A Guide for Professional P2P Crypto Merchants and Vendors Collecting KYC
We recently assisted a P2P crypto vendor that was facing major losses due to buyers on a P2P marketplace. They faced significant chargebacks and bank recalls from verified buyers with positive reviews. Unfortunately, many fiat payment methods are easily disputable by a buyer if they complain to their bank or financial institution. There is a high risk for some professional traders and merchants in the P2P market with certain payment methods. Some potential problems exist where the buyer is compromised or using a fake identity document to bypass initial checks on the platform. Many of these services are highly targeted by organized criminals with turnkey solutions to bypass the verifications. Even if a vendor only trades with verified and reputable users, they are still open to scams in cases where the user tries to deal with a third-party account. Due to privacy restrictions, the vendor cannot see the actual name on some trade methods, and the marketplace operators rarely share the user's ID with the vendor. In the end, this causes increased losses for vendors, but they have started compensating for this additional risk with their own KYC processes. Buyers and sellers are stuck as the age-old trust problem is challenging to establish, especially in P2P transactions.
Marketplaces like Binance, Kucoin, and Paxful allow crypto buyers to use standard payments like gift cards, bank transfers, credit cards, and more to trade for a cryptocurrency like Bitcoin. (Bisq has a good list of payment methods and their pros and cons) They perform some KYC, but even Binance understands it is not enough for many vendors that want to comply with country-specific regulations and prevent fraud. In the U.S., regulatory agencies have cracked down hard on P2P traders who fail to comply with AML and KYC. FinCEN even released an advisory back in 2019 to educate traders on their compliance requirements. However, some platforms have decided to ban U.S.-based traders. Blocking by IP, devices, or KYC does not usually work, as the U.S. government will enforce actions on platforms that fail to stop illegal activities. A few platforms even shut down due to this, such as LocalBitcoins and briefly Paxful, making economics challenging. This is why merchants need to follow these regulations and prevent laundering. In the future, we predict governments will become even more strict about where they will go after traders, not based on the perceived nationality of an individual, but look at the nature of the transaction to see where it transferred through and domiciled. For example, hypothetically, a buyer may appear verified as an H.K. citizen, but they transact in a gift card as USD, putting them in scope for U.S.A. oversight. It may seem draconian, but regulations are shifting rapidly to counter illegal activities, and traders should be prepared for multiple possibilities.
A majority of these vendors, particularly the small-sized ones, are not utilizing the available tools to verify their clients. This has led to a typical practice of requesting additional KYC via platform messaging. In their ad they may state the KYC requirement but the platforms do not assist or provide tools to complete. However, this practice is not well-defined and exposes buyers to additional risks. For instance, buyers on Reddit or Bitcointalk.org express concerns about these additional KYC checks' security and privacy implications. It is a legitimate risk as a vendor could use the KYC information to gather additional intelligence and determine if they have an account on a centralized exchange. Then, attempt to gain access to it using multiple attack vectors. Collecting these documents through platform chats is not recommended as it leaves the data insecure and lacks anti-fraud checks. Moreover, there is no option to automate checks such as OFAC or other AML list verifications, further increasing the risk to both buyers and sellers.
Instead, traders should be using legitimate KYC tools like Trust Swiftly. They do not need to collect all the data points but can dynamically adjust the verification requirements per buyer. Adjusting according to local laws will ensure that you adhere to global regulations and that there are stringent steps to prevent fraud. The added benefit of KYC tools is you gain much more insight into a buyer than if you only chatted through the platform, such as geolocation and AI fraud analysis. We added additional controls such as IP and Phone country requirements for our clients, which gives them extra control over who they deal with as a starting barrier. More robust verifications, such as liveness and voice checks, are highly recommended and should aid your trading security. Accepting fiat payments is risky and requires much experience to remain profitable. Vendors can also increase their business by trading with newer and less reputable buyers if they have mitigating security controls for these newcomers. A common scam in P2P trading is when the buyer uses a third-party account to transfer the payment and then claims fraud. In these cases, the merchant has little recourse as the names mismatch, and they have no evidence of the original person who traded. Operating as a professional P2P merchant is becoming more complex and requires diligence to adhere to regulations and prevent losses.
If you are a crypto merchant needing support setting up a secure P2P process, let us know, and we can get you started on a better path.