Unhosted wallets verification
Use wallet ownership determination to comply with FATF requirements.
The Sumsub Travel Rule solution allows unhosted wallet controllers to securely prove wallet ownership using a cryptographic signature.
Unhosted wallets defined
An unhosted wallet, also known as self-hosted or non-custodial, refers to a type of digital wallet that is hosted and controlled by the user, as opposed to being hosted by a third-party service, like a VASP.
Such wallets offer their owners direct control over their private keys and, consequently, the security and management of their digital assets.
For example, a MetaMask wallet is considered unhosted, and a Centralized Crypto Exchange (CEX) account represents a hosted wallet, as you rely on a third party (custodian) to control your funds.
Why do you need unhosted wallet verification?
Countries that follow the Travel Rule requirements may oblige VASPs to verify the ownership of self-hosted wallets before transacting with them.
Such verification includes, but is not limited to, the following:
- Collecting relevant Travel Rule information related to Unhosted Wallets from their customers.
- Introducing additional mitigation measures, such as verifying the identity of the Unhosted Wallet owner or performing enhanced due diligence.
- Limiting or restricting transactions with unhosted wallets.
- Using blockchain analytics services to mitigate some of the ML/TF risks of unhosted wallets.
Apart from compliance with regulations such as the Travel Rule, unhosted wallets verification is crucial for businesses for the following reasons:
- Preventing money laundering and terrorist financing.
- Mitigating the risks associated with anonymous transactions.
- Establishing trust with their customers and reducing the potential for fraud.
- Enhancing security and accountability in the cryptocurrency ecosystem.
How it works
We offer you a solution that features proofing cryptowallet ownership with a digital signature.
Let’s say Alice, based in Switzerland, wants to withdraw some funds from her VASP and initiates a corresponding transaction. As the VASP is also based in Switzerland, it has to follow local regulatory requirements and verify who controls the wallet before allowing the transaction:
- The VASP gets notified about the transaction and sends Alice a message asking her to confirm wallet control. This message contains a link and a private encrypted verification key.
- Alice confirms wallet ownership by following the link in the message and signing in to her wallet with a secure key that is available only to her.
- After that, the wallet is verified, the transaction is sent for further processing, and the wallet is stored in the system so that Alice won’t have to verify it again.
From a technical point of view, unhosted wallet verification consists of two stages — creating rules and activating them, and proofing the wallet signature:
- You set the rules in Sumsub to determine how unhosted wallets should be treated and enable verification rules.
- You submit transactions with unhosted wallets and verify the wallets that are considered unhosted for further use.
To explore the full scenario with API references and webhooks, refer to this article.
Get started
To enable unhosted wallet verification:
- If you have never used Sumsub, visit our website and click Get started to begin your journey or contact our sales department.
- If you are already a Sumsub customer, in the Dashboard, open the Rules Library and enable the Travel Rule bundle and the Payment Method check rule from the Finance bundle, as described in this article.
Note
You do not have to mark beneficiary wallets as unhosted. The system will automatically treat any wallet missing the beneficiary information as such.
Now, when a transaction involving an unhosted wallet is created, you will get an applicantKytTxnAwaitingUser webhook containing the awaitingUser transaction status.
To verify an unhosted wallet via API:
- Pass
externalTxnId
to this API method to retrieveapplicantActionId
specified in thescoringResult.applicantActions
object. - Pass
applicantActionId
to this API method to get the URL that you must send to the user to confirm wallet ownership.
Alternatively, you can use the WebSDK preview link provided in the Wallet ownership verification section of the transaction card.
After the wallet is verified, all transactions will be scored in accordance with the counterparty VASP specifics and other rules involved.
Info
The unhosted wallet verification service is provided in partnership with 21 Analytics.
Updated 4 months ago