|
|
|
|
|
|
by emdowling
1827 days ago
|
|
|
You've nailed the complexity of this. On privacy, people are rightfully spooked about this for all the reasons you've mentioned. On safety, people are really happy about these initiatives as accounts backed by user identity are less likely to be used for harm. On security, leaks of these databases create issues to other sites and companies (eg: if Company X is compromised, then identity documents could be used to disable/bypass 2FA for Bank Y). To make it even more complicated, regulators often hold contradictory views. They want to see increased safety, but in the same breath will announce actions against companies for violating privacy. This is a super-difficult balance to strike. Specifically for Stripe, I trust them. So if I see that a new start-up is using them rather than rolling their own solution, that increases my trust. But it means there is now a big giant server in the cloud with millions (billions?) of identity documents that is worth a lot of money for hackers. |
|
|
Note that Stripe allows their customers access to the "captured images of the ID document, selfies, extracted data from the ID document, keyed-in information"[1]. So you still have to trust any company using Stripe not to download, store, and later leak your personal information, and you also have to trust them not to let their Stripe API token be compromised and exploited by identity thieves.
[1] https://support.stripe.com/questions/managing-your-id-verifi...