The Five-Cent KYC

An interview by Sean Murphy with Alex Scheer

The biometric passports now carried by citizens of more than 180 countries contain an NFC chip. That chip holds a cryptographic signature from the issuing government, a high-definition photograph of the holder's face, fingerprint data, and every piece of information printed on the passport's data page. Every modern smartphone can read that chip. And yet, when most people open a new financial account today, they are still asked to hold their passport up to a camera, wait for an optical character recognition system to parse the image, and then repeat the process when the lighting is wrong or the glare obscures a character. Alex Scheer, founder of zkMe, finds this baffling. He has built a company on a simple inversion: the chip belongs to the holder, the verification should happen in their hands, and no one else needs a copy. That absurdity has a price. About a hundred to one.

zkMe is a decentralised identity verification provider, founded three years ago on the premise that the cryptographic credentials people already carry can be used directly for identity verification, without routing through a centralised third-party provider. The process works like this. A user holds their phone against their passport. The phone's NFC reader extracts the chip data, which is encrypted and can only be decrypted using information visible on the passport's photo page, preventing remote scanning of someone else's document. The data is then processed locally on the user's device and turned into what is known as a verifiable credential: a portable cryptographic proof that the user owns and presents at will. Because the underlying signature comes from a government, the credential is trusted wherever it is recognised. No human reviewer is involved. No image is uploaded to a server. The user, not the platform, holds the data.

That last point is the one Scheer keeps returning to, because everything else follows from it. A conventional centralised KYC verification costs, by industry estimates, between three and five dollars per check for a full automated digital KYC stack. zkMe's costs roughly five cents. The drop-off rates tell a similar story: 40 to 60 percent of users abandon a traditional KYC process before completion, while a reusable credential collapses every subsequent check into a single-click confirmation against the credential the user is already carrying. Scheer describes the reusability as the real value proposition. Not privacy for privacy's sake, not decentralisation as ideology, but a rearrangement of who holds the data that produces measurable retention gains for the institutions that adopt it. Sovereignty for the user and economics for the platform turn out to be the same thing seen from two sides.

The company has now processed more than four million on-chain verifications. The initial client base was concentrated in decentralised finance: token distribution platforms, DeFi protocols and real-world asset issuers that needed compliance but could not implement a traditional back-office verification process because, by design, they did not have a back office, they were decentralised. 

Their financial product was code and their verification process had to be code too. zkMe provided the programmable compliance layer that made those products viable under emerging regulatory frameworks, with the user holding the credential rather than the protocol.

What has shifted in the last twelve months is the extension of that same sovereign credential into agent identity. The term the industry has settled on is "know your agent," but Scheer dislikes it. His objection is precise.

Most competitors are building systems that give AI agents their own identity, a reputation score, a credential of their own. Scheer thinks this is backwards. An agent is a tool with no legal liability and no legal rights. What matters is not who the agent is, but who owns it and what it is authorised to do. zkMe's approach is to give agents controlled access to their owner's credentials rather than credentials of their own.

Scheer describes a use case from his own life. He runs trading agents that execute stock trades through a brokerage API. Those agents need access to his API key, but if the key is stored in plain text and the agent is compromised, whether through a prompt injection or a data leak, the financial exposure is real. zkMe's solution routes the sensitive action through a Trusted Execution Environment where the API key is stored and the trade is executed. The agent initiates the action and receives confirmation of the result, but never sees the key itself. It knows it needs access to the brokerage; it does not know the password.

The timing is driven by a convergence of regulatory and commercial forces. The European Union's digital identity wallet, the EUDI, is scheduled for launch and is built on the same self-sovereign credential architecture that zkMe uses. Scheer positions the company as a global alternative: same technical approach, broader geographic scope, aimed at platforms that serve users across multiple jurisdictions. East Asia is where zkMe sees the most immediate traction, with brokerages already beginning to expose their services via command-line interfaces and MCP servers, making them discoverable by AI agents. The implication is that the next generation of financial product discovery will not happen through front ends or search engines. It will happen through agents. A user will tell their agent to find the best brokerage rate, and the agent will surface options the user has never heard of. For that interaction to be trustworthy, the agent needs to carry proof of its owner's identity and compliance status without revealing the underlying data.

Scheer won Money20/20 Asia's startup competition with this concept. He is realistic about where the market is. Early, fragmented, and still working out which approach to agent identity will dominate. But the underlying move is the same one zkMe made three years ago: take the credential out of the platform's hands and put it back in the user's, then watch the cost of every subsequent verification fall. The agent is just the next thing carrying it.