1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
|
{% extends "common/base.j2" %}
{% block body_content %}
<main id="maincontent">
<article class="container">
<h1>KYC providers</h1>
<p>
GNU Taler operators need to satisfy regulatory requirements in terms
of Know-your-customer (KYC) regulation and risk assessment (which
usually starts with checking for politically exposed persons (PEPs)).
KYC usually requires at the minimum for the customer to upload some
identity documents, which then must be verified. KYC often also
requires some kind of lifeness checks to ensure that the owner of the
documents is the one passing the documentation along.
To this end, we have tried to find KYC "solutions" that would
help us address this.
</p>
<p>
Naturally, the goal is to do this with Free Software. However, all
of the solutions we found so far are proprietary
<a href="https://www.gnu.org/philosophy/who-does-that-server-really-serve.html">SaaSS</a>.
If you know of a solution that is actually Free Software, we would be
eager to hear from you.
</p>
<p>
In the absence of a proper FLOSS solution, we have looked at other
important criteria, such as the solution offering at least FLOSS
integration on the client-side, having an open API specification
(no NDA!), or even supporting a standard API. Technically, we
also need the KYC provider to work nicely over the
Web (not just with a smartphone), and from a business perspective
we like transparent pricing (alas, this is the least important
point).
</p>
<h3>Criteria Summary</h3>
<p>
Thus, these are the key evaluation criteria we have:
<ul>
<li>Supports collecting and validating KYC information, including PEP lists and ID documents from Europe
</li>
<li>Open API specification (no NDA, directly on web site)
</li>
<li>Web interface support (no required app-only integration, can run KYC process just in a browser)
</li>
<li>Supports standard open API (OpenID, OIDC, etc.)
</li>
<li>Client-side code is FLOSS (no proprietary JavaScript and/or FLOSS app integrations)
</li>
<li>Transparent pricing (prices not only upon inquiry)
</li>
<li>Server-side is fully FLOSS (not SaaSS)
</li>
</ul>
The list is not intended to be complete. Other criteria would include where
data is hosted, and how privacy-friendly the solution is overall (e.g. is
additional data collected, can profiles be easily deleted, etc.). However,
already the above list narrows down the field to basically nobody.
</p>
<h3>Supported Providers</h3>
<p>
These are the KYC solutions for which a GNU Taler integration is
available or under active development:
<table>
<tr><td></td>
<th>KYC?</th><th>Open API?</th><th>Web?</th>
<th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th>
<th>FLOSS server?</th></tr>
<tr><th><a href="https://git.taler.net/challenger.git/">Challenger</a></th>
<td>❌</td><td>✅</td><td>✅</td>
<td>✅</td><td>✅</td><td>free</td>
<td>✅</td></tr>
<tr><th>kycaid.com</th>
<td>✅</td><td>✅</td><td>✅</td>
<td>❌</td><td>❌</td><td>✅</td>
<td>❌</td></tr>
<tr><th>withpersona.com</th>
<td>✅</td><td>✅</td><td>✅</td>
<td>❌</td><td>some</td><td>some</td>
<td>❌</td></tr>
</table>
<a href="https://docs.taler.net/taler-challenger-manual.html">Challenger</a>
is our own home-brewed address validation service
(under development); it doesn't actually do real KYC by our
definition, but may still be useful in some legal scenarios.
We additionally selected KYCAID and WithPersona for our
first implementations as they seem closest to our objectives
(see below for lists of other providers we considered),
and we needed <em>some</em> KYC support.
That said, there is room for improvement for both of these
solutions towards respecting their users' freedom.
</p>
<p>
Adding support for additional KYC providers largely requires
implementing a KYC plugin, that is a shared library exporting
the <a href="https://git.taler.net/exchange.git/tree/src/include/taler_kyclogic_plugin.h">
KYC plugin API</a>. If you need help implementing additional
KYC adapters, please do not hesitate to contact
<a href="https://taler-systems.com/en/company.html#contact">us</a>, we will
be happy to support your efforts!
</p>
<h3>Other providers</h3>
<p>
Here is a list of other KYC solutions we have found and evaluated against the
criteria above.
<table>
<tr><td></td>
<th>KYC?</th><th>Open API?</th><th>Web?</th>
<th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th>
<th>FLOSS server?</th></tr>
<tr><th>Actico.com</th>
<td>✅</td><td>❌</td><td>?</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>iDenfy.com</th>
<td>✅</td><td>✅</td><td>✅</td>
<td>❌</td><td>some</td><td>❌</td>
<td>❌</td></tr>
<tr><th>idnow.io</th>
<td>✅</td><td>✅</td><td>✅</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>idscan.net</th>
<td>✅</td><td>✅</td><td>❌</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>jumio.com</th>
<td>✅</td><td>❌</td><td>?</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>kyc2020.com</th>
<td>✅</td><td>❌</td><td>✅</td>
<td>❌</td><td>❌</td><td>✅</td>
<td>❌</td></tr> <!-- consider -->
<tr><th>metamap.com</th>
<td>✅</td><td>✅</td><td>✅</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>passbase.com</th>
<td>✅</td><td>✅</td><td>✅</td>
<td>✅</td><td>❌</td><td>✅</td>
<td>❌</td></tr> <!-- consider -->
<tr><th>plaid.com</th>
<td>✅</td><td>✅</td><td>✅</td>
<td>❌</td><td>some</td><td>❌</td>
<td>❌</td></tr> <!-- consider -->
<tr><th>shuftipro.com</th>
<td>✅</td><td>✅</td><td>❌</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>SumSub.com</th>
<td>✅</td><td>✅</td><td>✅</td>
<td>❌</td><td>❌</td><td>✅</td>
<td>❌</td></tr>
<tr><th>swiftdil.com</th>
<td>✅</td><td>✅</td><td>tricky</td>
<td>❌</td><td>❌</td><td>✅</td>
<td>❌</td></tr>
<tr><th>tokenoftrust.com</th>
<td>✅</td><td>weird</td><td>✅</td>
<td>❌</td><td>some</td><td>❌</td>
<td>❌</td></tr>
<tr><th>Trulioo.com</th>
<td>✅</td><td>❌</td><td>?</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>Ondato.com</th>
<td>✅</td><td>❌</td><td>?</td>
<td>❌</td><td>❌</td><td>✅</td>
<td>❌</td></tr>
<tr><th>onfido.com</th>
<td>✅</td><td>✅</td><td>?</td>
<td>❌</td><td>some</td><td>❌</td>
<td>❌</td></tr>
</table>
</p>
<h3>Not quite KYC Providers</h3>
<p>
Here is a list of identity management solutions we found
searching for KYC providers that don't actually do the kind
of KYC (with identity document verification and PEP list checks)
that would be needed.
Note that not offering KYC support with document validation
and PEP lists is a absolutely hard
criteria against the solution: we believe such providers
would not usually satisfy the legal requirements.
These providers
are only listed so that they do not get re-evaluated as they
came up in a search (and it took time to understand that
they do not actually offer KYC).
<table>
<tr><td></td>
<th>KYC?</th><th>Open API?</th><th>Web?</th>
<th>Standard API?</th><th>FLOSS client?</th><th>Pricing?</th>
<th>FLOSS server?</th></tr>
<tr><th>accubits/smart-kyc</th>
<td>❌</td><td>✅</td><td>✅</td>
<td>❌</td><td>✅</td><td>free</td>
<td>✅</td></tr>
<tr><th>Authlete.com</th>
<td>❌</td><td>✅</td><td>?</td>
<td>✅</td><td>n/a</td><td>✅</td>
<td>❌</td></tr>
<tr><th>Gluu.org</th>
<td>❌</td><td>✅</td><td>?</td>
<td>✅</td><td>?</td><td>free</td>
<td>✅</td></tr>
<tr><th>microblink.com</th>
<td>❌</td><td>❌</td><td>?</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>nomidio.com</th>
<td>❌</td><td>✅</td><td>?</td>
<td>✅</td><td>?</td><td>✅</td>
<td>❌</td></tr>
<tr><th>privo.com</th>
<td>❌</td><td>❌</td><td>?</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>scytales.com</th>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td><td>❌</td><td>❌</td>
<td>❌</td></tr>
<tr><th>Seon.io</th>
<td>❌</td><td>✅</td><td>❌</td>
<td>❌</td><td>❌</td><td>✅</td>
<td>❌</td></tr>
<tr><th>Signicat.com</th>
<td>❌</td><td>✅</td><td>✅</td>
<td>✅</td><td>?</td><td>❌</td>
<td>❌</td></tr>
</table>
</p>
</article>
{% endblock body_content %}
|
