So let me just throw this out there.
Rather than individual financial services firms doing Know Your
Customer. How about a solution based on OpenID and OAuth.
A new customer wants to sign up with a financial service provider:
1. User logs in to financial service provider using openid (http://openid.net)
2. An account with limited rights is created
3. The user is then redirected to an independent financial service
provider of his choice using the OAuth Token Dance (http://oauth.net)
4. The "Know Your Customer" (KYC) logs the user in using openid
5. KYC provider asks the user if he/she wants to share their personal
information with the financial service provider.
6. If User has already registered once with KYC provider the user is
redirected back to financial service provider who can now access a
hcard page of users details
7. If User has not registered with KYC before the KYC process starts.
See comment below.
8. User is redirected back to financial service provider
9. When KYC process is complete it pings the Financial Service
Provider to let it know the data is available
10. When FSP has KYC data they lift restrictions on account
KYC companies could offer a service where they use whatever technique
is best in their country to perform Know Your Customer. In some
countries this could be using national Identity cards. In others it
could be scanning and uploading id and proof of address.
Any one have any comments? Anyone would like to try starting a KYC
provider in your country?
--
http://agree2.com - Reach Agreement!
http://extraeagle.com - Solutions for the electronic Extra Legal world
http://stakeventures.com - Bootstrapping blog
Just to get this straight, what's your definition of an FSP?
Would this for example only be banks (and other institutions handling
the flow of money) or also shops or other endpoints that offer
products and services for money?
I also initially thought that your proposal with OpenID and OAuth
would primarily provide an advantage for the customer because
his personal data are safe. But you seem to imply that this would
also be a benefit to the FSPs?
Leslie
On Mon, Jul 6, 2009 at 6:59 PM, Leslie P.
Polzer<leslie...@googlemail.com> wrote:
> I can't remember Paypal asking proof of my identity like other banks
> need to do here in Germany (i.e. via ID card). Do you know why that
> could be?
They invented a system where all they need for normal personal
accounts is the verification of a bank account or credit card. They
perform a small transaction with a random amount to verify you and
thereby know you.
This depends on them having direct links to the banking system in each
country where they support this. For a business account they now
require ID and proof of address. At least they had me upload faxed
copy of passport and proof of address on the Danish version the other
day.
Depending on the country, I think they change the rules.
> But isn't it also in the interest of FSPs to know that their customer
> really exists, and that customers are not holding duplicate accounts?
The KYC provider would still have to provide this information to the
FSP. However they don't need to go through the process themselves and
customize the process for each country.
> Apart from that I roughly got it now what KYC is about.
It is a really annoying subject that unfortunately doesn't make a lot
of sense, but hey we are forced to do so. I'll see what I can find
about EU legislation. The US KYC legislation is mainly in the Patriot
act as far as I remember.
> From that I deduce that it's much easier to do this in the country
> one is living in because becoming a KYC provider means knowing
> the appropriate laws of the country.
Absolutely. It's the perfect application to outsource locally.
>
> Now let's say I'm interested in becoming an independent
> OAuth KYC provider. What needs to be done?
>
> * get to know the laws (this could be hard if you're not a lawyer
> and cannot afford one)
>
> * write software
>
> * market it to the FSPs
>
> I think I could only perform the second step really well.
You are right about these 3 points.
We should probably set up a wiki where we can do research on the local
laws. You might be able do a fair amount of research yourself by
contacting the relevant authorities in Germany. And then just have a
lawyer check it over.
Software you're right is probably the easiest for all of us.
Marketing I don't think would be that hard. In the beginning the agile
banking community is likely to be fairly small and we will likely all
know each other. So don't let that stop you.
I'd love to see you make a go at it. Even if you wrote the software
you might be able to find a partner with legal background later on.
P
I find it curious that resolving the banking crisis using open source
software seems to involve supporting the state and the banking cartel
that caused the crisis through the use of perfidious "know your
customer" and "know your customer's customer" invasions of privacy to
the nth level.
Perhaps I have been invited to participate with statists and others
who support the death machine that slaughters children in many
countries for the benefit of arms merchants (death merchants) and
banking gangsters.
The laws that limit access to the banking industry include the know
your customer laws, and are designed not to be of service in combating
fraud, nor theft (which private associations in the alternative
currency business have been doing for years, and at which they have a
much better proven track record) but to limit the competition for the
banking gangsters, interfere with financial privacy, and provide
pretexts for attacking innocent parties.
Planetary Jim wrote:
>> openkyc.org should become a place to advertise open-source KYC
>> frameworks and service providers.
>
> I find it curious that resolving the banking crisis using open source
> software seems to involve supporting the state and the banking cartel
> that caused the crisis through the use of perfidious "know your
> customer" and "know your customer's customer" invasions of privacy to
> the nth level.
Well..... this is a compromise between the completely closed banking
system we have now, and an open and transparent one bounded by the
current regulations.
> I find it curious that resolving the banking crisis using open source
> software seems to involve supporting the state and the banking cartel
> that caused the crisis through the use of perfidious "know your
> customer" and "know your customer's customer" invasions of privacy to
> the nth level.
I'm not sure how to judge the current state of affairs, but
I definitely know that Open and Independent KYC providers can make
it more transparent and the customer's personal data more safe.
> The laws that limit access to the banking industry include the know
> your customer laws, and are designed not to be of service in combating
> fraud, nor theft (which private associations in the alternative
> currency business have been doing for years, and at which they have a
> much better proven track record) but to limit the competition for the
> banking gangsters,
From what little I know KYC primarily exists to prevent money
laundering, not to prevent theft and fraud.
I do agree that KYC laws are a barrier to FSPs, but Open KYC
is obviously designed to lower this barrier.
And there are much worse barriers to becoming an FSP, like the
insanely high sums of money you have to show up with before
they grant you bank status.
> interfere with financial privacy, and provide pretexts for attacking
> innocent parties.
We're getting to blanket statements here. KYC is definitely a privacy
topic, but how can Independent KYC invade financial privacy?
Currently KYC is tied closely to FSPs, which is bad. We're trying
to change that by untangling the KYC part, thus removing all
financial data from the KYC provider.
Leslie
And what is money laundering? It is the state making possession of
money from certain kinds of ventures illegal. Or, it is a war on the
people.
> I do agree that KYC laws are a barrier to FSPs, but Open KYC
> is obviously designed to lower this barrier.
Then I don't understand how.
> And there are much worse barriers to becoming an FSP, like the
> insanely high sums of money you have to show up with before
> they grant you bank status.
You have to show up with less insanely high funds to become a credit
union. However, the presence of idiotic and insane laws does tend to
confirm that there is a cartel operating in restraint of trade with
government support.
This does not encourage me to want to work with people who are
foolishly pursuing a strategy of obedience to the law. Obeying the
laws is no defense.
> We're getting to blanket statements here. KYC is definitely a privacy
> topic, but how can Independent KYC invade financial privacy?
KYC is definitely a privacy topic, or, rather, an invasion of privacy
topic. How can independent KYC avoid invading privacy? What does
making it independent, or open source, do to change the fundamental
premise that KYC is itself an invasion of privacy?
> Currently KYC is tied closely to FSPs, which is bad.
And current financial services providers are bad.
> We're trying
> to change that by untangling the KYC part, thus removing all
> financial data from the KYC provider.
I don't understand how the proliferation of KYC providers enhances
anyone's privacy.
It seems to me that the banking institutions, including the credit
unions and all other financial services providers, have a big sign
over the door that says, as it were, "abandon all privacy ye that
enter here."
Re-arranging the furniture at Auschwitz doesn't impress me.
> And what is money laundering? It is the state making possession of
> money from certain kinds of ventures illegal. Or, it is a war on the
> people.
How do you decide when a law is 'war on the people' and when it
is not?
>> I do agree that KYC laws are a barrier to FSPs, but Open KYC
>> is obviously designed to lower this barrier.
>
> Then I don't understand how.
Because small FSPs can outsource the KYC part to another company
instead of doing expensive research and setup of local facilities.
> You have to show up with less insanely high funds to become a credit
> union. However, the presence of idiotic and insane laws does tend to
> confirm that there is a cartel operating in restraint of trade with
> government support.
I also believe that there's a bunch of oligopolies in the trade
and finances sectors.
> This does not encourage me to want to work with people who are
> foolishly pursuing a strategy of obedience to the law. Obeying the
> laws is no defense.
No, but adopting a gradual and sensible approach is.
>> We're getting to blanket statements here. KYC is definitely a privacy
>> topic, but how can Independent KYC invade financial privacy?
>
> KYC is definitely a privacy topic, or, rather, an invasion of privacy
> topic. How can independent KYC avoid invading privacy?
Please read my statement again. Note that I'm making a difference
between general privacy (e.g. personal data) and financial privacy
(e.g. limits or accounts).
> What does making it independent, or open source, do to change the
> fundamental premise that KYC is itself an invasion of privacy?
* Ideally independent KYC would give you the opportunity to choose
among several KYC providers in competition -- if you wish based
on the amount of data they collect and relay, assuming that some
of them are more frugal with your data than others, of course.
* Independent KYC means that the full data necessary to complete
the KYC process is only available to the KYC provider. The FSP
doesn't need to get all that data, or ideally none of it except
for the confirmation that you've completed the KYC process.
* Open KYC means that your data is more secure. By opening
processes and software we can no longer rely on intransparency
to hide our security flaws.
> Re-arranging the furniture at Auschwitz doesn't impress me.
I think that metaphor is inappropriate.
Leslie
This group is by and about nationalist socialists being mainstream and
supporting the establishment's ability to steal money from everyone
and be a boot smashing a human face forever. If you want to be a part
of this group, shut up about children being slaughtered in foreign
countries by the war machine.
And go fuck yourselves.
I agree with your take on the state, Jim, but gummint KYC is a reality
for anybody who wants to do money transfer without running immediately
afoul of various gangs of thugs with badges. As long as that part of
the KYC protocol is separate from what's actually going to be required
for some people to be willing to do business, as it appears it is, I
won't require everybody to either operate underground or not operate
at all.
That's obviously how you've decided to operate, but not everybody has
your courage or convictions.
-Bill