Virtual asset service providers (VASPs) want more ownership, control, and security around their users’ data while complying with the FATF’s Crypto Travel Rule. With the Travel Rule regulation, VASPs must send personally identifiable information (PII) about the user sending the transaction to the receiving VASP. Currently, most VASPs use software or services like Notabene to comply with the regulation, which implies sending end-user data back and forth via third-party providers.
Suppose this information falls into the wrong hands, which has happened in the past via crypto exchange hacks and data leaks. In that case, malicious actors could use this data to target these persons of interest–either in the real world or virtually.
Our approach to secure PII transmission
At Notabene, we've always believed that PII must be delivered securely. We were the first solution provider to elect to only release PII when the receiving VASP confirmed ownership of a blockchain address and after risk-based requirements defined by the Originating VASP were met. This was the cornerstone of our first-generation SafePII capability, which has been in production for more than a year.
With end-user data security being one of our fundamental values, we’ve added three encrypted escrowed PII transmission methods to our advanced security infrastructure. The protocol-agnostic SafePII service leverages state-of-the-art cryptography to secure PII–every piece of PII data is individually encrypted and stored in a secure, limited-access datastore.
Introducing Notabene’s SafePII
Notabene adds a new PII service to our Travel Rule nodes. This industry-first feature allows VASPs to manage the secure exchange of encrypted PII to counterparties while simultaneously managing their own encryption keys.
As a separate first-class service run on behalf of our clients, SafePII is next to but complementary to our existing Travel Rule Service API. Separating this critical part of our API will allow VASPs to take a risk-based approach to better implement the Travel Rule from a data protection point of view. The escrow aspect of our service will enable us to perform address ownership and proprietary Notabene rule-based checks before encrypted PII is exchanged with the beneficiary VASP.
Encryption keys are, by default, managed by VASPs themselves. Still, VASPs can elect to utilize our key management infrastructure for some or all aspects of their service, similarly to how VASPs use a combination of local hot wallets and custodial wallet API services today. Unlike wallet API services, we explicitly designed our SafePII service around data encryption.
Regardless of how VASPs choose to use our SafePII service in the future, it is a considerable step up in data security over building your own service to integrate with an existing Travel Rule protocol. It also signals to counterparty exchanges that you take the data protection duties of implementing the Travel Rule very seriously.
How does Notabene’s SafePII service work?
Based on their needs, VASPs can choose between three different options:
In this flow, PII data traveling across the ether will be encrypted, meaning Notabene will never have access to the contents. Even in a hacking case or a leak, the attackers will not be able to decrypt the PII data because it’s simply cryptographically “impossible” – unless they can figure out the decryption key, which is only known by either of the VASPs.
During the Hosted SafePII flow, Notabene encrypts all raw Travel Rule transaction data created through our easy-to-use restful API without worrying about local key management. Each VASP has a dedicated encryption key managed by Notabene’s PII service and can be rotated on-demand.
Our current API customers will automatically be migrated to the Hosted Escrow PII flow without any manual changes. The Hosted flow is beneficial for VASPs using hosted/white-label exchange software and/or VASPs that don’t feel comfortable managing encryption keys by themselves.
The Hybrid SafePII mode extends the End-to-End flow, where the Originator VASP further encrypts the PII data selectively using their dedicated Notabene-managed encryption key, allowing Notabene to decrypt the PII (or parts of the PII data) for in-flow pre-transaction name sanction screening.
How to access this feature:
All customers have access to the Hosted SafePII flow. To encrypt/decrypt customer PII, login to the Notabene App -> Transactions -> Select the Transaction (i) -> Select “Conceal” at the top right hand corner.
Built on best-in-class open crypto native standards
At its core, our new SafePII service is built entirely using open standards and libraries. We believe it is important not to reinvent the wheel, particularly regarding encryption. Our goal is to push some of the learnings we have made here into Travel Rule protocol groups and provide our core encryption libraries as open source.
The Notabene Travel Rule Network is built on top of the W3C standard of Decentralized Identifiers (DIDs), co-authored by two of our Notabene co-founders. Our new SafePII service utilizes the DID-Comm standard for securely exchanging encrypted and authenticated messages between entities such as VASPs.
This set-up, in turn, is based on long-time industry standards for encryption JSON Web Encryption. We use the EdDSA encryption algorithm by default, which is currently recognized as the most secure public key encryption algorithm. We can easily upgrade to newer, better protocols in the future.
When encrypting a data item, an entirely new key is generated and encrypted to VASP’s public keys, encrypts the data, and is discarded. This ensures that even if bad actors could decrypt a single data item using massive national government-grade computing power, they will only be able to crack that specific data item–nothing more.
All data is additionally hashed and only identifiable by a content addressable identifier (CID) which stems from the InterPlanetary File System (IPFS) ecosystem. Knowing a CID is not enough to access the data; the client must be authorized and authenticated by the owner(s) to gain access. Typically the owners are the Originator & Beneficiary VASPs, but it could also be an intermediary such as Notabene.
CIDs are useful as VASPs can use them as consistent internal identifiers of PII without exposing the risk of actual PII within their own services.
Additional Security considerations:
- In the End-to-End and Hybrid SafePII flows, VASPs encrypt PII data to each other using their self-managed keys.
- VASPs publish their respective public keys on the Notabene VASP Network for key discovery.
- VASPs can rotate their self-managed keys by generating a new cryptographic key pair and publishing the public key on the Notabene VASP Network.
- PII service-managed keys (during hosted & hybrid flows) can constantly be rotated on-demand.
- Used encryption keys must comply with the new W3C “did:key” spec https://w3c-ccg.github.io/did-method-key/.