Here at Valid Network, we have a lot of conversations about pretty weird stuff, and odds are, if you are reading this, you have at some point been on the other end of one of those conversations. The last conversation we had a couple of months back was about “who is, who we think we are talking about?(in web3)” sounds like a simple question but as we try to dive deeper into the questions, we realized it’s pretty complex.
As cyber security professionals we understand the concept of identity and the need to manage identities, but what do we do in a space that cherish anonymity and at the same time tries to work together with regulators to build the right frameworks to protect the laymen individuals and organizations that wants to participate in the space but are lacking the knowledge and tools to avoid being scammed.
We hear about new initiatives from U.S. regulators like the SEC and the CFTC. A couple of week ago we saw the new sanctions that the U.S. Department of the Treasury’s Office of Foreign Assets Control(OFAC) took against Torando Cash, the busiest mixer in the Ethereum ecosystem that plays a vital role in empowering anonymity in the web3 ecosystem.
Identity management is the organizational process for ensuring individuals have the appropriate access to technology resources, internally and externally. This includes the identification, authentication and authorization of a person, or persons, to have access to applications, systems or networks. This is done by establishing identities and associating them with specified user rights and restrictions.
For internal users there are procedures that organization take that begin prior to the employment agreement and followed with routine periodic checkups. But what do we do with external user?, for that exactly KYC(Know your customer) was defined.
KYC are a set of guidelines that are designed to protect financial institutions against fraud, corruption, money laundering and terrorist financing.
There are local laws, global initiatives and acts that unifies the KYC as a global best practice and industry standard.
- Establish customer identity.
- Understand the nature of customers’ activities and qualify that the source of funds is legitimate.
- Assess money laundering risks associated with customers.
Three components of KYC include the customer identification program (CIP), imposed under the USA Patriot Act in 2001;
- Customer due diligence (CDD).
- Ongoing monitoring or enhanced due diligence (EDD) of a
- Customer's account once it is established.
Today, KYC has become a standard and there are many technology and service providers like Chainalysis, TRM Labs, Eliptic and more that provide simple to use fully and semi-automated solutions where you ask about a potential customer, and you get an immediate response with all the relevant information that is needed for verification.
It is important to add that the tools today have strong dependencies on sanction lists, black list that are generated and maintained manually by highly skilled teams of researchers, analysts and the community support and as such are limited by nature.
Let’s take a step back and talk about one concept that seems frequently misunderstood and it’s identity vs. reputation. Identity is how we view ourselves; reputation is how others view us. When we talk about organizations and 3rd parties it translates into how the organization identifies an entity from within, this is the identity(customer) that we need to manage, the reputation of an entity is something that is much harder to manage as it is spread across the web with limited accessibility for us as it is created by our activities and behaviors over time and not by our characteristics.
Currently, most of the activity surroundingweb3 is engaging with crypto, defi and yes NFT as well. That means that most of the activity is financially oriented and by that most of the centralized organizations that are providing us the “door” to Defi must comply with regulations requirements if locally exist and some are investing heavily in self-regulation were the local regulators are still debating their approach towards the industry (a great source of knowledge about global regulation can be found here, thanks to SolidusLabs).
One of the valuable offerings of web3and decentralization in general is the immutability of data. It basically means that you can always “freeze” a scene like we do on Netflix, go back and see it over as if it was recorded. That also means that every account activity(transaction)is recorded. This allows us to understand an account activity over time and build the account reputation.
Web3 Account Reputation
Understanding the behavior of an account over time, which groups he is identified with?, what kind of trades?, liquidity pools that he like to use? or support?, type of assets? and his investment strategies? and many more characteristics, all of those are structuring what we call account reputation.
Account reputation is highly dynamic and can assist us in several different ways:
- Account Due Diligence
- Digital Research Intelligence
- Market Research
- Projects and Companies Research
- Audience Analysis for Projects and Companies
- Account Journey
- Decentralized Apps Intelligence
- Investor Intelligence
- Assets Intelligence
- Alternative Data
So, if you are interested in learning more about how we can assist you with your day today queries and efforts don't wait as I’m excited to share more, please reach out to me at firstname.lastname@example.org
Valid Data’s real-time and predictive insights are used by Cryptocurrency traders and exchanges, as well as investors and hedge funds, to make better investment and trading decisions, to protect the value of their digital assets, and to capitalize on market opportunities that only Valid Network’s technology can uncover.
Get crypto analysis, insights and updates right to your inbox! Sign up here so you don't miss a single newsletter.