Introduction

Auth Validate is Auth’s compliance layer, designed to give compliance teams confidence when enabling stablecoin and crypto transfers. It provides configurable controls and verification logic to help ensure transfers meet regulatory and internal risk requirements.

This page covers the following capabilities:

Custodial vs. Non-custodial Accounts: Configure your integration to allow transfers only to and from custodial accounts (ie, centralized exchanges), ensuring all counterparties are fully KYC’d.
Travel Rule-Powered Account Match Reporting: As a member of the TRUST network, zerohash can receive sender PII from participating centralized exchanges for transactions above applicable thresholds. This enables post-transaction name matching.
Unauthorized Deposit Blocking: Deposits initiated outside of the Auth user experience can be automatically rejected.

1. Custodial vs. Non-custodial Accounts

You have complete flexibility to choose which exchange and wallet accounts you want to present as options to your customers:

Simply instruct zerohash on your desired preference, and we’ll handle the configuration on our end.

2. Travel Rule-Powered Account Match Reporting

Report details and mechanics

As a TRUST network member, zerohash goes beyond standard Travel Rule compliance by not only exchanging sender PII for transactions above regulatory thresholds but also aggregating that data to generate an insightful “same-name exception” report. This report leverages our advanced account matching logic (mentioned above) to identify discrepancies between sending and receiving accounts.

Delivered to you daily, this report provides actionable insights to help your compliance team or automated systems quickly identify and respond to potential risks, such as locking or disabling flagged participants via API (POST /participants/customers/{participant_code}/lock), streamlining your compliance workflow and strengthening your risk controls.

NOTE: The Travel Rule (as implemented in the United States) requires certain financial institutions to include or transmit certain information (identifying the sender, receiver, and transaction) on certain transmittals of funds in if the transaction is $3,000 or more in value.

Reports can be delivered via sftp.

Account Match Logic

zerohash can perform account matching between the user in our system and the corresponding account within the external exchange system.

Logic
By default, our out-of-the-box name matching logic performs a standard comparison of First Name and Last Name fields. We apply a string similarity algorithm called Jaro-Winkler, which generates a score between 0 and 1:

A score of 1.0 indicates a perfect match
Lower scores reflect less similarity between the names

We recommend a default threshold of 0.75 (ie, 75%), but this value is fully configurable based on your organization’s needs and risk tolerance.

3. Unauthorized Deposit Blocking

See the full integration guide here.

In short, zerohash can configure your integration to block any transfer initiated outside of the Auth flow.

For example:

User A completes an Auth-driven transfer, properly linking their exchange account.
Since blockchain addresses are public, the user could discover their deposit address via a block explorer and attempt a second deposit from a non-custodial account.
zerohash can detect this scenario and block the unauthorized deposit from crediting the user.
If this happens, the user can seamlessly recover their funds using the Recovery SDK (see the integration guide for details).