Identity Verification

Identity verification is a cornerstone of the Plume ecosystem, as the first line of defence against bots, criminals, and other malicious entities. Many asset issuers have specific compliance requirements for their real-world assets, including Know Your Customer (KYC), Know Your Business (KYB), and accredited investor checks.

Plume will be integrating with a variety of different identity verification providers for our mainnet launch, allowing users to pass KYC and Sybil resistance checks, and allowing asset issuers to require these checks on users before trading certain assets. We're particularly excited about novel advances in zero-knowledge proofs (ZK), decentralized identifiers (DID), and fully homomorphic encryption (FHE), and are actively seeking out partnerships with companies building cutting-edge identity technology.

What Are Identity Verification Requirements?

Know Your Customer (KYC): This is a set of practices, guidelines, and regulations that require financial services companies to verify the identity of individual users. KYC processes are critical in preventing identity theft, financial fraud, money laundering, and terrorist financing, all issues which have even higher stakes on a permissionless blockchain. Modern KYC platforms not only collect and verify personal information like name, date of birth, address, and government-issued ID, but also perform video verification, matching biometric markers on a user's government-issued ID to a live video feed. Users do not have to pass KYC checks to interact with the Plume network, but individual asset issuers, onramps, and alternative trading systems on Plume may require KYC checks for their own users.

Know Your Business (KYB): Similar to KYC, this is a set of practices, guidelines, and regulations that require financial services companies to verify the identity and legitimacy of businesses. Plume conducts KYB checks on businesses that wish to onboard real-world assets through the Plume admin dashboard. Users do not have to pass KYB checks to interact with the Plume network.

Sybil Resistance: Malicious actors can conduct Sybil attacks, where a single person or small team generates a large number of fake identities, bot accounts, or wallet addresses, then pretends to be many more people than they actually are. Plume works with identity verification providers to implement Sybil resistance mechanisms such as liveness checks and face matching. Asset issuers can use Sybil resistance checks to make sure each of their users is a real unique human, without requiring personally identifiable information (PII) like in a full KYC process.

Accredited Investor Checks: The United States Securities and Exchange Commission (SEC) allows asset issuers to make securities offerings that are exempt from registration in a limited set of scenarios. There are two types of offerings—public and private. Read our breakdown of primary offerings for more detail.

pagePrimary Offering & Secondary Trading

In the majority of cases that deal with both types of offerings, the asset issuer must check that all transactions on Plume are conducted by accredited investors. There are various ways to become an accredited investor, including having a net worth of over $1,000,000 (not including your primary residence), or having an individual income above $200,000 for both of the last two years. See 17 CFR § 230.501(a) for the official definition under Title 17 of the Code of Federal Regulations.

Identity Verification Providers

Plume is in active discussions with a diverse array of leading identity verification providers, including new startups that are experimenting at the cutting edge of cryptographic technology:

  • Persona: A popular KYC provider for fintech and consumer tech startups, with advanced fraud prevention algorithms. Used by Square, LinkedIn, and Twilio.

  • Sumsub: A fully-featured KYC provider with liveness checks, address checks, and KYC/KYB/AML features. Used by many cryptocurrency exchanges, such as Binance, ByBit, and Bitget.

  • Parallel Markets: An identity verification provider for banks and funds serving high-value clients, providing KYC, KYB, and accredited investor checks. Used by Goldfinch, Allocations, and Ava Labs.

  • Quadrata: A digital passport service that mints an onchain soul-bound token for passing KYC, KYB, AML, and accredited investor checks. Used by TrueFi and the Spruce subnet on Avalanche.

  • Gateway: A platform that gives users sovereignty over their own data, allowing KYC providers to issue private data assets that users can carry around to verify their identity with different dapps.

  • Ankr Verify: An identity verification solution from Ankr, a leading blockchain node provider, which integrates various KYC providers and brings their attestations onchain using zero-knowledge proofs.

Identity Verification on Plume

For our mainnet launch, Plume will partner with a large selection of identity verification providers. Most of these providers will require the same standard set of PII:

  • First name

  • Last name

  • Date of birth

  • Country of birth

  • Current residential address

  • Front and back image of government-issued ID

  • Biometric face scans using live mobile video

Identity verification providers that offer additional services like KYB and accredited investor checks will require additional information and documents attesting to the legitimacy of the business entity and proving the user's accredited investor status.

Plume will provide an open-source service that anyone can host permissionlessly. Operators of this service can individually integrate with Plume's KYC partners, and this service will provide the following features:

  • Decentralized frontend interface with a list of all supported KYC partners

  • Opt-in pass-through authentication that re-uses KYC info for other providers and ancillary services

  • Backend webhook endpoint that receives KYC data from our partners

  • Automatic publishing to onchain attestation registries

Here is an example user story as a user goes through the full KYC flow:

  • Users will be able to click on their desired KYC partner in the decentralized frontend interface,

    • Users will go through the KYC flow in the corresponding embedded widget

  • Users can opt into storing their KYC data in the backend database of this service

    • These users can then send this KYC data automatically to other providers and ancillary services that support uploading of PII via API, and do not have any live mobile video face scans

    • For example, users will be able to onboard with some of our onramp providers without going through a separate, second KYC flow

  • The current status of the user's KYC check will be sent by our KYC partners to a backend webhook endpoint, which can trigger automatic actions in response

  • Proof of the user's KYC status can be automatically uploaded onchain in a variety of formats, including potentially confidential formats:

    • We are deploying the Ethereum Attestation Service as a custom precompile, with modifications to the underlying execution engine to reduce gas costs on contract calls to retrieve identity attestation info

    • We are developing a custom time-bound, soul-bound token format that composable DeFi apps can use to verify identity onchain

    • We are currently working with companies working on the cutting edge of ZK and FHE technology, which would allow us to attest to KYC status without revealing additional PII

    • We have implemented the ERC-3643 standard of tokens for regulated exchanges in our asset issuance process

Asset issuers that choose to tokenize their asset as an ERC-3643 token on the upcoming Plume Dashboard will use the ONCHAINID system to verify which users are allowed to trade their tokens. These asset issuers must also pass KYB checks operated by Plume before deploying restricted real-world assets. Of course, anyone is free to deploy non-restricted tokens, like NFTs representing collectibles, in a permissionless way directly onchain.

Best Practices

  • Regularly review the security protocols of your chosen identity verification provider.

  • Keep your identity safe and secure, and conduct periodic reviews for any potential PII leaks.

  • Never submit your personal information to any website without verifying its authenticity.

  • Use zero-knowledge proofs and other privacy-preserving technology whenever possible to encrypt your onchain data.

Undergoing KYC checks is not a prerequisite of participating in the Plume network. However, due to the compliance requirements that each asset issuer faces in their own jurisdiction, users with verified identities will have access to a much larger range and variety of onchain activities.

Last updated