A popular idiom, "More Haste, Less Speed," perfectly encapsulates how some Virtual Asset Service Providers (VASPs), such as cryptocurrency exchanges, are complying with the FATF Travel Rule, which is something that Shyft Network’s Head of Strategy, Malcolm Wright, experienced firsthand. Hastily done Travel Rule compliance can lead to more troubles, bringing VASPs back to the square.
Recently, a cryptocurrency exchange emailed Malcolm demanding some Personally Identifiable Information (PII) from him about a USDC deposit into his wallet.
The identity of the crypto exchange will remain anonymous here, as this is not really about them but the inaccurate Travel Rule compliance process per se, which is something that even Malcolm highlighted in his LinkedIn post.
The effort the crypto exchange is putting in to comply with the Travel Rule is commendable, but it does lead to four significant risks, which need to be highlighted.
Sharing Travel Rule compliance data through emails can lead to phishing attacks. In fact, all a malicious actor will need here to pull off a phishing attack is a domain name with one letter difference.
There is data to back the claim. Reports indicate that 96% of phishing attacks can be attributed to emails.
One cannot share personally identifiable information of the sender without explicit consent from them. This is what even Malcolm highlighted in his post.
Imagine the horror if the crypto exchange with whom the user shares someone else's PII falls into the hands of a malicious actor through a phishing attack or the VASP loses it due to inadequate privacy control.
There’s a high chance that a user will send inaccurate or incomplete PII, given there are no safeguards to prevent such an instance while exchanging the data through emails. This can cause a significant rise in operational overheads beyond the usual email processing and customer support costs.
Last but not least, collecting Travel Rule compliance data through email is a UX disaster. It will lead to unhappy users, which will make them choose your competitors, especially if it is every transaction.
Technology is the answer. It can solve all the challenges VASPs will encounter while complying with the Travel Rule.
Identify counterparty VASPs ✔
Get accurate originator & beneficiary data with consent ✔
No additional headcount costs ✔
Fully secured & transparent ✔
That, too, within seconds. Yes, you read that right. All you need here is Shyft Veriscope! It can help ensure that a VASP complies with all three components of the Travel Rule: AML/CFT, Data Privacy, and Data Security.
Visit our website to read more about Veriscope: https://www.veriscope.network/ and contact our BizDev team for a discussion here: https://www.veriscope.network/contact.
