Comment by locknitpicker
9 days ago
> I was signing up for Hetzner years ago and it asked me to upload my passport to use their service.
I don't really understand what bothers you so much about providing a photo of a "passport" (if you are an European citizen they require a ID card) but credit card info didn't registered as a concern worth noting. Can you explain what is the difference?
Credit card is a largely fixed risk of financial loss, with some legal safeguards for recovery, and the ability to get a replacement card with a different number. Passport carries an open long-term risk of impersonation and you can't just get a new passport because some company has a copy. Just the financial side of that risk can have much greater impact. Unless a company has a legal requirement to "know your customer", e.g. a financial institution, this is a red flag.
> Unless a company has a legal requirement to "know your customer", e.g. a financial institution, this is a red flag.
Germany also has legal KYC requirements for web hosting and most other things relating to telecommunications.
And if those requirements include the need to supply passport information, that's a reason not to host in Germany.
1 reply →
Couldn’t have put it better myself. Even with payment processors, most they ask for is SSN and business EIN.
When I read about the WireCard scandal, the KYC stuff sent to them over the years is probably in the hands of foreign intelligence already. That’s what gave me pause.
> Credit card is a largely fixed risk of financial loss, (...)
This belief is deeply misguided. Do you understand that credit card transactions are used to provide access to your personal information?
Some companies even employ small token charges as identity verification processes. Payment systems such as MasterCard even explocitly offer identity verification services built around their payment system.
https://www.mastercard.com/global/en/business/cybersecurity-...
But a photo of your id card with your mobile camera is where you draw the line?
I'm a Hetzner user in the US, but I pay for it with PayPal and was never asked to give my passport or identity. Americans are very rarely asked for these documents online, and even then it's typically only for government or financial services. It's also drilled into us that this info can be used for identity theft, so it's only natural to be wary of any non-government entity asking for them.
FWIW, if Hetzner had asked for my passport when I signed up, I would not have given it either.
When many sites are collecting these photos, it increases possibility of them leaking. Since these are also used for KYC process in crypto sites etc, this in turn increases risk of identity theft.
If there isn't a difference shouldn't my credit card be enough?
In Germany, Credit Cards are a relatively new development and not that common (especially for business transactions). Instead you usually pay post-facto with direct debit. But that of course requires that you verify your customers ahead of time, which is why processes are built around verifying identity first. (and with web hosting, KYC laws also come into play)