Manual Signing Method Explained
Manual signing is a solution that allows wallet owners to prove self-hosted wallet ownership through digital signatures to a VASP where they are clients. This method relies on the basic technical capabilities of any wallet. Not only is it one of the less time-consuming wallet verification methods, but it is also incredibly secure compared to other methods, like visual proof.
Why Would a Cryptocurrency User Need Manual Signing?
The Financial Action Task Force’s (FATF’s) Recommendation 16 proposed that cryptocurrency exchanges and virtual asset businesses within FATF member countries would need to reassess how crypto assets were transferred. For compliance purposes, virtual asset service providers (VASPs) will need to adhere to country-specific rules when transacting with self-hosted wallets as part of their anti-money laundering (AML) efforts.
Recommendation 16 stipulates that when a virtual asset transfer involves only one obliged entity on either end of the transfer, countries should still ensure that the obliged entity adheres to the requirements of Recommendation 16 concerning their customer. For example, when an ordering VASP, or other obligated entity, sends virtual assets on behalf of its customer to a self-hosted wallet, both an obliged (VASP) and a non-obliged (self-hosted wallet) entities are involved, and therefore the VASP must collect information on the destination of the funds.
Most countries’ implementation of the Travel Rule dedicate a part of the regulation to address transactions with self-hosted wallets. The requirements vary from risk-based approach to enhanced due diligence, which often include collecting proof of ownership of the wallet.
But How Does It Work?
Manual Signing Step-by-Step
- The wallet user initiates the withdrawal process by providing the VASP with the desired address to receive the coins.
- The VASP shares with the user a message to be signed using the chosen wallet address.
- The wallet user copies and pastes this message into their wallet software.
- The wallet user signs this message using the private key associated with the chosen wallet address.
- The user shares the signed message with the VASP.
- The VASP uses software to verify the signed message, which depends on the type of asset, and allows the transaction.
VASPs that currently use this method without a solution that empowers compliance for self-hosted wallet transactions, like 21 Travel Rule, face several challenges.
First and foremost, signing a message with a crypto wallet is no layman feat. It is definitely challenging for the average crypto person, since this is an advanced feature that does not need to be accessed during the most common use case of a crypto wallet: performing transactions. With the feature often hidden behind settings and unknown naming, experienced users have an easier time signing messages upon a VASP request than beginners.
Secondly, not all wallets offer this feature for the end user. Hardware wallets usually show the option to sign or verify a message in a more explicit way, but it does not mean that all customers will find that in their wallets. Although all wallets are able to sign messages (this is the basis of how cryptocurrency transactions work), not all of them allow users to do it on their own.
These factors result in frustrated customers and loss of revenue for the VASP, as expected when having critical user-experience issues during conversion actions in a platform.
What Are the Pros?
- It is a cryptographically secure proof of ownership,
- It can be automated for the VASP.
What Are the Cons?
- Not all wallets support message signing for the end user yet,
- It may require additional software setup for the wallet user,
- Only advanced wallet users know how to execute this method, which isn’t ideal for novice crypto wallet users.
- Not all wallet verification software supports every wallet,
For example, Electrum wallet software cannot verify signatures from Trezor and will receive an error message. Unless the VASP asks the wallet owner which wallet they use and uses the same software, this error will repeat, resulting in a bad UX for the VASP customer.
To learn more about self-hosted wallet verification methods, read Self-hosted Wallet Verification Methods: An Overview.