Shyft is a blockchain-based ecosystem that allows for the secure and private sharing of data for industries, governments, and consumers. It is now building a travel rule protocol Veriscope on top of this. Veriscope is a centrally-controlled Ethereum-like proof-of-authority (PoA) blockchain that allows VASPs and end-users to create accounts for managing their identity. VASPs purchase SHFT tokens which enable them to initiate transactions on particular Travel Rule smart contracts on their proprietary blockchain.
This article covers factors to consider when choosing Shyft as a Travel Rule messaging protocol.
How does Shyft's Veriscope work?
Veriscope is a smart contract-mediated, decentralized platform and API suite that combines a decentralized protocol with a global onboarding and governance system for global VASPs (Virtual Asset Service Providers). Veriscope packages the Shyft Network public blockchain protocol, together with a smart contract suite called Shyft Network Core and an API middleware. Veriscope leverages the Shyft Network to enable a global discovery layer critical to the counterparty identification process as set out in the FATF guidance.
Is Shyft's Veriscope a Travel Rule solution or protocol?
Veriscope is a Travel Rule protocol built on top of the Shyft Blockchain. There is a lightweight dashboard provided as a stop-gap solution. Still, most VASPs will require the use of an end-to-end solution provider like Notabene or spend considerable engineering time setting it up.
Is Shyft's Veriscope an open-sourced industry alliance network, a closed network, or a commercial solution?
Shyft is a public protocol operated by Shyft Network Inc. To use Travel Rule solution Veriscope, VASPs must go through an extra verification step.
Is Shyft a fully integrated Travel Rule solution provider?
No. Shyft is a messaging protocol that seemingly plugs into the Veriscope end-to-end Travel Rule solution.
Is Shyft's Veriscope complex to integrate?
Yes. Integrating Shyft provokes significant changes to the back-end. From an operational point of view, it also requires building your compliance dashboard and rules engine for managing the many different decisions needed to approve a Travel Rule transaction.
What are the steps to implementing Shyft?
Per Shyft's documentation, VASPs must take four main steps to integrate:
- Setting up your VASP account.
- Creating Shyft accounts for users on your platform
- Setting Attestations for crypto wallet addresses
- Listening to network transactions
1. Setting up your VASP account.
Install a Veriscope docker image on a secure cloud of your choice.
- Private keys and PII are stored here, so take security seriously
2. Creating Shyft accounts for users on your platform
Register a Trust Agent account
- Create Ethereum like KeyPair for managing your Trust Agent
- Create RSA encryption keys
- Add information about your VASP to the Discovery Layer
- Get Verified
Open up a firewall to /KYC-template endpoint on a docker image
Register each of your customers and their blockchain address in your local Veriscope instance
- This creates Ethereum keypairs and RSA encryption keys for each of your users.
3. Setting Attestations for crypto wallet addresses.
For each outgoing transaction, post a WalletAttestation to the blockchain.
- Cryptographically sign the attestation with both Trust Anchor and Wallet Keys.
- Post WalletAttestation to TrustAnchorStorage smart contract on Shyft blockchain (requires SHFT tokens)
- Wait for a response to the KYC template.
- If a beneficiary VASP is also registered, they will respond with their details to your KYC-template endpoint.
- Take a risk-based due-diligence approach to decide if you can transact with beneficiary VASP.
- Tell beneficiary VASP you wish to proceed.
- Receive encrypted PII about the Beneficiary Customer from Beneficiary VASP
- Send encrypted Originating Customer PII to Beneficiary VASP.
- Take a risk-based approach to sanctions screen the Beneficiary Customer.
Proceed to send the blockchain transaction after assessing the on-chain risk score from your blockchain analytics provider
4. Listening to network transactions
For incoming transactions
- Subscribe to wallet attestations sent to TrustAnchorStorage endpoint
- Check if the beneficiary address belongs to you and one of your customers?
- Take a risk-based due-diligence approach to decide if you can transact with the Originating VASP.
- Notify the Originating VASP that you wish to proceed by providing them relevant addresses and public keys to their KYC-template endpoint
- Wait for a response from originating VASP.
- Send encrypted PII about the Beneficiary Customer to the Originating VASP's KYC-template endpoint.
- Receive encrypted Originating Customer PII from Beneficiary VASP
(Note you do not have an option to halt a transaction based on a sanctions screen hit of the originating customer.)
- Receive funds
After all four of these functions are implemented, VASPs will be able to monitor and record originator and beneficiary information related to crypto transactions that occur between counterparties on the Shyft Network.
How does VASP due diligence work on Shyft's Veriscope?
The VASP discovery layer has basic information about VASPs, including a verification stage. After this, there is limited information available for making decisions on which VASP you can trust. As a reminder, VASPs are required to make decisions surrounding which counterparty VASPs they can interact with, including:
- Can I trust that the counterparty VASPs perform proper KYC on their customer?
- Check that the VASP is not sanctioned or in a sanctioned jurisdiction
- Can I trust the counterparty VASP with my customer's Personal Identifying Information (PII)
Using Notabene to implement Travel Rule allows you to use our tools to take a risk-based approach when interacting with all VASPs, including those using Shyft's Veriscope.
What is Shyft's governance model?
Shyft's governance model consists of a governance task force.
Does Shyft's Veriscope support non-custodial wallets?
Shyft was designed for non-custodial wallets to manage identities. The wallet themselves must add Shyft support, which is currently very limited.
Is Shyft's Veriscope live?
No. Shyft aims to be live in early 2022.
Is there industry support for Shyft?
- Good response from Regulators
- Some initial support from VASPs
- One single vendor
Does Shyft's Veriscope have a membership fee structure?
Yes. Shyft's business model is a typical blockchain token-based model, based on the price of SHFT tokens increasing depending on the use of the network.
Does Notabene support Shyft's Veriscope?
Notabene is currently working on our Shyft's Veriscope support. We will help you support Veriscope as it goes live, as well as the multitude of other competing protocols.
Notabene is always focused on getting VASPs operational and supporting our customers in their path of taking a risk-based approach to implementing the Travel Rule across protocols.
What are the benefits of using Shyft?
- Decentralization: Elegantly designed smart contracts system to manage Travel Rule transactions on a decentralized blockchain.
- No UX change: Beneficiary VASP identifies themselves if they are live on Veriscope. Also, Beneficiary name information is provided by the beneficiary VASP.
What are the drawbacks of using Shyft?
- Complex integration: It would be challenging for a large-scale existing VASP to implement Veriscope, as it needs to tie into many back-end processes both on the technical, compliance, and operational sides. Additionally, compliance teams have no defined process to create a scalable approach.
- Difficult to scale: All blockchains, including PoA based chains, hit scalability issues if successful. Assuming all crypto withdrawal transactions have created a WalletAttestation on the Shyft Blockchain, this would see a significant spike in gas price and thus the price of SHFT tokens. Even with the cost going up, there may still be delays in posting transactions.
- Limited network: After integration, VASPs are able to transmit customer PII to counterparties that are also in the Shyft Network. While many VASPs have experimented with Veriscope and it has strong potential, there are currently no VASPs we can see that are actually live yet at scale, based on wallet attestations on the blockchain (2321 transactions as of February 21, 2022.)
- Misses key requirement of FATF Travel Rule Compliance: Requiring the Beneficiary VASP to provide the PII of the Beneficiary Customer to the Originating VASP requires no UX changes. However, Shyft's Veriscope misses out on one of the critical requirements of the Travel Rule: FATF requires the Originating Customer to provide information about the Beneficiary Customer, as it helps compliance officers on both sides to help stop fraud and ransomware. Originating VASPs can still collect this and match it against provided beneficiary details. There is currently no way for the Beneficiary VASP to reject a transaction based on the Originating Customer PII (e.g., a sanctions screen.)
Has there been a testnet using Shyft?
Yes. Shyft protocol is not yet live; yet, significant testing has occurred.
Shyft for Developers
Shyft Network is a public PoA blockchain protocol designed to aggregate and embed trust and validation into data stored.
What are the Specs?
The Shyft protocol supports the following:
- Decentralized Identities for all parties, including VASPs and VASP managed identities for end-users
- Theoretically supports all cryptocurrencies, but Veriscope UX currently only supports a few important cryptocurrencies such as BTC and ETH.
- Utilizes customized blockchain for Trust Framework
- Requires SHFT tokens to use
- Support for InterVASP IVMS-101 Message Standard
Shyft Open API Documentation
Visit Shyft's Github page.
Shyft Smart Contracts
Shyft's smart contracts are written in Solidity. They appear not to be available on a public Github repo yet. However, they can be viewed on the block explorer:
Requesting changes on Shyft
GitHub users can create pull requests, but all changes are currently approved primarily by Shyft.
GitHub | Shyft Network
Shyft | Shyft Network Whitepaper v. 4.1