The Easier and Faster Alternative to Satoshi Test: Address Ownership Proof Protocol (AOPP)
With crypto regulations advancing globally, a number of countries now require crypto companies to collect wallet ownership proofs when transacting with unhosted wallets. This type of regulation aims to strengthen the goal of the Travel Rule, helping traceability of funds while minimising risks of money laundering and financing of terrorism.
The crypto communities in jurisdictions like Germany, Switzerland, and the Netherlands have faced this requirement for some time. Just last June, the European Union agreed on a draft regulation that also demands proof of wallet ownership in some cases.
What Are the Requirements for VASPs Transacting with Unhosted Wallets?
Obliged crypto entities (also known as virtual asset service providers), like custodians, brokers, exchanges and banks, need to collect a - usually undefined - form of proof that the customer requesting a transaction with an unhosted wallet, be it deposit or withdrawal, is the owner of the wallet. With little guidance on how to perform it, VASPs came up with methods to request, collect and store those proofs.
Proving Wallet Ownership
A wallet ownership proof aims to tie an address to a real person - usually the already onboarded VASP’s customer requesting a transaction.
There are four common ways to verify a wallet. The owner can provide a screenshot, manually sign a message with the wallet address, conduct a Satoshi Test, or use Address Ownership Proof Protocol (AOPP) to prove ownership.
What Is a Satoshi Test?
A Satoshi Test is a common way to prove wallet ownership. When requested to perform a transaction with an unhosted wallet, the VASP and the customer agree on sending a small amount of funds (usually some satoshis, hence the name of the method) in a specified timeframe.
If the user manages to do it, and the VASP confirms it has received the funds, the customer has proved ownership - since he/she was the person in contact with the VASP team and the agreed transaction was performed.
The process can be automated on the VASP’s side,
It is safer than the screenshot option, as screenshots can be easily manipulated by anyone with basic computer or cellphone knowledge,
It is easier than manual signing; most crypto users face difficulties when requested to manually sign a message with their wallet, moreover; only specific wallets offer the manual message signing functionality to the user.
It isn’t free. While the transferred amount can be returned, the transaction fees usually are not, and some VASPs will charge the customer for that process since staff time is needed for review,
This, in turn, encourages the owner to reuse addresses to save money, a very unwise and unsafe decision,
It is cumbersome, adds friction and offers a poor experience for the end customer, usually requesting support to perform it,
In some cases, the process can be slow as it is not fully automated. The VASP’s compliance team needs to review and respond to the proof.
This brings us to our fourth option, Address Ownership Proof Protocol (AOPP).
Why Address Ownership Proof Protocol (AOPP) Is Better
AOPP is an automated solution that proves wallet ownership through digital signatures.
AOPP creates a single-click experience, being the easier, faster and more secure way to prove unhosted wallet ownership to VASPs.
With AOPP, a VASP can provide their customers with a link (or QR-code for mobile users) that will immediately send an ownership proof message to their preferred unhosted wallet. Then, the user can easily access their wallet and sign the message, which will be sent back to the VASP automatically, proving ownership instantly and allowing the withdrawal to proceed accordingly.
The process is fully automated upon user demand,
It is safer than the screenshot option,
It is easier than manual signing,
The chances of address reuse are virtually nonexistent,
Malware attacks are minimised as there is no copying and pasting of addresses,
It is fast; wallet ownership can be verified in seconds.
Not all wallets support it yet. However, there is ongoing work on wallet support for various hardware and software wallets.
The pros of AOPP are evident - it streamlines the wallet verification process for both wallet users and VASPs alike. Moreover, it is compliant with the Travel Rule and General Data Protection Regulation (GDPR).
However, if you are still unsure if this is the method for you or your company, contact us today, and we will be happy to provide you with a product demo.
Alternatively, check out this video to see how AOPP and the hardware wallet, BitBox02, work together.
An Analysis of Ownership Proof Methods