + <td>✅</td><td>❌</td><td>✅</td> + <td>❌</td><td>❌</td><td>✅</td> + <td>❌</td></tr> <!-- consider --> + <tr><th>metamap.com</th> + <td>✅</td><td>✅</td><td>✅</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>passbase.com</th> + <td>✅</td><td>✅</td><td>✅</td> + <td>✅</td><td>❌</td><td>✅</td> + <td>❌</td></tr> <!-- consider --> + <tr><th>plaid.com</th> + <td>✅</td><td>✅</td><td>✅</td> + <td>❌</td><td>some</td><td>❌</td> + <td>❌</td></tr> <!-- consider --> + <tr><th>shuftipro.com</th> + <td>✅</td><td>✅</td><td>❌</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>SumSub.com</th> + <td>✅</td><td>✅</td><td>✅</td> + <td>❌</td><td>❌</td><td>✅</td> + <td>❌</td></tr> + <tr><th>swiftdil.com</th> + <td>✅</td><td>✅</td><td>tricky</td> + <td>❌</td><td>❌</td><td>✅</td> + <td>❌</td></tr> + <tr><th>tokenoftrust.com</th> + <td>✅</td><td>weird</td><td>✅</td> + <td>❌</td><td>some</td><td>❌</td> + <td>❌</td></tr> + <tr><th>Trulioo.com</th> + <td>✅</td><td>❌</td><td>?</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>Ondato.com</th> + <td>✅</td><td>❌</td><td>?</td> + <td>❌</td><td>❌</td><td>✅</td> + <td>❌</td></tr> + <tr><th>onfido.com</th> + <td>✅</td><td>✅</td><td>?</td> + <td>❌</td><td>some</td><td>❌</td> + <td>❌</td></tr> + </table> + </p> + <h3>Not quite KYC Providers</h3> + <p> + Here is a list of identity management solutions we found + searching for KYC providers that don't actually do the kind + of KYC (with identity document verification and PEP list checks) + that would be needed. + Note that not offering KYC support with document validation + and PEP lists is a absolutely hard + criteria against the solution: we believe such providers + would not usually satisfy the legal requirements. + These providers + are only listed so that they do not get re-evaluated as they + came up in a search (and it took time to understand that + they do not actually offer KYC). + <table> + <tr><td></td> + <th>KYC?</th><th>Open API?</th><th>Web?</th> + <th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th> + <th>FLOSS server?</th></tr> + <tr><th>accubits/smart-kyc</th> + <td>❌</td><td>✅</td><td>✅</td> + <td>❌</td><td>✅</td><td>free</td> + <td>✅</td></tr> + <tr><th>Authlete.com</th> + <td>❌</td><td>✅</td><td>?</td> + <td>✅</td><td>n/a</td><td>✅</td> + <td>❌</td></tr> + <tr><th>Gluu.org</th> + <td>❌</td><td>✅</td><td>?</td> + <td>✅</td><td>?</td><td>free</td> + <td>✅</td></tr> + <tr><th>microblink.com</th> + <td>❌</td><td>❌</td><td>?</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>nomidio.com</th> + <td>❌</td><td>✅</td><td>?</td> + <td>✅</td><td>?</td><td>✅</td> + <td>❌</td></tr> + <tr><th>privo.com</th> + <td>❌</td><td>❌</td><td>?</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>scytales.com</th> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td><td>❌</td><td>❌</td> + <td>❌</td></tr> + <tr><th>Seon.io</th> + <td>❌</td><td>✅</td><td>❌</td> + <td>❌</td><td>❌</td><td>✅</td> + <td>❌</td></tr> + <tr><th>Signicat.com</th> + <td>❌</td><td>✅</td><td>✅</td> + <td>✅</td><td>?</td><td>❌</td> + <td>❌</td></tr> + </table> + </p> +</article> +{% endblock body_content %} |