Understanding wallet ownership verification methods for VASPs

With the growing use of virtual assets, the Financial Action Task Force (FATF) has issued guidance for virtual asset service providers (VASPs) to verify wallet ownership during transactions. This is to prevent the risk of processing a transaction to a sanctioned entity, especially when it involves an unhosted wallet.

An unhosted wallet is used to store digital assets. The wallet owner has complete control of their private key, which is needed to conduct transfers. Unhosted wallets are also called self-hosted wallets, private or crypto wallets. VASPs do not provide these wallets; popular examples include hardware wallets like BitBox 02 and Trezor or mobile wallets like BlueWallet and Edge. Other examples of unhosted wallets include paper wallets, where the wallet user records their private key and addresses on a piece of paper or desktop wallets like Electrum and Metamask.

VASPs have to prove wallet ownership

The Financial Action Task Force (FATF) released its final Travel Rule guidance in October 2021. The guidance stipulated that virtual asset service providers (VASPs) are to verify, obtain and hold originator and beneficiary information for transactions. Virtual asset service providers (VASPs) can prove wallet ownership in 4 manners, namely, via visual proofs, a Satoshi Test, manual signing or through Address Ownership Proof Protocol (AOPP).

In addition to this, unhosted wallets have fallen into its scope. Unhosted wallets are privately owned; VASPs have no way of knowing to whom they are transferring funds and could stand the risk of processing a transaction to a sanctioned entity. The FATF recommended that for transactions involving an unhosted wallet and a VASP, VASPs are to request proof of wallet ownership to remedy this issue.

Visual Proofs explained

A visual proof can include a screenshot of the wallet software displaying the address the wallet user wants to use for the transaction or a video clip showing the wallet address. The proof is then sent to a VASP who verifies that the address in the image matches the desired withdrawal address; if the addresses match, the transaction will go ahead.

Visual Proof pros:

• It’s familiar and easy to perform for users
• It works with every wallet

Visual Proof cons:

• Visual proofs are sensitive to fraud and can be tampered
• Time-consuming and error-prone, as the image needs to be examined by the VASP’s compliance staff
• Transfer turnaround time is slower due to the manual inspection element, resulting in a poor user experience
• It’s impossible to automate due to the vast amount of unhosted wallets available
• It encourages address reuse due to VASPs trying to avoid inspections

The Satoshi Test

The wallet user will initiate the withdrawal process. The user and the VASP will agree on sending a very small number of funds - in Bitcoin, a couple of Satoshis - in a specific timeframe to verify wallet ownership. If the user is able to do this, it serves as wallet ownership proof.

Satoshi Test pros:

• The process can be automated on the VASP’s side
• It’s safer than screenshots, as anyone with basic computer or cellphone knowledge can manipulate screenshots
• It’s easier than manual signing; most crypto users face difficulties when requested to sign a message with their wallet

Satoshi Test cons:

• It’s not free, while the transferred amount can be returned; transaction fees can't
• The process can be slow as it is not fully automated; manpower is needed for reviews and responses to the proof
• Some VASPs charge users for the process due to manpower used for review; in turn, address reuse is encouraged to save money
• Sending from specific addresses is a non-trivial task with UTXO-based cryptocurrencies, like Bitcoin, and often not possible with a wallet
• It’s a cumbersome and friction-filled process resulting in a poor experience for the customer, who usually requires support to perform it

Verification through Manual Signing

The manual signing method verifies wallet ownership through a digital signature. The wallet user will initiate the transaction then the VASP will issue a message for the user to sign. This message issued by the VASP will need to be copied and pasted into the user’s wallet software and signed by the user. This signed message is then returned to the VASP. A VASP can manually add this signature to its software, or the user can manually add it to their software (where it will appear on the VASP’s software).

Manual Signing pros:

• It’s a cryptographically secure proof of ownership
• The process can be automated for the VASP

Manual Signing Cons:

• Not all wallets support it
• Only advanced wallet users know how to execute this method; therefore, it isn’t ideal for average crypto wallet users

Address Ownership Proof Protocol (AOPP): the easiest method?

AOPP is very similar to the manual signing method above - it provides ownership proofs through digital signatures but is entirely automated. AOPP connects to the VASP without the wallet user having to copy and paste any messages or addresses. The VASP provides the user with a link, or QR code, that, when clicked or scanned, sends a message to the unhosted wallet. The user signs this message, which is automatically sent back to the VASP, all in under 3 minutes.

AOPP pros:

• The process is fully automated upon user demand
• It’s safer than the screenshot option
• It’s easier than manual signing
• There's no reason to reuse addresses, thus enhancing the privacy of the user and the VASP
• Malware attacks are minimised as there is no copying and pasting of addresses
• It’s fast; wallet ownership can be verified in seconds
• It’s Travel Rule and General Data Protection Regulation (GDPR) compliant

AOPP cons:

• Only some wallets support it, but there is ongoing work on wallet support for various hardware and software wallets.