CEX.IO may use your personal (user) information for unclear purposes

[zebk]

The CEX.IO may use your personal data (ID card, proof of residence, bank account) for unclear purposes (eg. scam approaches and identity theft)

Bellow it is written the email message send 25-Mar-2016 by a CEX.IO user:

---------------- start message send ----------------

Dear CEX.IO Manager

This is a complaint regarding the procedure done about my ID validation.

The reply that I received from your company was “Compliance officer's
comments: DO NOT USE IMAGE EDITORS! To proceed with the verification of
your account, we kindly ask you: 1) To provide us with scan or photo of
both sides of your ID in higher quality and in color; please note - all
information must be clearly visible, do not use image editors. (…)”

With the aim of showing that method of analyze is wrong I will comment
only the ID card topic.

a) it is not true that documents have low quality. They are high quality
scan of original documents and all information is readable.

b) Cex.IO wrote: “Do not use image editors”; I used image editor to
write all over A4 page “send to cex.io, for identity verification” using
a semi-transparent font. All information can be readable and there isn’t
any information destroyed with the words written by me.

c) There is no reason why your company request color copies of original
documents; a black and white (non color) copy is accepted in any place.

d) It is very strange that CEX.IO request color copies of ID card and
other personal documents and those copies cannot have security words as
“send to cex.io, for identity verification”, suggesting that CEX.IO
intends to use this information for unclear (and illegal) purposes.

From the internet it is known that these approaches (copy of ID cards,
proof of residence, bank account; all in color; without security words)
can be used to scam approaches and identity theft.

To ending this complaint, it is recommended that CEX.IO review their
procedures and start applying the validation methods used by most
European companies.

---------------- end message send ----------------

and the reply was:

---------------- start reply received ----------------

S. F. (CEX.IO), Mar 25, 09:08

Dear xxxxx,

I can not affect on a compliance decision, please follow his instructions

Best regards

S. F.
---------------- end reply received ----------------

This suggests that CEX.IO can use the personal information to scam approaches and identity theft.


Note: original copy of emails and document sent do CEX.IO are available under request.

[mcb1221]

Most of the sites are these days taking Identification details for security purposes but if the details goes in wrong hand much loss can be happened to user. on the other hand sites taken IDs to identify users that if they are no thief.
Just read somewhere that a guy had 32 BTC over his circle wallet and after some time he was arrested for cyber crime and all money (BTC) got freezed by circle because they have known that this user is thief and took whole sum.