We’ve come a long way from our very first Bitcoin ATM in 2013. It was a simpler time back then: tap all of two buttons and you could swap fiat for crypto in fifteen seconds.
Since then, the ever-changing world of regulatory compliance has necessitated more than a few additions to those steps. But that hasn’t altered our approach to always delivering first-in-class user experience that transcends the technical and makes buying or selling bitcoin a joy.
Simplicity in the face of a challenging environment
We approach compliance in two ways. The first is to strip the complexity and bureaucracy from the user interface. The second is to give the operator all of the tools necessary to power their complete compliance plan, regardless of the jurisdiction. We do this by analysing the entire process from collection to application of triggers and rules to satisfy the requirements of the local regulators.
The result is a simple, painless, and extremely fast verification time for your customers.
In this post, we overview how we accomplish this through the AML/KYC tools offered by our powerful software suite, as well as what’s up next.
Our powerful new admin, which debuted last year, puts even greater control in your hands. We’ve brought every facet of your customers’ details to the forefront, introducing new approval and management tools; and introduced our new rule-based system for compliance, allowing fine-grained controls across a dimension of triggers and thresholds.
With v8.0, we deployed additional fine-tuned management tools which give operators total control over their customer records.
Within the admin, all existing customer information can now be edited by operators, allowing you to update customer data, upload new ID photos, create notes and more.
Rule-based compliance triggers
We’ve also gone from simple thresholds to fully customisable rules based on multiple dimensions: transaction amounts, volumes, velocity, and consecutive days.
When triggered, these rules invoke an action of your choosing, whether that’s to request further KYC info, apply a cool-off period, suspend the user, or block entirely.
Additionally, the information submitted from a given KYC rule can either be automatically accepted for later review, or held for manual review, requiring your approval before the customer can transact any further.
Let’s dive into each one…
Phone confirmation and subscriber info
At the base of a customer’s profile is their phone number, which is tied to the rest of their KYC data and used subsequently as a ‘login’ with an SMS confirmation code when transacting at the machine. This is always the first trigger to be set.
Additionally, you may leverage the Ekata Reverse Phone add-on, so that once a customer has offered their phone number, you can press a button in your admin to query their mobile subscriber info (name and address).
This can assist in maintaining higher thresholds for ID requirements, as well as determining which customers are using burner or VoIP numbers.
ID card scanning and photos
Scanning IDs comes in two modes: capturing a photo of the ID front, and parsing the data that’s encoded on the 2D barcode on its reverse.
ID card photos can be captured from all forms of international documents that feature an individual’s photo, to be accepted automatically or held for review by the operator, and subsequently accepted or rejected.
ID card barcode data can currently be retrieved from U.S., Canadian, Colombian, and South African IDs. Parsing the barcodes of additional countries can be explored with our team.
Sanctions list screening
Upon obtaining data scanned from IDs, they can be immediately run against the OFAC sanctions list for matches. This list is updated daily on the operator server, and requires no third-party service.
If a sufficiently close match is made, the user is denied their current purchase and any further ones.
Support for other countries’ IDs and additional sanctions lists is provided by our upcoming SumSub integration.
Customer photo capture
A photo can be requested from users during any part of the transaction, as configured by your triggers. Additionally, you can capture customer photos upon the acceptance of the Terms & Conditions screen at the start of each transaction.
These all can be viewed in a customer’s photo roll within your admin. If they don’t match up, easily reject their face photo or ID card photo, either requesting a new submission or blocking them entirely.
‘Cool down’ suspensions
A compliance rule can trigger upon a user’s per transaction amount, volume over time, number of purchases over time, or purchases over consecutive days. One possible action upon triggering is to suspend the user for a specified number of days before they can transact again.
Or, choose to block the user fully, until such time as you unblock them within their customer profile.
Custom info requests
One size doesn't fit all, and though our current compliance suite is powerful in its own right, we’ve also made it the most extensible to cover almost any compliance requirement.
Custom info requests provide the ability to prompt your customers for anything you'd like, and in multiple formats. Define your prompt, then choose the entry format: numerical (dates, ID numbers, etc.), text (names, addresses, e-mail, etc.), or choices from a list of options.
While custom info requests can prompt for such details as national identifiers, our machines also feature a dedicated flow for obtaining U.S. Social Security Numbers.
Blacklists & address reuse denial
Crypto addresses may be added to your admin’s blacklist, which if scanned halt the transaction, informing the user of a ‘suspicious address’ and to contact the operator for more information.
Additionally, you can set your machine to reject any addresses which have previously been used in a transaction, thus requiring users to generate a fresh address for each purchase.
These two features can reduce the impact of scams employing a static address, or useful in compliance with particular regulations.
With address scoring, you can connect a CipherTrace account to submit your customers' crypto addresses for risk and sanctions analysis.
If addresses involved in either cash-in or cash-out transactions are scored above a risk threshold of your choosing, the transaction is immediately cancelled and the user prompted to contact the operator for additional steps.
Sometimes 'trust but verify' just doesn't cut it. In those cases, you may want to hold a customer from making further purchases until you manually review their details. Each trigger can be set to either automatically accept your customer’s submission (available for later review) or require your approval before transacting additional amounts.
ID verification, SumSub
We’re already hard at work on the next phase of our compliance suite, an integration with SumSub for a comprehensive, automated customer onboarding experience, including ID document verification.
Stay tuned as we announce further updates.
Questions? Unique requirements?
If your compliance needs are unique or you have questions on how our machines can fit the bill, we want to hear from you. Drop us a line!