[echopom]

It's unfortunate , I'm an Enterprise Architect in Banking and honestly I wouldn't have let that feature go in production.

Businesses that do not have a legitimate reason to view my sensitive document like Passport , should not be allowed to do so.

Only authorized institutions like Licensed Payment Institution / Banks / Insurances etc... should be allowed to do so and AFTER they've been approved.

It's sad because you can tell right away that this will we be abused by Stripe's customers inadvertently. Just like Uber "God View" thats you view any customer ride...

Pretty sure the amount of "Identity Theft" or "Privacy" Scandal is going to explode with such technology available for everyone.

I don't know how a product manager at stripe could tell himself that "Yes , it make sense to give access to sensitive documents" in an age where people are seeking more privacy.

[ROARosen]

> Businesses that do not have a legitimate reason to view my sensitive document like Passport , should not be allowed to do so.

I get parent comment's totally legitimate security concerns. And businesses that have no business having my identity should surely not be asking for it. But I don't honestly understand how this has anything to do with Stripe. These businesses (which for whatever reason are asking for ID verification before doing business with you) are just using Stripes API to verify identity instead of just taking your info themselves.

Any customer giving their information presumably knows they are giving said business their identity documents, the customers might not even know that the business is using Stripe's API.

Furthermore, Stripe is ostensibly coming in here to streamline the process for business taking identity info from customers. Why - in your opinion - is it worse for consumers when these-type businesses (which ask for identity), use their own-rolled id verification than using Stripe's?

[echopom]

> Why - in your opinion - is it worse for consumers when these-type businesses (which ask for identity), use their own-rolled id verification than using Stripe's?

The point isn't so much using third party , we use a third party on prem.

My point is very simple : Why on earth would you let discord view my passport ? JUST WHY ?!

Those documents are very sensitive and no one should have access to them unless they have a VERY good reason to do so. PCI DSS treat "card information" like hot lava, the same model should have applied here.

Stripe should have acted as a "Trusted Party" and securely store those documents without giving access to it but just let you extract the information from it.

Thus you would been able to have uniquely identified user , backed up by government id , but you can't get access to the documents and sensitive data should have been redacted .... just like Card Number...

Again unless you are a Fintech / Financial Instituion , with a VALID in effect license , you should not have access to those documents.

[ROARosen]

I totally agree. Businesses should not legally be allowed to access more information than they need. Like why do hospitals ask for my Social Security number? I know I can refuse it, but if they really don't need it shouldn't it be illegal for them to needlessly probe my identity?

And the list goes on...

[derefr]

If you've ever been carded at a bar/liquor store in a foreign country, then that random small business has seen your passport, no? How do you feel about that?

[supernovae]

Being human to human, unless they're wearing tech that would allow them to scan/archive it, normally they just verify (eyeball it) and you get it back.

Here, with this system, they could verify and keep the data regardless of what I think is going on.

[derefr]

If you can't assume that a website you upload a scan of your ID to isn't capturing details about it, then you can't assume that a bouncer checking your ID isn't wearing a surreptitious HMD, no? In both cases, you're submitting your PII to an unknown process that seems like it should be safe, but with no previous experience or brand-image there to tell you whether there's actually any proof that it's safe.

[jlokier]

That's a silly stretch. It's vastly more likely that a website fetching copies of a passport image is leaking copies or leaving the files where it shouldn't by accident and has the data exfiltrated by third party identity thieves, compared with a bouncer having a secret scan-quality camera installed by identity thieves without the bouncer noticing.

[tracedddd]

Presumably they aren’t taking photographs of the passport and viewing them at some later date from personal computers.

[KptMarchewa]

In EU, you don't hand over ID/passport like credit card in US. You show it while keeping it in your hand. Second party can verify your age, while being unable to copy stuff like machine readable zone.

[marzell]

You seem to be contradicting yourself. Businesses are asking for Stripe to verify identity. These businesses just need verification, not copies of documents, but Stripe makes them available anyway. That's the whole contention.

As a consumer, I would expect Stripe would do the verification and give the business partner the result, but not all the data they used to get the results themselves.

[tevonsb96]

I actually disagree with this as well. The Hacker News user is not the average user. The average user has no idea what Stripe is, they assume that the business requesting a verification will have access to anything they submit.

I know this because we use Stripe Identity ourselves (in beta) and user's have no idea that Stripe and us are different companies.

[logifail]

> user's have no idea that Stripe and us are different companies.

Doesn't that imply that if there's a security breach at Stripe, that your users will blame you [too]

[booi]

That seems right. Businesses aren't islands, they work with other businesses to provide their services. But you as a business have an issue with a vendor/supplier, that's still on you. If McDonalds can't get fries, I don't blame farmer X for a failed harvest, I blame McDonalds for a fragile supply chain.

[bifrost]

We should figure out who McDonalds' ice cream machine maker is and ask them why their product keeps breaking down.

[wdb]

As a person that still is trying to recover from identity fraud that happened many years ago. I am always very weary of companies that demand ID papers. Most of the time I will avoid them.

Most companies aren't even supposed to ask for identity papers is Stripe verifying with the passport issuer whether the country allows given their passport to some identity?

I think there should be some sort of consent system built in were when the API consumer wants to download a passport the customer gets an email with the question if they consent in them fetching a copy.

[OJFord]

But, also as an Enterprise Architect in Banking, if you were considering Stripe Identity wouldn't you rely on it for KYC compliance? You can't just say Oh we outsource that to a third-party called Stripe, can you?

[echopom]

That's not my point , here my point is very clear and straightforward.

Some people at Discord now have access at the pictures of my Passport that I uploaded during the verification process because they use "Stripe Identity".

The FAQ is very clear , Stripe give you full access to those documents. It should NEVER do so.

Now the very smart people have Discord have access to my passport they can now take a 50K Loan using my documents and face-check video , social security and some fake income documents.

They can also destroy my entire life because I maintain a political blog with views they don't really like that they consider "hate speech". These are exaggerated examples , but you get the idea.

I'm concerned by this , because more and more startups are going to use it to increase the value of their userbase to reduce fraud and look more attractive for their planned exit.

In the meantime, people having access to my personal documents is going to go exponential...

Again , I'm an Architect in Banking we have 500+ Partners selling Loan for us , they have NEVER access to your documents / personal data. They can only tell if the document has been approved , income range and some basic information. You don't know what they are going to do those sensitive documents / info , even if you have contractual agreement with them.

Banking industry has had a very simple rule that everyone has been following for decade : DON'T TRUST THIRD PARTY. Stripe has decided to do otherwise I guess and I'm pretty scared about it.

Stripe Identity seems like Identity Theft as a Service.

[mLuby]

> DON'T TRUST THIRD PARTY

This is a good policy when ALL first parties meet a certain (regulatory) bar. For banks, I assume that bar is "don't become insolvent" and more recently "don't lend money to terrorists."

The problem is that, as we've seen from the countless hacks in recent years, the first parties are NOT all meeting the bar when it comes to security, namely "don't leak (or abuse) users' private personal info."

And that's unfortunate, because a lot of the time, all a company really needs to know is a "does the registered account correspond (uniquely) to a real human (with certain legal characteristics)." Sometimes they need to know for compliance reasons ("our users are adults" or "aren't terrorists") and other times for uniqueness/fraud reasons ("We want to reduce spam accounts" or "we're paying users $10 to sign up and so need to make sure users aren't signing up multiple times.") It'd be great to be able to answer those questions without having to protect all that personal data that goes into answering it, similar to credit cards.

But your main point stands: if Stripe is allowing companies access to the collected data, then from a security point of view it's little better than having the companies collect and store it themselves. Hopefully Stripe explains their reasoning, or even better, course-corrects early in this launch.

[OJFord]

I know it's not your point, but it's mine.

Why would you upload a copy of your passport to Discord, via a third-party or not? The issue here is just trusting people you shouldn't be trusting with things you shouldn't be trusting them with.

The alternative isn't WhizzBangApp doesn't request you upload documents, the alternative is they roll their own WhizBang ID service, or use a Stripe Identity competitor.

I know my bank needs to verify my driving licence or whatever, and I tr.. well banks are heavily regulated anyway, so I'm happy to upload it without caring whether they use Stripe Identity or their own or whatever.

I know Discord has no business with my passport or whatever, so they're not getting it whatever they use under the hood.

[toomuchtodo]

It is entirely fair to have to provide KYC documents for a service you need or desire to use but have the digital artifacts usage governed and access limited.

I let my Congressperson know policy is needed about online identity service providers needing better governance over identity data, as businesses aren’t going to do it voluntarily unless the law requires. This should probably be overseen by the CFPB, even though identity is a bit of a walk from finance (while Stripe is still primarily a financial services provider).

[ridruejo]

My take is that if you need it, Stripe will be better and more secure than rolling your own

[noizejoy]

More data concentration makes for a more worthwhile target, thus wiping out at least some of the potential upside. The net effect may very well be negative.

Given the regular stream of extremely large data leaks even from providers who should have size, motivation and competency to protect that data, I find it incredibly hard to believe anyone who tries to assure me, that they won't be breached.