TakeawaysCryptocurrencies opened the door to low cost, decentralized financial products that would have been hard to imagine a decade ago. For crypto users who want to spend their crypto in the real world, a non KYC crypto card can seem like the silver bullet, but in practice, it is more like a ticking time bomb that tends to suddenly explode. As you’re about to see, this is because regulators struggle to create clear rules for them, so they play it safe and ban that kind of card altogether. Why doesn’t Plasbit offer a non KYC crypto card? We’re registered as an MSB and VASP, so regulators require us to verify every user before we can provide our services, which means KYC is mandatory as part of our compliance requirements. We also use KYC to assess risk properly, identify individuals that are considered high risk, and apply tighter checks or restrictions to prevent money laundering and other financial crime on our platform. Also, the BIN sponsor and the issuing bank that run the Visa or Mastercard card program must verify every cardholder’s identity and address before issuing a card, and if that verification isn’t done according to the compliance rules, the card program will be shut down.
My First Encounter With KYC
I remember the first time I opened a bank account and had to undergo KYC (know your customer). I was asked for a valid ID and a proof of address, such as a recent utility bill in my name. I provided both, and I successfully opened the account, but when I asked the bank teller what the purpose of asking for those two specific things was, she had no reply other than “it’s the law.” I wasn’t satisfied with that answer, so I kept asking questions to figure out which law exactly so that I can read it, to which she kept answering, “It’s the law” in an increasingly agitated voice. I had to drop the conversation entirely, with the entire scene reminding me of one iconic moment from the 1995 movie Judge Dredd.
Admittedly, Stallone was much less intimidating than the bank teller
In 2020, prompted by how various restrictions were invented on the spot to curb the COVID-19 pandemic, I started looking into how laws are made and enforced. It turns out that a law is just a framework, and how it’s enforced might have nothing to do with what’s written in it. When a legislative body creates a law, that serves as inspiration to those who hold positions of authority, such as government officials and CEOs of companies, to make their own internal rules, on the basis of which people under them can act. Some law said that banks must have proof of identity and proof of address for every customer, and someone, perhaps the director of my bank, wrote his own rules where he said that a bank teller must ask each customer for a valid ID and a recent utility bill before opening his account, and that’s what I was faced with. There doesn’t even need to be a law, and it’s enough that there is some kind of vague international agreement, and it will have the effect of a law just the same.
People who enforce a law don’t necessarily understand or care what the law is, and they just work to the best of their understanding on the basis of rules set by their superiors. The bank teller couldn’t tell me what the law was because she didn’t care to know, and if she had cared and if she had known, she would have been promoted to bank manager already. After I started working with PlasBit, I got the golden opportunity to ask everything I ever wanted to know about how banking works, and I finally discovered the purpose of KYC, which is linked to the biggest strength and the biggest weakness of the banking system.
Why Is a Non KYC Crypto Card Such a Big Problem?
The biggest strength of the banking system is that it grows in power the more users it has, but its biggest weakness is that a user with a bad reputation who joins the system destroys its reputation and makes everyone else abandon it. KYC is designed as a way to maintain the reputation and the integrity of the banking system by cross-checking the identity and the location of each user with one or more lists of identities and locations with a known bad reputation. Even if the user passes the initial KYC check when opening the account, he might trigger another KYC check if he makes a large deposit or if he accesses his account from an unusual location or under unusual circumstances. PlasBit has an internal rule to do a “liveliness check” in those cases, which means asking the user to send a short video where he holds a card with the current date to confirm that’s the actual owner trying to access the account.
A non KYC crypto card lets a user skip the identity and the location check and tap straight into the banking system to move the money around without any oversight, and that terrifies financial regulators to no end because it threatens the banking system and thus their livelihoods. Whenever the regulators get notified of a non KYC crypto card, they focus on ending it as soon as possible, making a non KYC crypto card a ticking time bomb. When it goes off, it will likely take down the issuing company and freeze the funds of all its users, including those who passed KYC and had no idea what was happening. The most recent examples of affected companies are UAB Monavate, a Lithuanian card issuer that was ordered to stop issuing cards to six of its partners, and Quicko, a Polish card issuer that lost its license because it failed to update its internal AML rules. The only way companies and users can avoid such problems is to keep their reputation squeaky clean and steer clear of a company that offers a non KYC crypto card and not send or receive any money or cryptocurrency to or from accounts at one such company.
AML in Theory
The bad guys are constantly trying to worm their way into the global banking system, and they’re quite ingenious at it. I recently wrote about the Sihanoukville pig butchering scam, which revealed to me that Cambodian human traffickers and cyber scammers established a legitimate casino that sponsored UK’s football team Aston Villa just to get the casino’s name on the team’s jerseys. The idea was to have Asian people who watch UK football broadcasts see the name, sign up for an account at the casino, and spend their money there so that it’s mixed with the scammers’ dirty money and which is thus laundered. The regulators are aware of those schemes and scams, but they can’t suddenly change the AML laws and rules because that would erode the public trust in the banking system. So, the AML laws and rules update slowly, but once they’re set, they never revert, which means that you can be using a new financial product, such as a non KYC crypto card, for quite a bit and have it suddenly taken away from you without any explanation when your national AML laws and rules update.
There is no escape from AML, unless you want to live in (squints) Papua New Guinea
We can trace the origins of AML all the way back to 1989, which is when an international financial advisory body called FATF (Financial Action Task Force) was created. FATF initially had no way to pressure countries into using reputable banking practices until the United Nations adopted the Palermo Convention on November 15, 2000, which proposed international cooperation to stop the trafficking of people and firearms and the smuggling of migrants. FATF currently has 40 members, one of which is the EU, and they coordinate on setting international banking standards through FATF’s 40 Recommendations that were first issued in 2012 and are reinterpreted on a regular basis, most recently in October 2025, and that apply to all participating countries, which is every country on the planet except Papua New Guinea. How AML is meant to work is that countries are supposed to create their own laws on the basis of Recommendations and banks are meant to create their own rules on the basis of those laws to scrutinize transactions and investigate accounts related to serious organized crime, but how that works in practice is truly mind-boggling.
AML in Practice
In Bosnia and Herzegovina, a personal banking account may only receive 30,000 BAM a year from non-government sources, which is about 1,250€ a month or 2.5 times the minimum monthly salary. I discovered this when one of my family members had his bank account frozen, and he had to deal with the tax authority after starting freelance work and earning various amounts that totaled over 30,000 BAM in a year. He wasn’t told what he did wrong, and there was no indication that he passed an invisible threshold, but I connected the dots after I saw that number appear in national news headlines and court cases related to charges of drug trafficking and money laundering.
Based on what I read in FATF’s documents, each country is allowed to assess its own financial risks and set a different threshold for freezing an account, which opens plenty of room for abuse. The 30,000 BAM threshold was probably intentionally set so low to be enough for a single man but not enough for a family, which coincidentally nudges a man who wants to start a family to bend the knee and get a job in the government, at which point he will be pressured to shut up and vote for incumbent politicians or get fired. Multiple transactions from the same sender within a 30-day period in any amount are apparently also an AML rules violation and will make the bank reroute all transactions after the first in such a way that they get gobbled up by transaction fees, which happened to me after receiving two small transactions in euros from the same Greek sender in the same month. I asked for an explanation of how the fees were calculated, but all I got were “it’s the law” type of answers and smirks.
In the USA, there is something called “structuring,” which means that a user who sends or receives a transaction with a noticeable pattern of numbers, such as $1,111.11 or $9,999, might get his account frozen under the suspicion of trying to parcel out a larger amount in order to avoid the AML threshold, which is apparently $10,000. I’ve read on internet forums that banks in Australia and other nanny states may block any transaction and freeze any funds associated with Pepe the Frog or any other meme or number deemed indicative of anarchists or internet culture in general. Therefore, you can freeze someone’s bank account in Bosnia and Herzegovina by sending him the equivalent of 30,000 BAM, or you can send someone in the US $9,999 to make him the target of money laundering investigations, or you can send someone in Australia any amount of funds and add a note “Pepe the Frog” to have the bank label him as an anarchist. Those are the AML rules I discovered so far, and you are free to ask your bank about its AML rules, but I think we both know what answer you’re going to get.
FATF Recommendations and the Crypto Travel Rule
In 1990, FATF published the first version of its 40 Recommendations aimed at curbing drug money laundering, and over the years, they were regularly updated to address current developments and events, such as the 9/11 terrorist attack. As of 2025, the FATF Recommendations document counts 152 pages, with the actual Recommendations taking some 20 pages and sounding harmless, such as Recommendation 16 saying that “countries should ensure that financial institutions monitor payments,” but they are followed by 100 pages of Interpretations that are filled to the brim with wordy definitions covering even the tiniest detail of every term. As someone who’s been writing professionally for 12 years, I’d say that, if your 20 pages of text require 100 pages of explanations, you might want to rewrite the text for clarity.
If you need to define “law” to this extent, maybe your audience is unfit to make laws
Each Recommendation covers a different aspect of banking, such as Recommendation 15 covering new technologies and Recommendation 16 covering payment transparency. Their wording is vague enough that they can be reinterpreted to cover any scenario imaginable, and in 2019, FATF did just that by reinterpreting those two Recommendations to cover VAs (virtual assets) and VASPs (virtual asset service providers). In 2021, FATF reported that only 45% of participating countries applied those two reinterpreted Recommendations to create their own KYC and AML laws and rules covering VAs and VASPs, which explains the non KYC crypto card situation. A crypto company discovers that AML laws and rules in a region still haven’t caught up to FATF’s Recommendations, the company launches a non KYC crypto card program, and it gets access to the traditional banking system, but as soon as the regulators discover it, they end the program and often the company with it.
The reinterpreted FATF Recommendation 16 is referred to as the “crypto travel rule” or just “travel rule,” but there is no such rule, and there is no point in trying to find the exact wording of it, despite FATF’s own Guidance document referring to it 46 times. Every country will make its own “travel rule,” but speaking in the broadest terms possible, it means that every cryptocurrency transaction has to be treated like a wire transfer and has to include the personal information of the sender and the recipient, meaning their personal information “travels” with the cryptocurrency. To make matters more confusing, there is already a “Travel Rule” established in the USA in 1996 through 31 CFR 103.33(g), but it only applies to US banks and transactions of $3,000 or more, and in the Guidance document, FATF sometimes refers to ‘travel rule’ and sometimes to travel rule. This shows how difficult it is to stay up-to-date with AML laws and rules, in part because they are a tangled web of definitions and references and in part because of how poorly FATF communicates with the public.
EU AML Directives (AMLD)
The European Union has been closely following FATF’s Recommendations, Interpretations, and Guidance with its own Directives that serve as mini-FATF documents for the purposes of “harmonization,” which I noticed is the favorite term of EU regulators. The idea behind EU Directives is that each EU member state has its own legal framework, so instead of the EU regulators forcing laws that would fit some but run counter to legal practices in other member states, they deliver Directives that suggest the desired outcome and let each member state make its own laws within a certain time frame to achieve “harmony.”
When you see a German politician smiling after a vote, brace yourself
The Directive most relevant to non KYC crypto cards is AMLD 5, which expanded the EU’s AML rules in the following ways:
- defined cryptocurrencies
- brought virtual currency exchanges and crypto wallet providers under AML obligations
- required public access to beneficial ownership registers for companies and certain trusts
- lowered the prepaid card transaction limit to 150€ when used physically and to 50€ when used online
- banned prepaid cards from non-EU countries unless they were AML compliant
- obliged art sellers to undergo AML reporting obligations when dealing in art worth 10,000€ or more, and that included people dealing in historical and cultural artifacts
EU member states were obliged to implement AMLD5 into their legal frameworks by January 2020, closing the gap between traditional finance and the digital economy, which played an important role in pushing non KYC crypto cards into illegality.
Anonymous Crypto Cards Do Exist, but They Get Shut Down Quickly
Companies can exploit various legal loopholes and launch experimental crypto card programs that don’t require KYC. Those programs can last weeks or months, and you might be able to use them for everyday purchases, but they can also disappear at a moment’s notice. Is there an anonymous crypto card that works? Yes, you’ll always find companies claiming they offer an anonymous crypto card, but a card that actually lasts doesn’t really exist because Visa and Mastercard require every cardholder to be verified through KYC and there’s no way to bypass that. Most “anonymous” crypto cards are really business cards issued through a KYB loophole where the company gets verified as a business and then issues cards to so-called employees, but in practice those cards get distributed to end users, and that is how they get around doing KYC on each person. The only legit anonymous crypto card options are usually low-limit prepaid cards or gift cards.
Is There a No KYC Virtual Crypto Card?
Virtual crypto cards are another interesting product based on cryptocurrencies. They exist only as a digital product, are typically funded in stablecoins, which removes the exchange rate fluctuation that is common with crypto, they hide the user’s identity from the merchant, and they use the traditional banking network to settle transactions. Some of these cards use Bitcoin, but they all require KYC. Can you get a no KYC virtual crypto card? No, a real no KYC virtual crypto card doesn’t exist, and the closest thing you can get is a prepaid card or a crypto gift card, which usually comes with low limits of around $1,000. You will still see companies offering “no KYC cards,” but most of them are using a KYB workaround by issuing business cards to “employees” instead of verifying each user, and once Visa or Mastercard flags the program, it gets shut down.
Non KYC Crypto Cards Will Eliminate Shady Companies
I soon closed my first bank account because I had little help from the bank regarding wire transfers, and I actually had to read Wikipedia articles on the IBAN and the SWIFT code to teach myself how they work. Even back then, I realized that my financial success is limited by who I partner with. That realization was confirmed after I started writing for PlasBit, where I heard that the lack of proper financial partners is a constant source of frustration. Many crypto companies tend to ignore warning signs and pursue instant profit by taking on unnecessary risks and experimenting with their card programs, with non KYC crypto cards being just the latest example. When they blow up, they cause widespread reputational damage and create uncertainty for their partners and customers, but that’s just another way how greedy, shady crypto companies eliminate themselves from the market. For users, the benefit is simple: KYC is the tradeoff for a crypto card that is stable, trustworthy, and built to last.
