Coinbase Logo

Identity verification and financial compliance

TL;DR - Trust is built on dependable security and protections — which is why we make protecting your account & your digital assets our number one priority. Identity verification is a key part of our regulatory compliance program, and we have built a robust architecture that roots out suspicious users. Our system prioritizes accuracy and adherence to the law across our global regulatory landscape.  

By Gary Shambat

Product

, March 31, 2023

identity.png

At Coinbase, we’re working hard to help update the financial system by building trusted products that expand the utility and adoption of crypto because we believe crypto and blockchain technology have the ability to increase economic freedom and opportunity around the world. Coinbase chose to become a public company in the US because we believe the US would best be served by embracing this fundamental innovation, but we’re also focused on international markets, many of which are moving forward with strategies to become “crypto hubs.”  

Trust is foundational to our work and we have developed sophisticated compliance tools to meet global regulatory requirements. Adhering to global and local regulations, including those related to anti-money laundering, is a core part of our business. Combined with  holding a high standard for who has access to our products, we’ve been able to create an ecosystem of trust. Our identity verification (IDV) platform is a critical component of our overarching know-your-customer (KYC) program and is designed to accurately verify that users are who they say they are.   

In the physical world, we’re used to showing identification (ID) cards to prove our identity, whether at the airport or at the supermarket. For a financial technology company like Coinbase, we have built a digital-first system to reliably perform ID checks for users who sign up. Our IDV platform is designed to reject fraudulent documents and only pass IDs that have been rigorously reviewed. At Coinbase scale, we need this system to operate reliably with hundreds of thousands of weekly checks globally. 

Looking under the hood, IDV all starts with a set of identity images (front and back) captured by the user. If these images are blurry, washed out, or don't contain an acceptable image of an ID, we reject them due to poor quality and ask users to resubmit. Once acceptable images are taken, we securely route them to our IDV partners, companies who specialize in validating documents with proprietary anti-forgery technology. These partners are thoroughly vetted by our security team and have Coinbase approved processes in place. Collectively between Coinbase and our partners, we perform over 200  validation checks on the documents, verifying  important details such as:

  • The content on the ID matches the known template of the ID type

  • The data elements and fonts are consistent across the ID

  • The watermarks and security features are correct

In addition to the specific document checks, we monitor for repeat abuse of identity information and, where detected, fail the check. Our proprietary internal models cluster these overlapping accounts and reject them all together. Bad actors often try to reuse stolen identities to create numerous fake accounts and commit financial fraud. 

We use a multi-layered approach in our IDV platform so that it is robust and resilient. Instead of just having a single IDV partner, we work with a handful of trusted partners so that we can continue to operate in case one is unable to perform to our high standards or if our traffic spikes beyond the partner’s capacity. We use a mix of both machine-learning (ML) powered and human review to capture the best of both methods. ML-based document checks are great at detecting subtle forgeries and synthetically created images that the human eye cannot see. Meanwhile, human reviewers address the gaps that ML-trained models might sometimes miss due to technical limitations. 

In addition to our core document-based IDV controls, we also have a supplemental method to verify user identities through electronic records lookups. We call this electronic data proofing (EDP), which is an industry best practice used by financial institutions. The process of EDP includes checking user identity information such as name, date of birth, and SSN with trusted sources such as credit records agencies and government citizen registries. We audit these sources to ensure they are independent, reliable, and meet our compliance bar. For each EDP check, we have a rigorous set of dozens of matching rules between data elements – if a user doesn’t match enough data elements, doesn’t match certain required data elements, or has differing data from their IDV step, they will not pass EDP. 

To summarize, at Coinbase we view IDV as a key control to meet regulatory compliance requirements and prevent  fraud from our platform. We optimize for accuracy and not the maximum number of onboarded users. This means we reject a lot of applicants and do this knowing it is the right thing to do. Our technology stack is resilient and constantly evolving. Bad actors are smart and will always look for exploits in controls in order to commit fraud. We, alongside our IDV partners, are building the tools and solutions to fight back against fraud and uphold a high standard of regulatory compliance.

Here are some help center links with further information on identity verification and KYC:

We’re proud to lead the way in providing the best protections available to all of our users. Trust is built on dependable security and protections — which is why we make protecting your account & your digital assets our number one priority. Our know-your-customer (KYC) program is one of the many ways that we do that. Learn more about security and compliance at Coinbase here.

Coinbase logo