Tazama offers Know Your Customer options for all

Low barrier, high security.
6 March 2024

“Trading” by e³°°° is licensed under CC BY-SA 2.0.

  • Know Your Customer is a mandatory part of online transactions.
  • Prohibitive costs form barrier to entry.
  • Linux Foundation backs open source alternative.

While the possibilities of taking payments online offers both parties in a transaction massive convenience, the threat of online fraud is ever-present. The Global Anti-Scam Alliance reports that close to $1 trillion was lost to online fraud in 2023, a cost that increases secondary business costs paid in insurance premiums, payment gateway fees, and a host of other quiet additions to everyday bills that land each month on the desks of CFOs worldwide.

An integral part of digital payment processes is the myriad routines that run background checks on every transaction, like identity lookup, heuristic pattern recognition for anomalous behavior, and payment detail verification.

“World Trade Center, Bahrain” by Ahmed Rabea is licensed under CC BY-SA 2.0.

These often furiously complex algorithms run quietly in the background, providing services like KYC (know your customer) and AML (anti-money laundering). They’re provided by reputable payment gateways and identity verification systems as a matter of course. Naturally, they come at a cost, one that’s pretty much mandatory whan running a lawful business and one that’s usually sold at a price that can be dictated by providers – as such, it’s rarely cheap.

However, that situation seems set to change in the near future, as the Linux Foundation Charities (with support from the Bill & Melinda Gates Foundation) has launched Tazama, an open source alternative to proprietary anti-fraud measures whose cost is often prohibitive, especially for organizations in the developing world. According to a press release from Linux Foundation Charities (LF Charities), it includes capabilities for fraud detection, AML compliance, and monitoring of online financial transactions. That means it should be able to provide as much know your customer data as traditional closed systems.

The service will be hosted by LF Charities (although its open source nature will enable independent hosting) and so act as a showcase for the efficacy of open source as a secure, independent, low-cost replacement for closed and costly systems.

Know your customer tools could be about to go open source.

“Cr48: Disabling boot verification” by jamalfanaian is licensed under CC BY 2.0.

Jim Zemlin, executive director of the Linux Foundation, said, “We are excited to see an open source solution that not only enhances financial security but also provides a platform for our community to actively contribute to a project with broad societal impacts.”

“The launch of Tazama signifies another stride towards securing and democratizing digital financial services,” said Kosta Peric, Deputy Director, Payment Systems at the Bill & Melinda Gates Foundation.

Greg McCormick, the Executive Director of Tazama, claims the platform has achieved 2,300 full payment transactions per second (TPS), which supports the type of throughput considered vital for a smooth and reassuring customer experience. The presence of delays, glitches, and timeouts is an anathema to payment processes (in B2C transactions, especially), as they suggest an unstable platform and worry users that they might be subject to fraud.

Several organizations are already working with Tazama to assess the platform’s effectiveness, including African organizations BCEAO and BankservAfrica, IPSL in the UK, and Jordan’s JoPACC. While emerging markets may be interested because of the lower potential cost of entry to a reliable payment platform, the overriding benefit of the open source Tazama will be the many thousands of eyes-on that will be able to attest to the veracity of the system and improve it overall.

The reputation of proprietary software in security-sensitive areas makes the case for Tazama. The experiences of Okta, SolarWinds, Lastpass and a half-dozen other companies suggests that in the area of highly-sensitive data, a limited number of developers and the tendency to place shareholder dividends before quality of product tends to create less secure software.