[dcow]

I'm not sure you understand. When a business needs your ID to do business, they ask you for it and store it in their infrastructure. This already happens today. Nothing Stripe is doing necessarily changes this. Stripe is simply providing a streamlined mechanism by which business can fulfill their KYC requirements and obtain this information. And now they have the choice to continue to store it in their infrastructure or look it up via the API as needed. If somebody breaches WellsFargo and dumps all the identity info of their customers, clearly Wells Fargo is at fault. Nobody will care if the entry form where they put their info in when they signed up for a bank account was hosted by Stripe and white labeled by Wells Fargo, or if there was a permission box that popped up from Stripe asking if you'd like to allow Wells Fargo access to your info, or if it was simply hosted by Wells Fargo. I don't see the problem here.

[unityByFreedom]

I get it. No need to say I don't. Streamlined means more companies will ask you for such identification. Eventually stripe will be part of a news story about a data leak. I imagine they've already factored this in and decided it's worth it, due to requests they've been getting from customers. Essentially, if they don't do it, someone else will. Personally I think they should let someone else do it, or break it into another company, but that's not my call.

[Rastonbury]

I disagree a bit on this. Looking at previous data breaches, when something like an s3 bucket gets hacked, the news is not going to be about on how Amazon is responsible for company X's data breach but on how company X's servers got hacked. Stripe, like AWS, is the infrastructure, the onus is on a company to ensure their infrastructure security as it can be an existential risk. A philosophy of Stripe's is that that they succeed when their customers succeed, I'd like to think that they have a shared interest in try to prevent their customers being breached as much as possible.

[unityByFreedom]

You may be right about how breaches are received in the news by people. It may depend on how they roll it out. I'm sure Stripe will do their best to help clients secure their customers' data. At the end of the day, though, it seems inevitable that breaches will occur.