In an era where data breaches are becoming increasingly common, and personal data privacy is paramount, the need for novel approaches to “soft” Know Your Customer (KYC) verification has intensified. The MotoGP Bharat event gave attendees a first-hand experience of digital Legal Drinking Age verification.
Evolving Age Verification with Zero-Knowledge Proofs in the Digital Era
As the digital age advances, so does the importance of privacy and data security. The birth of the Digital Personal Data Protection Bill in 2023 has reiterated the need for businesses to walk the tightrope between providing efficient customer services and ensuring utmost regulatory compliance.
Enter Digital Legal Drinking Age (LDA) verification
For those unacquainted, LDA represents the minimum age at which an individual can legally purchase or consume alcoholic beverages. The specifications of LDA vary across Indian states and are governed by state-specific regulations. LDA is crucial for society, helping reduce motor vehicle crashes, minimize alcohol dependence, and prevent instances of violence, among other benefits. Traditionally, businesses verified the LDA by manually inspecting identity proofs like Aadhaar cards, often retaining images of these documents for legal reasons. Yet, this poses significant data security risks, especially with the new DPDP 2023 regulation potentially fining businesses up to INR 250 crore for data mismanagement.
On the one hand, the government wants businesses to store data responsibly; on the other hand, they have imposed a hefty fine of up to INR 250 cr for mismanagement.
Read more about DPDP law in our article here.
Unlocking the Potential of Zero-Knowledge Proofs (ZKPs)
One of the promising solutions to this challenge is ZKPs. This advanced technology enables the verification of specific data without exposing any additional details or the data itself. It was prominently showcased at the recent MotoGP event held at Buddh International Circuit, where attendees could authenticate their legal drinking age without revealing further personal information. All of this happens while the vendor does not need to store the identity document.
If you wish to learn more about ZKPs you can have a read at this blog.
The Innovation of Cavach by Hypersign
Cavach, a brainchild of Hypersign, leverages the power of ZKPs for offline Aadhaar (government-issued official identity card in India) verification. After validating a user's Aadhaar ID, Cavach produces a Zero-Knowledge Proof of the requested data and shares this proof, and only this proof, with the business.
Vendors only store proofs (for example, proof of age). This way, on one hand, they complied with the LDA, and on the other hand, they avoided the risk of data leakage and hence complied with DPDP.
During the MotoGP event, in association with AtomX Corporation Private Limited, Cavach was instrumental in LDA verification, showcasing a practical, real-world application of this technology.
Selective Disclosure: Customized Data Sharing
Further enhancing data security, Cavach also introduces the concept of Selective Disclosure Proofs. In scenarios where specific data pieces are essential, businesses can request only the exact information they require, mitigating potential data exposure risks. This mechanism is transformative, with applications across sectors like e-commerce, event ticketing, car rentals, hotel bookings, membership clubs, and residential gate access.
Transforming Soft KYC Across Domains
The potential applications of ZKPs and selective disclosure span far beyond events or age verification. Here are some domains where soft KYC can revolutionize processes:
E-Commerce Platforms: For first-time purchases, soft KYC can validate buyer identities, reducing fraud.
Event Ticketing: Authenticate ticket buyers or attendees, enhancing event security.
Car Rentals: Validate driver's license and age without unnecessary data access.
Hotel Bookings: Validate guests' identities for enhanced safety.
Membership Clubs: Confirm member identity during sign-ups.
Gate Access: Enhance security with minimal data storage for residential complexes.
As businesses navigate the challenging waters of data protection and efficient operations, technologies like zero-knowledge proofs and selective disclosure emerge as beacons of hope. With real-world applications like Cavach leading the way, the future of soft KYC seems bright, secure, and privacy-centric. If you're intrigued by the possibilities these technologies offer, Hypersign welcomes you to explore further and join the revolution in data privacy.
Hypersign is an innovative, permissionless blockchain network that manages digital identity and access rights. Rooted in the principles of Self-Sovereign Identity (SSI), Hypersign empowers individuals to take control of their data and access on the internet. It provides a scalable, interoperable, and secure verifiable data registry (VDR) that enables various use cases based on SSI. Built using the Cosmos-SDK, the Hypersign Identity Network is recognized by W3C (World Wide Web Consortium), promoting a seamless and secure identity management experience on the Internet.
Get in touch with us today to understand how you could implement soft KYC in your business email@example.com