• infeeeee@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    What exactly is a KYC selfie? Is it a photo of an ID card? I figured out WUI is WebUI. The author uses some strange acronyms I never heard before.

    It’s very American that they can steal your identity with just one photo. My European state issued ID has data on both sides, so if someone would take a photo of it won’t be enough for anything. Also if you loose it you just get a new one and noone can use the old one for anything.

    • Rentlar@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      KYC is Business/Finance lingo - “Know Your Client”.

      Yeah the fact that exposing one number/piece of information puts you at risk to a significant amount of other information about you being exposed is peak USA.

    • maltfield@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      8 months ago

      Author here. A “KYC Selfie” is a selfie photo where you hold-up a State-issued photo-identity document next to your face. This is not a US-specific thing; it’s also used in the EU.

      I used to work for a bank in Europe where we used KYC seflies for authentication of customers opening new accounts (or recovering accounts from lost credentials), including European customers. Most KYC Selfies are taken with a passport (where all the information is on one-side), but if your ID has data on both sides then the entity asking you for the KYC seflie may require you to take two photos: showing both sides.

      Some countries in the EU have cryptographic authentication with eIDs. The example I linked-to in the article is Estonia, who has made auth-by-State-issued-private-key mandatory for over a decade. Currently MEPs are deciding on an eID standard, which is targeting making eIDs a requirement for all EU Member States by 2016.

      I recommend the Please Identify Yourself! talk at 37c3 about the state of eID legislation as of Dec 2023 (and how to learn from India, who did eID horribly wrong):

    • jqubed@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      KYC = Know Your Customer, a team I just learned recently. It’s primarily related to financial transactions, to make crimes like money laundering or terrorism financing harder. Up until relatively recently this was something that primarily happened face-to-face, and it doesn’t seem like good controls have been developed for online use.

      I think some ID cards are single-sided, some are double-sided. One of the big problems is most Americans only have a state-issued ID, not a federal one, and the standards vary from state to state. They’ve tried to address this some with minimum standards for state IDs (mainly driver’s licenses) under a program called Real ID (enacted after 9/11 hijackers got state-issued IDs for false identities), but it was still optional for certain purposes, at least until recently. In my state for a long time when renewing your driver’s license it was optional to do the extra paperwork for a Real ID, but then there would be a note on the top that it was not valid for federal identification purposes, such as accessing certain government facilities or boarding an airplane. Since I have a passport I’ve never bothered with it, but it looks like this year getting a Real ID is mandatory when getting or renewing a driver’s license in my state.

    • lone_faerie@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      KYC is “Know Your Customer” aka identity verification. Usually it would be something like a selfie of you holding your ID, proving you are the person on the card. If you think getting your identity stolen from one picture is bad, wait until you learn about social security numbers. It’s a 9 digit number based on publicly available information about you that is incredibly easy to figure out, and are used as like the defacto way of verifying your identity in the US, when that was never its intended purpose.