[caseyy]

Meanwhile, in reality, banks have solved proof of humanity, identity (KYC), and financial services for a long time. Any account in the world can be proven human by making a debit/credit card transaction from a card with a matching name.

For the first time, you can now give your biometrics to OpenAI to do nothing more than you already can. This is just a pure cult of personality.

[josh2600]

I can only assume that you don’t work in financial technology if you believe that KYC is a solved problem.

Proving authenticity in an increasingly diasporic society is difficult.

We should seek to either reduce or embrace entropy in the design of our systems. You either want systems which prove there are no Sybil attacks, or you manufacture halls of mirrors.

This is a continuous battle, there’s no panacea here, even the eye scan has threat vectors.

Calling KYC a solved problem is ludicrous.

[lokar]

It depends what you mean by solved.

Banks tend not to over engineer things. KYC can be seen as a 3 sided trade off: cost of KYC infra/process/etc, lost revenue from denied business and fines from regulators.

They (the banks) don’t really care about the social goals of KYC, they just try to best optimize for expected value in the trade offs.

The regulators understand this, and are basically fine with it. They have their own trade offs they are balancing.

Both sides mostly find and equilibrium.

[fc417fc802]

Even considering the social goals there's no need for a 100% solution. We only need to stop most fraud and reduce the impact of the fraud that does happen to a sufficiently low level.

One of the more important goals isn't to directly stop fraud but instead to provide tools that give end users results that scale with the amount of effort invested. The level of risk should be a tradeoff that the end user is able to make.

Current solutions mostly allow for that but certainly have some rough edges.

[davedx]

I’ve been working on KYC recently, curious to hear what the problems with it are in your opinion?

[Jommi]

KYC and KYCd accounts are a high volume item on the grey / dark net

it appears to not really do much at all

[GTP]

I think thst the goal of KYC is to get information about the entity opening an account, to e.g. make sure it isn't used for money laundering. Whether this account gets stolen later is out of scope for KYC.

[Jommi]

right so its useless?

[GTP]

No, it's not: you still want to make it as hard as practically possible to criminals to launder money.

[multjoy]

Speaking as a fraud detective, it appears to be completely ineffective.

[const_cast]

Well yeah, you're only looking at the instances of fraud. You're not investigating fraud that never happened because it was prevented, that would be impossible.

[ccorcos]

Synthetic identities, probably

[rsync]

"Any account in the world can be proven human by making a debit/credit card transaction from a card with a matching name."

A reminder: neither the Visa nor Mastercard payment networks have any ability to match, or authenticate, cardholder name.

We pretend that they do and we're used to merchants and operators (and web forms) insisting on exact matches of cardholder name ... but it's all a fiction.

As long as you get the digits - and the supporting number/zip portions - correct, the transaction will run with "Mickey Mouse" ... or even "A B" (initials).

This is in contrast to AMEX whose network does have cardholder name verification.

[GTP]

Interesting, I didn't know about this. Do you know why web forms require the name as well then? Is it just to give some additional sense of security to the user or try to scare scammers? Do you have some resources explaining the inner workings more in detail?

[tim333]

Worldcoin is supposed to be anonymous - you don't give your name. A theory behind it was on things like HN you could show you were human without having to do a KYC id proof, though that never took off, at least in two years I haven't come across it. In practice it works as number go up crypto ponzi like most of that field.