No-KYC cards, long a topic of background chatter among professionals in the bank partnership, cryptocurrency, stablecoin, and financial crime spaces, went semi-viral on crypto Twitter last week, with at least one user saying the quiet part out loud. In a manifesto posted on X, the company claims that “Non-KYC doesn’t mean unregulated. It doesn’t mean operating in grey areas waiting to get shut down. It means building inside the system with a different philosophy.” Off Grid asks users to “declare independence” before they sign up for the company’s waitlist. Many of the sites offering such cards lack even the most basic of disclosures, including failing to list their legal entity name or a country in which they are based.
At the more extreme end of the spectrum, some providers explicitly position the cards as tools to evade financial regulations, including sanctions. For example, Bitsika — which a test transaction confirmed uses prepaid debit cards issued by Sutton Bank — markets its service to users in Iran, saying Bitsika’s cards “work on international platforms where Iranian bank cards are declined due to sanctions.” Bitsika Ghana-headquartered Bitsika also lists Nigeria, Pakistan, China, and Rwanda as “top countries” on its site, marketing cards to users in those higher-risk jurisdictions that can be funded anonymously from popular stablecoin Tether (USDT), bitcoin, or other cryptocurrencies, and then spent anywhere Visa is accepted, all without any KYC requirements. In response to questions sent via email, Bitsika founder and CEO Atsu Davoh suggested the page marketing the company’s service as a way to evade sanctions on Iran may be a mishap or miscommunication from the content team.
The most popular mechanism for operating these no KYC card offerings is something of an open secret in the industry: corporate cards. But to understand how and why that loophole is important, it helps to understand what these sites are trying to get across when they say “no KYC” — that you can fund a card and spend without supplying real identity information — vs. what is legally required. In the U.S., when a consumer opens an account, including a bank account, credit card account, or a reloadable prepaid card, covered financial institutions must meet the Customer Information Program (CIP) requirements of Section 326 of the USA PATRIOT Act by collecting a consumer’s name, date of birth, physical address, and identification number. The CIP requirement imposed by the PATRIOT Act similarly mandates that covered persons be able to form a “reasonable” belief in the identity of business customers.
Leave a Reply