TL;DR I argue that KYC providers are positioned to become the next generation of reputation banks—inverting identity economics from verification to credit. The prescription is self-sovereign identity infrastructure that keeps reputation data owned by individuals, not rented from corporate intermediaries.

When KYC Providers Become Reputation Banks

by Markus Maiwald
#identity#KYC#SSI#reputation#sovereignty#libertaria
When KYC Providers Become Reputation Banks

When KYC Providers Become Reputation Banks

The Coming Inversion of Identity Economics

Markus Maiwald · March 2026 · libertaria.dev/blog

The Idea That Wouldn’t Die

Budapest, 2017. Somewhere between the ruin bars and the anarcho-crypto meetups, I started telling anyone who’d listen that KYC providers were sitting on a goldmine they didn’t understand. They had the data. They had the trust relationships. They had the cross-platform verification history. And they were throwing it all away after every single verification event like a bank that shreds your credit file the moment you walk out the door.

Nobody cared. The crypto world was too busy with ICOs to think about identity economics. The KYC world was too busy billing per-API-call to question their own business model.

The idea went dormant. Not dead; dormant.

Today it resurfaced. I was in a team chat about our SSI stack. A colleague asked whether “Mosaic KYC” was a real product or an AI hallucination. Neither; it was the logical third step from DID and Verifiable Credentials. We have a call with SumSub later this week. They’re curious about “KYC capabilities that an SSI stack offers.”

Another colleague; sharper than most; immediately saw the dark angle: “So now SumSub can kick you out? That’s a web2 platform too.”

He was right. And wrong. And in that tension lives the most important business model shift of the next decade.

The Current Model is a Dumpster Fire

KYC today operates on what I call the Verify-and-Forget model.

You submit your passport to Exchange A. Exchange A pays SumSub $2-5 to verify you. SumSub confirms you’re human, not sanctioned, probably not a terrorist. Exchange A stores your data in a database that will inevitably be breached. You repeat this process for Exchange B, Broker C, Social Platform D, and that weird DeFi thing your friend recommended.

Every verification is a point-in-time snapshot with zero memory. SumSub doesn’t know that you’ve been a perfect customer at Kraken for six years. Binance doesn’t know you’ve never filed a chargeback anywhere. Each platform starts from zero because the identity layer has no state.

This is insane. It’s like a banking system where your credit score resets every time you walk into a new branch.

The regulators love it because fragmentation means control. The KYC providers tolerate it because they get paid per-verification. The users hate it because they’re treated like suspects at every digital doorstep. And the data breach statistics speak for themselves; identity data is the most leaked category of personal information on the planet because it’s stored in fifty different honeypots instead of zero.

SSI Flips the Polarity

Self-Sovereign Identity changes the physics.

Instead of submitting your passport to Exchange A, you hold a Verifiable Credential in your own wallet. The credential says: “This person was verified as human, EU citizen, not sanctioned, on 2026-01-15, by SumSub.” It’s cryptographically signed. It can be verified without contacting SumSub. It can use zero-knowledge proofs to reveal only the claims needed; “over 18” without revealing your birthdate, “EU resident” without revealing your address.

The passport never leaves your device. The exchange never stores your data. The breach surface collapses to zero.

But here’s what nobody is talking about: what happens to SumSub?

The Reputation Bank Thesis

In the Verify-and-Forget model, SumSub is a tollbooth. You pay, you pass, they forget. Revenue scales linearly with verification volume. Their moat is API integrations and regulatory relationships.

In the SSI model, SumSub becomes something far more powerful: a reputation bank.

Think about what happens when Verifiable Credentials become portable.

SumSub verifies you once. That credential travels with you. Every exchange, every platform, every service that accepts SumSub credentials now trusts you because SumSub vouched for you. SumSub’s signature becomes a trust anchor; not for a single platform, but for the entire ecosystem.

Now extend this logic. If SumSub can issue “this person is verified human,” they can also issue:

  • “This person has been a verified participant in good standing across 47 platforms for 6 years”
  • “This person has zero chargebacks, zero fraud flags, zero sanctions hits across their credential history”
  • “This person’s behavioral risk score is in the top 5% of all verified identities”

This is a credit rating for identity. Not financial credit; trust credit. Portable, verifiable, accumulated over time.

The KYC provider stops selling verification events. They start custodying reputation.

The business model inverts. Instead of Exchange A paying SumSub $3 to verify a stranger, Exchange A accepts SumSub-credentialed users at reduced friction because SumSub’s reputation credential signals low risk. SumSub charges the user a subscription to maintain and port their reputation. Or SumSub charges the accepting platforms a lower fee for pre-verified users; but now the fee represents ongoing trust maintenance, not one-time verification.

Revenue shifts from linear (per-verification) to compound (per-credential-acceptance across ecosystem). The more platforms accept SumSub credentials, the more valuable each credential becomes. Network effects. Winner-take-most dynamics. This is banking logic applied to trust.

The Dark Side; Because There’s Always a Dark Side

My colleague’s objection was surgical: “So now SumSub can kick you out?”

Yes. And this is the central tension.

A KYC provider that becomes a reputation bank gains the power to de-bank your identity. If SumSub revokes your credential, you don’t just lose access to one exchange. You lose your accumulated trust across the entire ecosystem that accepted SumSub credentials. Your six years of perfect behavior evaporate.

This is the same power structure we’re trying to escape, wearing a new mask.

If you think regulators won’t notice this chokepoint, you haven’t been paying attention. The EU’s coming digital identity regulations make SSI quasi-mandatory. But which SSI? The one where the state issues the credential, or the one where a private company does? The regulator’s wet dream is a KYC reputation bank that can burn your identity across fifty exchanges simultaneously because Pakistan flagged you.

More control over a KYC that burns you on many exchanges at once is the wet dream of any regulator.

I’ve been saying that since 2017. It remains true.

The Libertarian Escape Hatch

Here’s where Libertaria enters the frame.

The problem isn’t reputation portability. Portable reputation is a feature, not a bug. The problem is custodial reputation portability. When SumSub holds your reputation, SumSub controls your reputation. When the state mandates SumSub, the state controls your reputation through SumSub.

The solution: self-sovereign reputation.

In the Libertaria architecture, reputation is computed from your actions, not issued by an authority. The Quasar Vector Lattice (QVL) builds trust scores from actual interaction patterns; who you traded with, whether you settled honestly, whether your counterparties vouch for you. This is bottom-up reputation. Nobody issues it. Nobody can revoke it. It exists as a mathematical property of your position in the trust graph.

A KYC provider can serve as an onramp oracle; attesting that you crossed the bridge from the legacy world. But your reputation within the sovereign system accumulates independently. If SumSub revokes your legacy credential, your sovereign reputation remains intact. Your QVL trust edges don’t disappear because a web2 company changed its mind.

Two worlds. Two faces. One identity.

This is the Janus Identity from our Bridge Protocol. One face satisfies the state. The other satisfies the protocol. The zero-knowledge bridge connects them without revealing the linkage. SumSub can serve the state-facing side. The sovereign side serves you.

The Competitive Landscape

The KYC providers who understand this shift will dominate the next era of digital identity. Those who don’t will become verification APIs competing on price in a race to zero.

Tier 1: Reputation Banks (SumSub, Onfido, Jumio if they’re smart)

  • Issue portable VCs that accumulate trust
  • Charge subscription models for ongoing reputation maintenance
  • Build ecosystem acceptance through network effects
  • Become the “Visa of identity”; trusted everywhere, issued once

Tier 2: Bridge Oracles (privacy-preserving intermediaries)

  • Verify legacy documents, issue sovereign credentials
  • Charge per-bridge transaction
  • Don’t custody reputation; just translate between worlds
  • Lower margin, lower risk, lower power

Tier 3: Protocol-Native Trust (Libertaria QVL, Web-of-Trust systems)

  • No issuer, no custodian, no chokepoint
  • Reputation emerges from behavior, not attestation
  • Slower to bootstrap; impossible to capture
  • The end-state for anyone who takes sovereignty seriously

The smart play for the freedom-loving? Use Tier 1 or Tier 2 as the legacy-facing interface while building Tier 3 reputation in parallel. When the Tier 1 provider inevitably gets captured by regulators or private equity; and they will; your sovereign reputation is already established.

The smart play for the KYC providers? Offer Tier 2 bridge services alongside Tier 1 reputation banking. Serve both markets. Hedge against the decentralization wave by being part of it.

The Prediction

Within five years, the major KYC providers will offer “identity passports”; portable credentials that carry accumulated trust across platforms. They’ll market it as convenience. They’ll sell it as innovation. And it will be both.

But underneath the marketing, the economics will have shifted permanently. The KYC provider becomes a bank. The verified identity becomes an asset with compounding value. And the question that matters; the only question that has ever mattered in the history of banking; is:

Who controls the ledger?

If the KYC provider controls it, you have a new kind of financial institution with a new kind of power over your economic life. If you control it, you have sovereignty.

The technology enables both outcomes. The architecture decides which one you get.

Choose your architecture carefully.

Markus Maiwald builds sovereign infrastructure at libertaria.dev. The code is the argument.