Scalable ID verification (KYC)

[dckc]

Originally discussed March 17:

JK observed a possibility of 20K sign-ups by end of year... maybe 200 per day? outsource? scale up in-house? @AyAyRon-P recently went through several KYC processes with features we would do well to adopt. He also noted "some of the more common issues ... moderating the telegram channel: the KYC process for membership especially with regards to document uploading" https://github.com/rchain/bounties/issues/291#issuecomment-369296566

• @AyAyRon-P , @ian-bloom to look into outsourcing options
  • what do biggest exchanges use?
    • GDAX (coinbase)
    • binance

cc @kitblake and see https://github.com/rchain/bounties/issues/511#issuecomment-376228443

[kitblake]

[Comment transposed from #446 and #511, @AyAyRon-P maybe you can do the same] @AyAyRon-P +1 Personally I'd be very much in favor of using a service for the KYC.

This as opposed to rolling our own (again). Also because the service will be maintained and kept up-to-date, something we'd always be behind on if we build it in-house.

I recently did KYC for Kora Network and they're using one of these services. It was obviously advanced. When I uploaded my ID it came back with the message "Glare detected", which was true, I used scotch tape to flatten it and the tape had glare. Then I had to upload a selfie. I used an old one and it got rejected with the message "Two faces detected in the selfie". That was also true, it was a selfie of me with id.

The big advantage of using these services is they drastically reduce our overhead.

(But imho we can still enforce the "appear in video if you wanna participate in Discord" ourselves.)

[makys]

@AyAyRon-P , @kitblake do you know the actual solutions you would like for us to consider. It might be good to evaluate the features.

At this time, I don't know that we would consider deploying a solution for this exercise; that said we could do the ground work now and be prepared for when we will have to consider this.

We have to at some point take inventory of all the solutions that is in use in the coop because we have to be mindful of how we share members PII with all these third parties.

[kitblake]

Work is happening in #595 on the member.site. Content is being assembled.

It's still not clear is what we're going to do with the payment/KYC app. My thinking is it will be an external application, meaning that when a user decides to join the Co-op and register, they will leave the member.site temporarily and get sent to an external application that does the payment and KYC.

This would be similar to the payment on an ecommerce site; the user gets sent to the payment provider, completes the process, and when it's all done gets returned to the shopping site. In our case we'd need a "Welcome to the Co-op" confirmation page.

I'm hoping we'll choose one of the above solutions which will solve the complex problem set and allow us to scale as well.

This overlaps several departments of the Co-op and I'm not sure who is or should be driving it.

[kitblake]

If you register for the Holochain ICO at https://ico.holo.host/ You'll find a completely automated, webcam driven, ID and photo KYC app provided by https://veriff.me/ Worked for me..

[kitblake]

Following up on yesterday's Greeter WG meeting, in which I noted that the Member KYC registration app is a blocker for getting the MVP of the member.site online: we have two options:

1. Outsource to a third party app for KYC registration.
2. Live with the current app at member.rchain.coop.

Since #2 looks the most likely, it would be good to move the process to a different subdomain, like kyc.rchain.coop or register.rchain.coop. Then we can put the member site on member.rchain.coop.

[kitblake]

Best idea for the KYC app subdomain: join.rchain.coop