Streamline KYC verification with Hyperledger Fabric and Go

Know Your Customer (KYC) processes are solutions adopted by companies across a wide range of industries to identify and verify customers in order to authenticate them for specific privileges. KYC verification is a pain point for organizations because it is often costly, inefficient, and a source of frustration for customers.

In this article, we’ll show how the Hyperledger Fabric blockchain framework, as well as other blockchain solutions, can be used to streamline the customer verification process for financial institutions using a self-sovereign identity system.

Hyperledger Fabric is a good solution for anti-money laundering (AML) and KYC processes because it is permissioned, enterprise focused, and capable of identity management.

This article will cover the following:

• • Hyperledger projects overview
  • Hyperledger frameworks and tools
  • Hyperledger Fabric as an enterprise solution
  • KYC verification process overview
  • How does blockchain help KYC verification?
  • KYC verification workflow demo with Hyperledger Fabric and Go
    • Prerequisites
    • Encrypting identity credentials
    • Storing encrypted credentials on-chain
    • Retrieving and querying identity credentials

Hyperledger projects overview

Building and deploying a Hyperledger Fabric dApp does not require an extensive knowledge of all the tools in the Hyperledger ecosystem. So, for the purposes of this article, I’ve provided only a brief introduction.

Hyperledger projects refers to a growing number of open source tools and frameworks provisioned by the Linux Foundation in collaboration with other organizations. Hyperledger Fabric projects provide a permissioned private blockchain that supports enterprise consumption and is managed by community talent.

In addition to being open source, Hyperledger projects share the following features:

• Built by an open community
• Economical to build and utilize
• Easy and quick adoption
• Secure and reliable due to the ongoing community review, update, and approval process for changes to the project technologies

Hyperledger frameworks and tools

At the time of this writing, there are 17 Hyperledger projects – some active and others in the incubation stage. These projects may be categorized as follows:

• Distributed ledger frameworks
  • Indy
  • Fabric
  • Iroha
  • Sawtooth
  • Besu
  • Burrow
• Libraries
  • Aries
  • Quilt
  • Ursa
  • Transact
• Tools
  • Caliper
  • Cello
  • Explorer
  • Avalon
  • Bevel
  • FireFly
• Domain-specific projects
  • Grid

In this article, we’ll focus on the Hyperledger Fabric distributed ledger technology. A blockchain application built with Hyperledger Fabric consists of a consensus layer, smart contract layer, communication layer, and data persistence layer. Depending on the application, there may be additional layers as well.

Hyperledger Fabric blockchain as an enterprise solution

Hyperledger projects are the first series of projects to provide enterprise solutions on the blockchain, meaning they automate business processes through the use of smart contracts. There are several use cases for blockchain enterprise solutions. In this article, we’ll explore the digitization of customer credentials by companies and governments.

Hyperledger Fabric is the most widely adopted project in the Hyperledger ecosystem. This private, permissioned enterprise-based open source blockchain technology supports the creation and management of multi-ledger, enterprise-grade blockchain solutions with chaincodes (Hyperledger’s term for smart contracts) written in languages like Go, Node.js, and Java. In this article, we’ll use Go for the KYC verification process demo.

The Hyperledger Fabric technology offers the following capabilities:

• Identity management: Hyperledger Fabric’s Membership Service Provider (MSP) provides support for identity management
• Privacy and confidentiality: Hyperledger Fabric offers private channels that are out of bounds from peers or members without permission. This enables secure, private data sharing among channel members.
• Efficiency: Hyperledger Fabric’s concurrency and parallelism feature improves its performance by allowing transactions to be threaded and processed faster
• Chaincode execution: Chaincodes are the business logic on the Fabric network. They are responsible for executing transactions on-chain. Chaincode logic is written in general-purpose languages, making it possible for developers to build chaincodes in the language with which they are most comfortable
• Governance: Hyperledger Fabric makes use of governance policies to identify peers who can deploy a chaincode or add an MSP to a channel
• Modular architecture: Hyperledger Fabric’s modular architecture makes it flexible to changes. This is likely why this blockchain has been adopted by companies from such a wide range of industries (finance, banking, healthcare, manufacturing, technology, IoT, supply chain)

KYC verification process overview

Know Your Customer verification is a process for verifying the identity and authenticity of a customer (for a financial institution) or a citizen (for a government) with the use of an identity-proof system.

In banking, the KYC verification process features an exchange of documents between an individual customer and a financial institution that intend to work together. The process includes the collection and storage of the customer’s basic identity information, such as:

• Proof of identity (POI): passport, driver’s license, voter ID card, or health card
• Proof of address (POA): bank statement, utility bill, proof of residence issued by a government, or identity card
• Biometric data: facial photos or video, fingerprints, voice recordings, iris recognition, or retina scans

The KYC verification process is generally a cumbersome, insecure, and costly task for financial institutions. The process relies hugely on identity and access management; the backbone of all financial institution AML endeavors.

How does blockchain help KYC verification?

Blockchain technology offers several opportunities for streamlining KYC verification and disrupting traditional identity management solutions:

• Added security: Storing customer identity documents as encrypted files on the chain is more secure than traditional methods
• Increased technical efficiencies: The KYC smart contract responsible for managing digital credentials will have CRUD (create, read, update, and delete) abilities
• Immutability: Cryptographic hashes enable the blockchain ledger to remain as a permanent record that cannot be altered or reversed
• Added privacy: With blockchain, the financial institution only validates the user and does not have access to sensitive information included in the credential document
• Improved accuracy: Contract code manages the process instead of humans
• Increased transparency: Verification information may be shared securely between financial institutions
• Reduced cost: Once a customer opens an account and provides credentials to one financial institution, a smart contract archives and hashes the document containing the credentials. Other institutions can then access that smart contract in order to verify the customer’s identify

A significant benefit of streamlining the KYC verification process on a permissioned blockchain, like Hyperledger Fabric, is that only authorized and permitted members of the chain can add to or exchange customer data.

This differs dramatically from a permissionless and public blockchain, such as Ethereum, in which any member on the network can set up a node and join the system with simply an Ethereum address and no proven identity.

---

Over 200k developers use LogRocket to create better digital experiences

Learn more →

---

KYC verification workflow demo with Hyperledger Fabric and Go

Let’s walk through a three-step KYC verification process using the Hyperledger Fabric blockchain and Go.

Prerequisites

For our KYC verification workflow demo, you’ll need the following:

• Go installed on your machine
• A code editor, such as VS Code

Step 1: Encrypting identity credentials

As a first step, a customer’s identity credentials are collected as a document and encrypted using the blockchain’s hashing algorithm. The encrypted value of the document is stored on-chain, and a token is produced and given to the customer for safekeeping. When the customer is verified in the future, they will provide this token so it can be compared to the encrypted value stored on-chain.

Let’s assume the customer’s details are saved to a credential.csv file, like this:

Name,ID,Phone
John, 10121,199823458

The Hyperledger Fabric chaincode is responsible for encrypting the document. It would have a hashing algorithm in its logic like this:

package main

import (
    "crypto/sha256"
    "fmt"
    "io/ioutil"
    "log"
    "os"
)

func showFileToCustomer() {
    fmt.Println("Your document is: " + os.Args[0] + " credential.csv")
}

func checkArgs() string {
    if len(os.Args) < 2 {
        showFileToCustomer()
        os.Exit(1)
    }
    return os.Args[1]
}

func main() {
    credential := checkArgs()
    // Get bytes from the credential document
    data, err := ioutil.ReadFile(credential)
    if err != nil {
        log.Fatal(err)
    }

    // encrypt the file and display to the customer
    fmt.Printf("The encrypted file is: %x\n\n", sha256.Sum256(data))
}

If we save this file in the same directory as the credential.csv file and then run it, the resulting output will indicate that it has been hashed.

Step 2: Storing encrypted credentials on-chain

Next, the encrypted version of the customer’s credential.csv file will be converted into strings. Then, it will be stored on the blockchain where it cannot be edited without the permission of the managing peers on the chain.

The encrypted version of the credentials acts as a receipt of the authenticity of the verified documents. A new financial institution would need to request the customer’s permission to view the receipt that is stored on-chain by the chaincode. This request would be made using logic similar to this:

package shim

import (
    "bytes"
    "os"
    "strconv"
    "strings"
    "testing"
    "github.com/hyperledger/fabric/common/flogging"
    mockpeer "github.com/hyperledger/fabric/common/mocks/peer"
    "github.com/hyperledger/fabric/common/util"
    lproto "github.com/hyperledger/fabric/protos/ledger/queryresult"
    protobuf "github.com/hyperledger/fabric/protos/peer"
    "github.com/hyperledger/fabric/protos/utils"
)

err = stub.PutState(A, []byte(strconv.Itoa(data)))
if err != nil {
    return Error(err.Error())
    }

Step 3: Retrieving and querying identity credentials

The customer consents to the verification request by providing their hashed ID for cross-checking or querying. This is retrieved and queried by the chaincode using logic similar to this:

func (t *shimTestCC) logsQ(stub ChaincodeStubInterface, args []string) protobuf.Response {
    if len(args) < 1 {
        return Error("Incomplete args. Needs 1")
    }

    credentials := args[0]
    iterateResult, err := stub.GetKeyHistory(id)

    if err != nil {
        return Error(err.Error())
    }

    defer iterateResult.Close()
    var buffer bytes.Buffer
    buffer.WriteString("[")
    WriteArrayMem := false
    for resultsIterator.HasNext() {
        response, err := resultsIterator.Next()
        if err != nil {
            return Error(err.Error())
        }

        // Add a comma before array members, suppress it for the first array member
        if WriteArrayMem == true {
            buffer.WriteString(",")
        }

        buffer.WriteString("{\"TransactionId\":")
        buffer.WriteString("\"")
        buffer.WriteString(response.TransactionId)
        buffer.WriteString("\"")
        buffer.WriteString(", \"Value\":")

        if response.IsDelete {
            buffer.WriteString("null")
        } else {
            buffer.WriteString(string(response.Value))
        }

        buffer.WriteString(", \"IsDelete\":")
        buffer.WriteString("\"")
        buffer.WriteString(strconv.FormatBool(response.IsDelete))
        buffer.WriteString("\"")
        buffer.WriteString("}")
        bArrayMemberAlreadyWritten = true
    }

    buffer.WriteString("]")
    return Success(buffer.Bytes())
}

Once there is a match, the KYC verification process is completed.

The chaincode monitors the entire process and records the names of the financial institutions for security purposes.

Conclusion

In this article, we reviewed an introduction to the Hyperledger project tools and frameworks. We also explored the Hyperledger Fabric blockchain and the KYC process.

We demonstrated how the KYC verification may be streamlined with the Hyperledger Fabric blockchain framework and Go programming language into a three-step process: encryption, storage, and querying/verifying.

There are several different storage and query algorithm implementations with Hyperledger Fabric, such as GenesisKYC. As you practice writing Hyperledger Fabric chaincode, you should be able to restructure the code to fit your specific needs. For additional information on Hyperledger Fabric, see GitHub.

Join organizations like Bitso and Coinsquare who use LogRocket to proactively monitor their Web3 apps

Client-side issues that impact users’ ability to activate and transact in your apps can drastically affect your bottom line. If you’re interested in monitoring UX issues, automatically surfacing JavaScript errors, and tracking slow network requests and component load time, try LogRocket.https://logrocket.com/signup/

LogRocket is like a DVR for web and mobile apps, recording everything that happens in your web app or site. Instead of guessing why problems happen, you can aggregate and report on key frontend performance metrics, replay user sessions along with application state, log network requests, and automatically surface all errors.

Modernize how you debug web and mobile apps — Start monitoring for free.