zkKYC - Compliance Suite

Skip to the technical integration -> zkKYC - Compliance Suite


zkMe supports the verification of various user Credentials, each of these can be added and configured individually to the whitelisting program required by the service provider.

Available zkKYC Credentials

Tier 1

At the Tier 1 of zkMe's verification process, users are required to provide:

  • Proof-of-Personhood: This ensures the user is a real individual.

  • Liveness check: This verifies the user is a living person and not a bot or using a fake identity.

  • Uniqueness check: This ensures that the user is not already registered in the system, preventing duplicate accounts.

Full homomorphic encryption is implemented here to protect users' faceprint privacy, for more details, please check CKKS Homomorphic Encryption.

Tier 2

The Tier 2 includes all the requirements of the Tier 1, plus:

  • Proof-of-Citizenship: Verification of the user's legal status in a given country.

  • Anti-Money Laundering (AML) profile check: These checks are designed to prevent financial crimes.

  • Transaction Monitoring (KYT) profile check: Analysis of user's transaction behavior for any suspicious patterns.

  • ID document verification: Requires users to provide a valid ID as proof of their identity.

  • Adulthood check: Verification that the user is of legal age in their jurisdiction.

  • PEP (Politically Exposed Persons) / Sanction Lists: Checks to see if the user is on any international sanction lists or is classified as a PEP.

  • Adverse Media: Screening of global media sources to identify any negative news about the user.

Private Set Intersection and zero knowledge proofs are implemented here to protect users' demographic data privacy.

Tier 3

The Tier 3 includes all the requirements of the Tier 2, plus:

  • Accredited Investor Verification: Verification that the user meets the criteria to be classified as an accredited investor, typically requiring certain income levels or net worth (on-chain).

The add-ons supplement each level of verification by requiring additional data or conducting extra checks. The specific requirements and levels of verification can differ based on the add-ons chosen and zkMe's policies, which are designed to comply with relevant laws and regulations. Users should refer to zkMe's specific KYC policy for exact details.

Success criteria for onchain compliance

The core spirits of web3 are decentralization and data autonomy, which can make the implementation of traditional KYC processes challenging, as they often require the collection and storage of personal data, which goes against the core principles of web3. However, ZKPs-based KYC offers a solution to this challenge, providing a way to verify users' identities while still maintaining data autonomy and decentralization.

Here are some of the key business requirements for implementing ZKPs-based KYC in the web3 ecosystem:

  • Privacy: With ZKPs-based KYC, businesses can verify users' identities without requiring them to disclose their personal information. This can help to protect users' privacy, as their data is not stored on a centralized server or shared with third parties.

  • Regulatory Compliance: Many businesses operating in the web3 ecosystem are subject to regulatory requirements, such as anti-money laundering (AML) and know-your-customer (KYC) regulations, incl. Identity recovery capabilities for at least five years after the completion of a service relationship given reasonable suspicion and regulatory intervention, and the need for travel rule of KYC data among financial institutions. ZKPs-based KYC can help businesses comply with these regulations while still maintaining the decentralized and autonomous nature of the web3 ecosystem.

  • Security: By implementing ZKPs-based KYC, businesses can enhance security and reduce the risk of fraud, identity theft, and other malicious activities. The use of ZKPs allows for secure identity verification without the need for centralized identity repositories, which can be a target for attackers.

  • Efficiency: Traditional KYC processes can be time-consuming and expensive, which can create a barrier to entry for some businesses. ZKPs-based KYC can improve efficiency by reducing the time and cost associated with verifying user identities.

  • User Experience: With ZKPs-based KYC, users can enjoy a more seamless and user-friendly experience when accessing web3 applications and services. The process of identity verification is simplified, reducing the friction that can sometimes exist with traditional KYC processes.

Issues with traditional third-party eKYC solutions

  • Privacy Issues: Integrating a third-party KYC solution means sharing users' personal information with a third-party, which could lead to privacy breaches.

  • Data Ownership Issues: In a third-party KYC solution, users' source files might be owned and controlled by the third-party, which goes against the principle of user data ownership in web3.

  • Decentralization Issues: If a decentralized application integrates a third-party KYC, then that application becomes a centralized platform, contradicting the principle of decentralization in web3.

zkMe's zkKYC design philosophy

  • Personal Data Protection: In a zero-knowledge proof (ZKP) system, users can verify certain attributes about themselves without revealing raw data. This approach protects user privacy, and users have full control over their own data. This aligns perfectly with the web3 philosophy of decentralization and user sovereignty.

  • Regulatory Compliance: In situations where KYC/AML checks are necessary, zero-knowledge proofs can provide a solution that balances regulatory compliance with privacy. Users can prove they meet KYC/AML requirements without revealing personal information to service providers.

  • Data Recoverability: As users control their own data in a zero-knowledge system, they can recover and migrate their data if there are issues with the system or service provider.

Crypto regulations

The regulatory framework for KYC/AML compliance in web3 is still developing. Some countries have started to implement regulations specific to web3 technologies, while others have issued guidance or are in the process of developing regulations.

Other countries and districts, such as Switzerland, the United Kingdom, Hong Kong, Singapore, and Japan, have or are about to implement regulations specific to web3.

Last updated