denzuko
commented
1 year ago Summary:
Given the current state of dApp being riffled with fraudently activity and the need to comply with BSA, FATF, and FinCEN governence. Plus with the fractal nature of microservices/cms/dApp/infra/etc. One source of truth for IDM, AuthN and AuthZ is needed to remain agile, secure, and operational.
Problem:
https://medium.com/9yards/web3-has-an-identity-problem-building-decentralized-identity-7d8219a992db https://subscription.packtpub.com/book/data/9781787122147/1/ch01lvl1sec9/user-identity-in-dapps
Governence:
https://shuftipro.com/knowledgebase/know-your-user/
Compliance Obligations for User Onboarding
Financial regulators like European Union, FinCEN and FATF require online businesses to invest in better compliance practices to take down cybercrime. These regulations help businesses fight fraud and seek reputation as a verified entity which creates a better brand image. Some laws which emphasize on secure user onboarding are listed below:
The Bank Secrecy Act (BSA) that is a federal law in the US requires all banking entities to verify their users before onboarding. Any suspicious transactions or activity performed by the end-user should be reported to the Financial Crimes Enforcement Network (FinCEN).
The AML directives by the European Union also require online businesses to conduct secure user onboarding and AML Monitoring.
The AMLA in France, Anti Money Laundering Act, lists identity verification laws for customers of financial enterprises.
User verification regulations for financial entities are stated in the Money Laundering Act (MLA) of the UK
Australia’s AML/CFT Act has also published AML/KYC guidelines to verify user identities of corporate customers.
Businesses that need KYU
Know Your User allows a wide array of industries to benefit from safe user onboarding and prevent cybercrime. Some of them are listed below:
Financial Industry including banks, insurance firms, payment services, brokerage houses, Non-banking Financial Companies (NBFCs), etc Fintech businesses such as digital payment solutions, online mortgage providers, Virtual Asset Service Providers (VASPs) Hospitals, online care centres, pharmaceuticals providers, and other healthcare facilities Online gaming platforms Peer-to-peer economy Travel Industry Real estate
Other KYU (UX/CX/BI)
Solution
Auth0 with id.me, pangea (is proxy, is embargo, IP check, and Validate Registration), Sign-in with Ethereum, and 2fa https://marketplace.auth0.com/integrations/idmecommunity https://marketplace.auth0.com/integrations/pangea-is-proxy https://marketplace.auth0.com/integrations/siwe https://marketplace.auth0.com/integrations/pangea-embargo-check https://marketplace.auth0.com/integrations/pangea-validate-registration
Auth0 is the central SSO for the entire system; with aggration from Google Workspace and Ether wallets. By using Auth0 we're able to tie in the CMS, CRM, the dApp, and RBAC in a single managed source. Budget looks to be within the Free plan of less than 7,000 unique Monthly Active Users and scalling to $228/mo. for up to 10,000 Monthly Active Users. Pricing is on sliding scale.
Given the current state of dApp being riffled with fraudently activity and the need to comply with BSA, FATF, and FinCEN governence. Plus with the fractal nature of microservices/cms/dApp/infra/etc. One source of truth for IDM, AuthN and AuthZ is needed to remain agile, secure, and operational.
Scenario: Implement Auth0 for logins