Hi There,
I would like to propose a standardization of the bitcoin URI parameter name that could be optionally used to contain the unique id of VASP (Virtual asset service provider as defined by FATF) hosting the user's wallet address.
My question is: Should I prepare a completely new BIP or should I prepare a modification of BIP21?
BIP21 status is FINAL so I guess it should be a completely new BIP that would just extend the BIP21. I'm looking for confirmation of this approach. Thank you for answering that.
Please let's NOT start a discussion whether the FATF travel rule is a good thing or not. This could derail my initial question.
Background:
We are going to be soon working on travel rule integration for our Bitcoin ATM product.
The current user scenario is that the user shows on his phone QR code to the ATM with bitcoin URI containing an address, inserts cash and walks away with BTC arriving to his wallet.
In a Travel Rule compliant scenario the ATM operator must perform the "best effort" to find out who(VASP) is hosting the user's wallet, contact such VASP and send VASP customer identity data. This can be achieved by:
a) ATM contacting every possible known VASP that is travel rule compliant via some platform and ask him whether the address read from the QR code belongs to him. Such search could be done also with bloom filter to protect the privacy of a user. But of course this is very far from ideal.
or
b) ATM could use blockchain analytics tools to find who might be serving this wallet (major exchange etc). If the wallet address is empty prior to the purchase on the ATM this address would have to be monitored for some time to find out if it doesn't fall into some exchange's(VASP) cluster and that would have to be later contacted.
or
c) User will choose from the list of VASPs on the ATM screen to match his wallet provider(imagine phonebook with search field - terrible). Most people will select irrelevant VASP because they will not be willing to spend time to search VASP's name on the screen.
or
d) The user could enable in settings of their mobile wallet that VASP UID would be provided in URI as one of the parameters so that Bitcoin ATM operator will not have to search for VASP and could communicate with VASP immediately after scanning URI from QR code. In such a case options a) or b) or c) would not have to be performed and user experience for ATM users would stay the same as before travel rule compliance. In order to achieve this all wallet providers need to use the same parameter name in URI so that ATM will read this parameter - standardization of this parameter name is the purpose of proposed new BIP.
VASP UID could be also a public key that could be used to encrypt the customer's identity information before sending it to wallet provider VASP from the bitcoin ATM. Directory of VASP UIDs, how VASP could be contacted, method of transfer when one knows VASP UID should be all outside of scope of this BIP. I expect this to be covered by 3rd party tools/platforms/regulators.
Bitcoin ATM operators want to stay in business and for that they need to stay compliant with US regulation. Therefore they ask us to improve our products to comply with the FATF-Travel Rule.
The same probably applies to US custodian wallet service providers so I envision that the majority of custodian wallets offered on Appstore/Google play in the US would provide their VASP UID in bitcoin URI as a new default with an option for users to turn it off.
Please note that Travel Rule doesn't apply for unhosted(non-custodian) wallets.
Thank you,
Karel Kyovsky