StableKYC · Know Your Customer

Customer Identification for Permitted Payment Stablecoin Issuers

The GENIUS Act created a new compliance category. PPSIs need customer identification programs that work across pseudonymous rails, secondary markets, and decentralized exchanges. The infrastructure doesn't exist yet. We're building it.

See live demos → Read the compliance gap →

Visual Architecture

KYC Compliance Depth Across Chains

Where customer identification mechanisms embed in the five-layer Stablecoin Stack. Base leads at L3 with code-enforced identity gates. TRON shows the gap.

Base (L2)EthereumTRONL5APPLICATIONISO L4Coinbase VerificationsSmart Wallet CIPWallet KYC VendorExchange KYCL4MIDDLEWARE / APIISO L3Circle Verite VCChainalysis KYTChainalysis KYTNotabene Travel(Gap)L3EXECUTIONISO L2↑EAS AttestationsERC-4337 ValidationERC-3643 (T-REX)L2CONSENSUSISO L2↓OP Stack (inherited)L1NETWORKISO L1LEGENDGate (pre-condition)Monitor (concurrent)Obligation (post-finality)Code-enforcedPolicy-enforced

The Compliance Gap

PPSI KYC Is Not Generic AML/KYC

Why it matters: The GENIUS Act §104 creates customer identification obligations specifically for Permitted Payment Stablecoin Issuers — a category that didn't exist before July 2025.

  • Secondary market gap — Fed Governor Barr: "bad actors can purchase stablecoins in secondary markets that may not have customer identification requirements"
  • Identity mismatch — On-chain assets don't carry embedded identity signals like bank deposits. A stablecoin balance may be legitimate, but its provenance is opaque
  • New obligation category — PPSIs must build CIPs that bridge pseudonymous blockchain rails with BSA-grade identity verification
  • Compliance deadline — Full §104 compliance required by July 2026. OCC PPSI NPRM comments due May 1, 2026
Before vs. After GENIUS Act
Dimension Before After
AML/KYC Inconsistent Full BSA mandatory
Secondary Markets Unaddressed §104(h) CIP required
Travel Rule Debated $3K threshold formalized
Issuer Class Undefined PPSI designation
Deadline None July 2026

Identity Infrastructure

Three Models for PPSI Customer Identification

The PYMNTS editorial framing is "this is a problem." StableKYC provides the framework: three distinct identity approaches, each mapped to developer infrastructure.

On-Chain Attestation

How it works: KYC provider issues an on-chain attestation (EAS) proving the address holder completed identity verification.

  • No PII on-chain — only the boolean "this address passed KYC" is published
  • Code-enforced — smart contracts can gate transfers on attestation status at L3
  • Coinbase Verifications — live on Base mainnet today
Coinbase S2 Gate Live
Portable Verifiable Credentials

How it works: W3C Verifiable Credential (VC) proves KYC completion. Holder presents the VC to any PPSI; PPSI verifies the cryptographic signature without re-collecting data.

  • Issuer-agnostic — credential is portable across PPSIs who trust the issuing DID
  • Privacy-preserving — selective disclosure of only required attributes
  • Circle Verite — KYCAMLAttestation schema in production
Circle S2 Gate Live
Zero-Knowledge KYC Proofs

How it works: ZK circuit proves customer meets CIP requirements (age, jurisdiction, sanctions clearance) without revealing any personal data.

  • Maximum privacy — verifier learns nothing except the boolean result
  • On-chain verifiable — proof can be verified by smart contract at L3
  • Pharos ZK-KYC — consensus-level identity permissioning at L2
S2 Gate Code-Enforced

GENIUS Act §104

The 12 CIP Requirements Every PPSI Must Meet

What to know: Section 104 of the GENIUS Act (S.394, signed July 18, 2025) establishes a Customer Identification Program specific to Permitted Payment Stablecoin Issuers. Two requirements are entirely new — they address secondary market acquisition, the gap Governor Barr flagged.

Section Requirement Category Severity
§104(a)(1) Verify identity of each customer at account opening Customer ID Critical
§104(a)(2) Collect name, DOB, address, and ID number Customer ID Critical
§104(b) Screen all customers against OFAC SDN list + ongoing rescreening Sanctions Critical
§104(c) Identify and verify beneficial owners (25%+ / control) Beneficial Ownership High
§104(d) Transaction monitoring + risk-trigger customer info updates Ongoing Monitoring Critical
§104(e) File SARs for transactions >$5K with suspicious indicators SAR Filing Critical
§104(f) Retain CIP records for 5 years after account closure Recordkeeping High
§104(g) Transmit originator/beneficiary info for transfers >$3K Travel Rule High
§104(h) Identify customers acquiring stablecoins via secondary markets Secondary Market NEW Critical
§104(h)(2) Risk assessment for P2P and DEX-sourced stablecoin holdings Secondary Market NEW High

Live Proof-of-Concept Demos

Working Infrastructure, Not Slide Decks

Each demo calls real APIs and on-chain data. Full Cloudflare Worker source included — copy, deploy, and extend.

POC 01
Coinbase Onchain Verifications (EAS on Base)

Query Base mainnet for Coinbase-attested KYC status. Proves an address holder completed identity verification without exposing PII — the on-chain CIP gate PPSIs need for secondary market compliance.

Coinbase S2 Gate · L3 Live on Base
POC 02
Circle Verite W3C Verifiable Credential

Verify a W3C KYCAMLAttestation credential issued by Circle. The portable identity layer — a customer proves KYC completion to any PPSI without re-submitting documents.

Circle S2 Gate · L4 Verite SDK
POC 03
PPSI CIP Gap Scanner (GENIUS Act §104)

Self-assess your CIP readiness against all 12 GENIUS Act §104 requirements. Outputs a gap matrix with severity ratings — the diagnostic tool that makes the compliance vacuum visible.

Cloudflare S2 Obligation · L5 Interactive
Customer Identification
Verify identity of each customer at account opening
§104(a)(1)critical
Collect name, DOB, address, and ID number
§104(a)(2)critical
Sanctions Screening
Screen all customers against OFAC SDN list
§104(b)(1)critical
Ongoing screening for sanctions list updates
§104(b)(2)high
Beneficial Ownership
Identify and verify beneficial owners (25%+ / control)
§104(c)high
Ongoing Monitoring
Transaction monitoring for suspicious activity
§104(d)(1)critical
Update customer info on risk-trigger basis
§104(d)(2)medium
SAR Filing
File SARs for transactions >$5K with suspicious indicators
§104(e)critical
Recordkeeping
Retain CIP records for 5 years after account closure
§104(f)(1)high
Travel Rule
Transmit originator/beneficiary info for transfers >$3K
§104(g)high
Secondary Market
Identify customers acquiring stablecoins via secondary markets
§104(h)critical
Risk assessment for P2P and DEX-sourced holdings
§104(h)(2)high

The Identity Triad

KYC · KYA · KYT

Three sites, three checkpoint types, one S2 Identity stage. Each maps to a distinct compliance function within the Stablecoin Sequence.

KYC
StableKYC
Human customers. PPSI CIP — identity verification, sanctions screening, secondary market identification. Gate at S2.
KYA
StableKYA
AI agents. Agent identity, delegation chains, capability tokens, credential verification. Gate at S2 for machine actors.
KYT
StableKYT
Transactions. Ongoing monitoring, behavioral risk scoring, Chainalysis/Elliptic/TRM integration. Monitor at S4–S7.

Platform Ecosystem

Built on Production Infrastructure

Coinbase
Verifications (EAS), Smart Wallet, AgentKit, Base L2
Circle
Verite VCs, CCTP v2, Programmable Wallets, USDC
Cloudflare
Workers, Durable Objects, Pages, AI Gateway
Catena Labs
ACK Protocol, ACK-ID (DIDs/VCs), Agent Commerce Kit