It seems that cryptocurrency exchanges and wallet companies are about to get a solution for one of their most pressing problems in the coming days. The problem, which came in the form of a “Travel Rule” from the Financial Action Task Force (FATF), created a difficult situation for crypto-related companies. And the question was: how to securely share KYC data and payment details of users without compromising on privacy?
Fortunately, blockchain-forensics startup CipherTrace has found the answer.
The company published a whitepaper that claims to offer a solution for secure transfer of user data between wallet service providers and exchanges. It will be an open-source software, and they’re calling it Travel Rule Information Sharing Architecture (TRISA).
Moreover, it will also not require too much computing power to work, as its reference implementation isn’t too heavy according to the company’s CMO John Jefferies. Reference implementation refers to a basic version of the software that can be modified by the companies to suit their requirements.
The solution will work by generating an extended validation know-your-VASP certificate. All exchanges that integrate TRISA will generate this certificate for themselves, and those certificates will be verified by a trusted certifying authority (CA), much like SSL and code signing certificates. The purpose of these certificates is to help companies ensure that they’re exchanging information with the right counterparty. Once this is confirmed, the job is half done.
The exchange requesting user information from another exchange will send a transaction request to that exchange along with its certificate. Upon reception of this request, the receiving exchange will check the certificate of the sender, and will make a decision to either accept the transaction or reject it (in case of a blacklisted exchange). If rejected, the receiving exchange can convey this decision to the requesting exchange by sending a receipt. But if a transaction request is accepted, its receiving exchange will send the requested data to the requesting exchange over a secure connection.
Both parties involved in this transaction should ensure that they have secure and reliable communication links set up between them for exchange of information. It’s much like SSL, and since half of the websites are running SSL, it’s neither prohibitively expensive nor resource hungry.
What is the Travel Rule?
In case you don’t know about the Travel Rule which has been imposed on crypto companies by FATF, it’s a rule that asks VASPs around the world to hold sensitive user data like payment details and KYC information not only about their own customers but also about the people/entities with whom their customers are transacting.
For instance, Binance doesn’t only need to hold this data for its own customers, but also for the customers of other exchanges because cross-exchange transactions are common in crypto. Users of a particular exchange don’t trade with the users of that particular exchange only – they also trade frequently with users of other exchanges.
Obviously, this requires exchanges to share transaction data and KYC data with each other. And that is going to be a challenge.