KYC methods which make identity theft more difficult - are they possible?

[Mia Chloe]

I bump this topic because I still consider it important, and would like to read more about "safe" KYC methods.

Nice One d5000.
Another possible way is transaction authentication wit a random amount. This method is quite ok and I've used it a couple of times.
For this method the verification service generates a random unique amount let's say a small but unique amount like $0.23 or $1.17. Then the user  initiates a transfer of the exact random amount from their bank account to a particular given account which would be provided by the verification service.
After  that the verification service can then proceed to check the transaction details, ensuring the amount, sender, and recipient match. The user then confirms the transaction, either by logging into their bank account or through a secure channel.

To a nice extent this method method makes it harder for attackers to use a stolen bank account because the random amount would  be difficult to guess the transaction would require the interaction of the user and the verification service checks multiple factors and necessary details like (amount, sender, recipient, and user confirmation), this adds an extra layer of security.

[d5000]

-snip-

Well I think you mean exactly the same method I mentioned in the last post, isn't it?

Basically it means outsourcing the KYC to the bank, which is perfectly reasonable, as banks normally have a strict KYC but also are relatively trustworthy, at least it is less likely that your KYC data at a bank will be hacked, and most people already have a bank account so they would have done the KYC anyway.

To a nice extent this method method makes it harder for attackers to use a stolen bank account because the random amount would  be difficult to guess the transaction would require the interaction of the user and the verification service checks multiple factors and necessary details like (amount, sender, recipient, and user confirmation), this adds an extra layer of security.

The problem is that if the account is really stolen, and the hacker has got access to its online banking, then he can pass the test.

That's why I proposed to do it two times with at least 15, better 30 days in-between. After the first "pass", the account gould get only access for crypto activities, so it's ensured that a hacker can't compromise the bank account further (e.g. transferring money to the exchange to buy Bitcoin and then exchange it to Monero or CoinJoin it). Only after the second "pass" it becomes extremely unlikely that the legitimate owner wouldn't notify the bank and the authorities, and thus only then the "fiat ramp" should be enabled.

Actually this is very similar how on some P2P exchanges you can make sure that you're not selling to someone with a stolen bank account: if the hash of its bank data is integrated in the account information and has a certain age.

There may be still a problem: if a hacker is able to open a bank account with fake data from a different person. This has happened with some "online banks" with a KYC process vulnerable to such practices, like those that only require a single ID photo. So for higher limits it may be needed to repeat the process again every couple of months, because with every month that passes, the probability that the person to which the data belong notices the problem decreases.