What happens to Verification documents on Exchanges?

[BittBurger]

I made the stupid mistake of scanning in my brand new US Passport, in full color, high resolution because Bitstamp says thats all they will accept (i didnt have my drivers license on me at the time).

Then realized after the fact that you should *never* let your passport out of your sight, let alone upload it to some website on another continent.

Identity theft anyone?

Ever wonder how Jason Bourne had 15 passports in his safety deposit box? 

What happens to our sensitive personal docs after verification ?  Does bitstamp at least state they will discard of it?  I couldn't find anything on the matter.

[1715027637]

1715027637

[1715027637]

1715027637

[1715027637]

1715027637

[1715027637]

1715027637

[empoweoqwj]

Of course they can't discard it. They have to keep all documentation to prove to law enforcement agencies they are complying with all anti-money laundering regulations. If they discarded the documents, what would be the point of asking for them in the first place?

[QuestionAuthority]

Here's their policy on AML.

ANTI-MONEY LAUNDERING (AML) POLICY:The Bitstamp AML Policy is designed to prevent money laundering by meeting the UK AML legislation obligations including the need to have adequate systems and controls in place to mitigate the risk of the firm being used to facilitate financial crime. This AML Policy sets out the minimum standards which must be complied with and includes:
The appointment of a Money Laundering Reporting Officer (MLRO) who has sufficient level of seniority and independence and who has responsibility for oversight of compliance with relevant legislation, regulations, rules and industry guidance;
Establishing and maintaining a Risk Based Approach (RBA) towards assessing and managing the money laundering and terrorist financing risks to the company;
Establishing and maintaining risk-based customer due diligence, identification, verification and know your customer (KYC) procedures, including enhanced due diligence for those customers presenting higher risk, such as Politically Exposed Persons (PEPs);
Establishing and maintaining risk based systems and procedures to monitor on-going customer activity;
Procedures for reporting suspicious activity internally and to the relevant law enforcement authorities as appropriate;
The maintenance of appropriate records for the minimum prescribed periods;
Training and awareness for all relevant employees

Hey at least they're not located in jackoffistan, or kockupagrad, russia.

[ginbank]

Data is never safe.

I have something to add here though. Be careful uploading or giving your trading partners ID that shows your residential address. I had a visitor at my house already after someone I traded with was unhappy with the development of the exchange rate after the deal :/

[TheFootMan]

I made the stupid mistake of scanning in my brand new US Passport, in full color, high resolution because Bitstamp says thats all they will accept (i didnt have my drivers license on me at the time).

Then realized after the fact that you should *never* let your passport out of your sight, let alone upload it to some website on another continent.

Identity theft anyone?

Ever wonder how Jason Bourne had 15 passports in his safety deposit box? 

What happens to our sensitive personal docs after verification ?  Does bitstamp at least state they will discard of it?  I couldn't find anything on the matter.

As mentioned earlier, data is never safe - unless the business in question go to lengths about securing it. For example, there's no need for systems that holds identity papers to be online. These should be offline. And of course, once you give away copies of your identity papers, then it could always be misused. You have to trust the exchange not to misuse your scans. What you could do, is to black out sensitive parts of the documents, if the business allow this. And also, it's possible to water-mark a document, which is not visible to the verification drone that is checking your scans. That way, you'd know where the leakage was in the event of identity theft.

But it's true what you say, this really poses a great risk in the digital world, and perhaps it would've been better if there was one major company doing the verification, like say digicert, and then all other companies trusting certificates given from this company which they only release after having verified your id.

Ideally I think the way it should work was that a verification company had offices where you could go and show your ID, and no copy would be taken, but you were given a digital certificate that you could give to anyone so you could prove your ID. Well - such a certificate could be stolen, but the same thing could be said about ID's. I'm sure there's a lot of fake ID's floating around and to be sold at various marketplaces.

And naturally, the more places you upload your ID to, the higher the risk of fraud. Imagine someone stealing the entire database of a company containing all these ID documents.

Of course, if you wanted to offload the risk from yourself, you could always get someone others ID, but that would of course be highly illegal, and would cause problems in and off itself if you ever got caught doing it.

So, yeah - really - this is a problem giving up ID to all kinds of weird online companies. It's always wise to do dd and make a risk assesment, to see if this is a company you want to deal with or not.

I would rather trust a well established company, than some shady outfit in a strange sounding country.

[empoweoqwj]

I made the stupid mistake of scanning in my brand new US Passport, in full color, high resolution because Bitstamp says thats all they will accept (i didnt have my drivers license on me at the time).

Then realized after the fact that you should *never* let your passport out of your sight, let alone upload it to some website on another continent.

Identity theft anyone?

Ever wonder how Jason Bourne had 15 passports in his safety deposit box? 

What happens to our sensitive personal docs after verification ?  Does bitstamp at least state they will discard of it?  I couldn't find anything on the matter.

As mentioned earlier, data is never safe - unless the business in question go to lengths about securing it. For example, there's no need for systems that holds identity papers to be online. These should be offline. And of course, once you give away copies of your identity papers, then it could always be misused. You have to trust the exchange not to misuse your scans. What you could do, is to black out sensitive parts of the documents, if the business allow this. And also, it's possible to water-mark a document, which is not visible to the verification drone that is checking your scans. That way, you'd know where the leakage was in the event of identity theft.

But it's true what you say, this really poses a great risk in the digital world, and perhaps it would've been better if there was one major company doing the verification, like say digicert, and then all other companies trusting certificates given from this company which they only release after having verified your id.

Ideally I think the way it should work was that a verification company had offices where you could go and show your ID, and no copy would be taken, but you were given a digital certificate that you could give to anyone so you could prove your ID. Well - such a certificate could be stolen, but the same thing could be said about ID's. I'm sure there's a lot of fake ID's floating around and to be sold at various marketplaces.

And naturally, the more places you upload your ID to, the higher the risk of fraud. Imagine someone stealing the entire database of a company containing all these ID documents.

Of course, if you wanted to offload the risk from yourself, you could always get someone others ID, but that would of course be highly illegal, and would cause problems in and off itself if you ever got caught doing it.

So, yeah - really - this is a problem giving up ID to all kinds of weird online companies. It's always wise to do dd and make a risk assesment, to see if this is a company you want to deal with or not.

I would rather trust a well established company, than some shady outfit in a strange sounding country.

The country sounds strange to you, but perfectly normal to the citizens of that country. Are you saying US companies are inherently more trustworthy than those ... elsewhere? Good luck finding a bitcoin trading platform based in the States, shady or not 

[TheFootMan]

The country sounds strange to you, but perfectly normal to the citizens of that country. Are you saying US companies are inherently more trustworthy than those ... elsewhere? Good luck finding a bitcoin trading platform based in the States, shady or not 

You cheery pick and assume something.

Well, would you rather trust an exchange based in Germany, or one in Nigeria or Somalia? The last being classified as shady or as strange. Not all jurisdictions are equally safe.

I'm not a citizen of the US, and I don't assume US companies are more trustworthy than anyone else, I don't know where you got that idea from.

If you want to have a fruitful and constructive discussion, then ask your fellow bitcoiners to elaborate if something is unclear for you. Don't assume they have a certain view point without asking for clarification. A lot of us do not have english as the first language.

[empoweoqwj]

The country sounds strange to you, but perfectly normal to the citizens of that country. Are you saying US companies are inherently more trustworthy than those ... elsewhere? Good luck finding a bitcoin trading platform based in the States, shady or not 

You cheery pick and assume something.

Well, would you rather trust an exchange based in Germany, or one in Nigeria or Somalia? The last being classified as shady or as strange. Not all jurisdictions are equally safe.

I'm not a citizen of the US, and I don't assume US companies are more trustworthy than anyone else, I don't know where you got that idea from.

If you want to have a fruitful and constructive discussion, then ask your fellow bitcoiners to elaborate if something is unclear for you. Don't assume they have a certain view point without asking for clarification. A lot of us do not have english as the first language.

I was making exactly the same point as you. Clearly English isn't your first language .....