I just tried requesting my information from one of the links provided in the article. As part of the process I had to upload an image of my government-issued ID. After that, I was told to expect an email confirmation link that I would have to click on before they could proceed. That was an hour ago and the email has not yet arrived.
I don't really have any reason to suspect that this is a scam, but I can't help but notice that if one were to set up a phishing site for government IDs the UX would likely be indistinguishable from what actually happened here.
To get this personal information, asking for government-issued ID gives them one more data point on you and reinforcement of identity. So a win for them as well I guess?
KYC is only to prevent banking fraud, i.e. money laundering. The SEC is the Securities and Exchange Comission, who govern banking, the trade of financial securities (stocks, bonds), etc.
These data brokers do not handle your money, and therefore do not need to "know their customers", i.e. have no legally mandated right to ask for your identification, at least according to this statute.
For one, I think it's super weird that they need a government issued document to know who I am, but are perfectly happy to sell my data, marketed as accurate, to third parties.
> They have to verify your identity somehow, or anyone could get at the data.
Yes, but the mere fact that I possess a photocopy of my drivers license does not prove that I'm me. That is manifestly true because they now possess a photocopy of my drivers license and they are not me.
Well, you don't have to give them a perfect copy of your DL. They now posses a heavily redacted and aggressively watermarked image of my driver's license that is unlikely to be of any use outside of this specific request.
[UPDATE] If the heavily redacted version was good enough to convince them that you are you, then it will almost certainly be enough for them to convince someone else that they are you should they choose to do.
Right. The redaction is to avoid giving them any information (no matter how seemingly useless) that I don't want to give them if they don't already have it (e.g. eye color, weight, etc).
The watermark is what (hopefully) limits the usefulness of the image, by stating when, who and why the image was furnished in a way that is relatively difficult to manipulate.
Identity thieves are masters of faking ID scans, their livelihood requires it. I have no doubt that an experienced person could get these reports on my behalf without me ever knowing.
It’s appalling to me how much we depend on easily photoshopped pictures to prove identity. I want a smart card photo ID in my country.
I don't really have any reason to suspect that this is a scam, but I can't help but notice that if one were to set up a phishing site for government IDs the UX would likely be indistinguishable from what actually happened here.