Legal Aspects and Integration - Part 3

Legal Aspects and Integration - Part 3
Kei Brousmiche
VP Innovation
November 6, 2023

In our series on blockchain wallet solutions, we've traversed the landscapes of User Experience, delved into the core of Security Architecture, fortified our understanding with Additional Security Layers, and navigated the intricacies of Account Management and Recovery.

Now, in this final installment, we turn our focus to the pivotal legal consideration—from regional legal constraints to custodial versus non-custodial aspects—and the nuances of integration, exploring the spectrum from backend requirements to frontend-only solutions.

Legal Considerations

Selecting a wallet solution isn't just about technology; it's also about ensuring alignment with the legal landscape of your region. Some wallet providers have gone the extra mile to secure legal licenses, a move that, while instilling trust, often comes with a hefty price tag due to the rigorous compliance efforts involved. On the other hand, there are solutions designed to bypass these constraints, placing the onus of fund management squarely on the end-users. Yet, a significant number operate in a gray zone, claiming exemption from regulations even when their technical framework suggests otherwise.

To navigate this intricate terrain, it's crucial to first understand the distinction between custodial and non-custodial wallet solutions. Let's delve into these concepts and shed light on their implications for businesses and end-users alike.

Custodial vs. Non-Custodial Wallets: Drawing the Line

At the heart of the wallet landscape lies a fundamental distinction: whether the wallet provider retains control over the user's funds (custodial) or whether the user retains control (non-custodial). This distinction not only impacts the user experience but also has significant legal and regulatory implications.

Custodial Wallets

- Control: In a custodial setup, the wallet provider holds the secrets enabling funds transfer on behalf of the user. Essentially, the user trusts the provider to manage and safeguard their funds.

- User Experience: Typically, these wallets offer a more streamlined experience, akin to traditional banking. Users don't need to worry about losing their private keys or secrets associated to their wallet, as the provider handles key management.

- Legal Implications: Custodial wallets often fall under financial regulations due to their nature, which can mean they're subject to banking laws, anti-money laundering (AML) rules, and know-your-customer (KYC) procedures. This can lead to increased scrutiny and regulatory oversight.

- Pricing Impact: Custodial wallets often come with higher fees due to the regulatory compliance, licensing requirements they must maintain, passing these costs onto the client.

Non-Custodial Wallets

- Control: Here, the user is in control of their funds. The wallet provider cannot execute a valid transaction without specific user-held secrets, such as a PIN code or biometric data, which encrypt essential components required to sign a transaction. Only the user possesses these secrets.

- User Experience: While offering greater autonomy, non-custodial wallets come with increased responsibility. Users must ensure the safekeeping of their secrets, as losing them could mean losing access to their funds permanently.

- Legal Implications: Non-custodial wallets operate outside the purview of traditional financial regulations since the provider doesn't hold or control user funds. However, the onus is on the user to comply with tax obligations and other relevant laws.

The Gray Zone: Some wallet solutions claim to be non-custodial while retaining certain controls that blur the lines. For instance, a wallet might necessitate user authentication for transaction approval. Although the provider contractually won't execute a transaction without the user's agreement, they technically possess the capability to sign independently.

In conclusion, the choice between custodial and non-custodial wallets hinges on a trade-off between user convenience and autonomy. Businesses must weigh these factors, keeping in mind the legal landscape and the desired user experience.

Data Sovereignty and Execution

The geographical location of where wallet data is stored and operations are executed is a significant factor for many businesses. This is not just a matter of latency or performance, but also of data sovereignty, regulatory compliance, and trust.

Localized Storage: Wallet solutions that store data within a specific region or country can appeal to businesses that prioritize data sovereignty. Keeping data localized ensures that it is subject to familiar regulations and legal protections.

Global Cloud Providers: Some wallet solutions leverage global cloud providers with data centers spread across multiple regions. While this offers scalability and redundancy, it might raise concerns about which country's laws apply to the stored data.

Execution Environment Location: Just as with data storage, the geographical location of where wallet operations (like transaction signing) are executed can have implications. Operations performed in regions with stringent data protection laws might offer more trustworthiness.

Data Repatriation: For businesses that might need to move their data back to their home country, it's essential to consider wallet solutions that support data repatriation without compromising security.

In conclusion, the geographical aspect of data storage and operation execution is crucial. Businesses must align their wallet solution choice with their data sovereignty priorities, regulatory requirements, and trust considerations.

Matching Wallet Capabilities with Business Needs

When it comes to integrating a wallet solution into a business ecosystem, one size doesn't fit all. The level of integration offered by wallet providers varies, and businesses must carefully assess their specific needs against the features provided. Here's a breakdown of some key integration aspects to consider:

Blockchain Gateway Provision: Some wallets necessitate that clients supply a blockchain gateway, technically an RPC URL with valid credentials if required, for blockchain interactions. This can be advantageous for clients already contracted with a gateway due to existing DApps. Others come with an in-built gateway, relieving the client from subscribing to another web3 service.

Key Management System (KMS) Integration: Surprisingly, not all “wallets” come with an integrated KMS. Some require clients to provide their own KMS solution or integrate with existing wallets like MetaMask. However, many wallet-as-a-service solutions do include an integrated KMS.

Notification Systems: Some wallet solutions might lack a notification system to alert users about transaction confirmations or incoming token events. This could be suitable for clients already subscribed to such a service for their existing DApps.

User Interface (UI) Offerings: Certain wallet solutions provide only a code library, leaving clients to develop their UIs. This approach can be compatible for businesses aiming for a fully integrated user experience, with the wallet seamlessly embedded in their web application.

Customizability and Branding: Some businesses might prioritize a wallet solution that allows for branding and UI customization to maintain a consistent brand identity.

Compatibility with Standard Libraries: Some wallets might not offer a signer compatible with standard blockchain libraries like ethers.js.

This can pose challenges for businesses that have previously developed wallet functionalities using these frameworks.

Multi-Chain Support: Some wallets are designed to support only a specific blockchain, while others offer multi-chain compatibility. Depending on a business's diversification strategy, this can be a crucial factor.

Scalability and Performance: As transaction volumes grow, the wallet's ability to handle increased loads without compromising performance becomes essential.

Support and Documentation: Comprehensive documentation and responsive support can significantly smoothen the integration process and address challenges promptly.

Existing User Base Integration: Some wallets seamlessly tie into a business's current user accounts, offering continuity and reducing adoption friction for existing users. Other wallets come with their own IAM and authentication service that require additional user registration steps.

Integration Manners: Backend vs. Frontend

When integrating wallet solutions, businesses typically face two primary approaches: backend integration and frontend-only integration.

Backend Integration with API Key

- Process: Clients subscribe to the wallet service and receive an API Key, which is essential for every interaction with the service.

- Security: The API Key is a sensitive piece of information. It can't be exposed in the frontend and must be securely stored in the backend.

- Implementation: Clients need to set up backend services or proxies to redirect user requests to the wallet provider. Additionally, frontend integration is necessary for user interaction.

- Consideration: This method is more common but can be more complex due to the dual integration requirement.

Frontend-Only Integration

- Process: Some wallets allow integration directly into the frontend, identifying users based on authentication data from the client.

- Security: With the wallet provider recognizing the public identity from the client's IAM, there's no need for an API Key, eliminating a potential vulnerability.

- Implementation: Direct integration into the frontend simplifies the process, with no backend adjustments needed.

- Consideration: This approach is not only time-saving but also maintains robust security standards, following conventional user authentication protocols.

Wallets without the need for API Keys offer a streamlined integration process, making them a favorable choice for businesses seeking efficiency without compromising on security.

Supported Platform

When considering a Wallet as a Service (WaaS) for your application, it's essential to select one that aligns with the platforms you're targeting. Each WaaS may offer different levels of support for various environments, so here's what to keep in mind for each platform:

Mobile Apps: If your application is mobile-centric, ensure the WaaS provides robust SDKs for iOS and Android or a cross-platform framework such as Flutter. This will enable seamless integration with your mobile app's architecture and provide a native user experience.

Web Applications: For web-based projects, the WaaS should offer support for the front-end and, if required, back-end technologies you're using. Whether it's JavaScript libraries compatible with React, Angular, Vue.js, or back-end support for languages like Node.js, Ruby, or Python, compatibility is key.

Game Engines: Game developers should look for WaaS providers that offer integration with game engines such as Unity or Unreal Engine. This enables the incorporation of blockchain elements directly into the gaming experience.

Heavy Clients: For desktop or standalone applications, the WaaS needs to provide compatible libraries or APIs that work with your chosen desktop application framework, ensuring that your heavy client can interact with blockchain services effectively.

In summary, your choice of WaaS should be dictated by the platforms you use. It's not necessary for a WaaS to support all platforms, but it must support the ones critical to your project. This ensures that your application can leverage the wallet services effectively, providing a secure and seamless experience for your users.

Programming Language

When integrating a Wallet as a Service (WaaS) into your application, especially for backend integrated solutions, it's essential to consider the programming languages and technologies your application uses. A WaaS that offers native support for your application's stack will ensure a smoother integration, allowing developers to work within a familiar environment and leverage existing codebases. This compatibility is key not only for the initial setup but also for ongoing maintenance, performance optimization, and effective support. Choosing a WaaS that aligns with your technology stack is as much about the seamless operation of the wallet service as it is about the features it provides.

Conclusion: Bringing It All Together

As we conclude our series, it's evident that choosing the right blockchain wallet for your business is a multifaceted decision. From prioritizing user experience to understanding the depths of security, and from navigating legal terrains to seamless integration, every aspect plays a crucial role. While the journey might seem intricate, armed with the knowledge from this series, businesses are better positioned to make informed choices. Remember, the right wallet solution not only safeguards assets, but also aligns with your business's vision and growth trajectory. As the blockchain landscape continues to evolve, staying informed and adaptable will be the keys to success.

arrow_back
Back to blog
Security & Wallets - Part 2.c : Account Management & Security Assessments
Kei Brousmiche
Kei Brousmiche
Security & Wallets - Part 2.c : Account Management & Security Assessments
November 28, 2023
Security & Wallets - Part 2.b : Security Layers and Authentication
Kei Brousmiche
Kei Brousmiche
Security & Wallets - Part 2.b : Security Layers and Authentication
November 28, 2023
Security & Wallets - Part 2.a : Key Management Architectures
Kei Brousmiche
Kei Brousmiche
Security & Wallets - Part 2.a : Key Management Architectures
November 7, 2023

Get started with Eniblock today.

Eniblock delivers top-tier developer tools, resources, and support, empowering you to create and scale any Web3 product seamlessly.

Get started today
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept