Quick take
- KYC is a risk to consumers as personal data is centrally stored
- Recent data breaches exposed personal information of millions of customers
- Regulators need to think about a more secure and reliable approach to KYC
KYC, or ‘know your customer‘, is a common practice in the financial industry that requires companies to verify the identity of their customers before providing services. While the intention of KYC may be to prevent money laundering and other illicit activities, the practice has been shown to put users at risk as their personal data is centrally stored and regularly ends up on the deep web for sale.
The title “KYC is the illicit activity” refers to the fact that, while the practice is intended to prevent illegal activities, it is often the cause of data breaches that put users at risk. Companies that collect and store personal information on their customers are prime targets for hackers, who can steal this information and sell it on the dark web. This is a growing concern as more and more companies are requiring customers to provide personal information in order to use their services.
Recent data breaches such as Receivables Performance Management, which exposed 3.7 million customers, Elephant Insurance Services, which exposed 2.7 million consumers, Flagstar Bank, which exposed 1.5 million customers, and Lakeview Loan Servicing, which exposed 2.5 million customers, have highlighted the dangers of KYC.
In these breaches, hackers were able to steal personal information from millions of customers, including addresses, birthdates, and even passport information. This information can then be used for identity theft and other illegal activities.
Not long ago, data including phone numbers and email addresses of 400 million Twitter users was found for sale on the web.
The collection and storage of personal information by companies puts users at risk of identity theft and fraud. Criminals can use this information to open bank accounts, apply for credit cards, and even take out loans in the victim’s name. This can have a devastating impact on the victim’s credit score and can take years to rectify.
The hack of the french ledger hardware wallet manufacturer’s e-commerce database resulted in an ongoing wave of phishing attacks. Customers who had purchased a ledger wallet in their past had their shipping address information and email address compromised. The hackers sent out emails in the local language while Ledger didn’t send warnings in the local language. Thousands of Bitcoins were stolen in the aftermath of the hack.
Hacks like these are examples why storing personal data online is a bad idea in general. However, the worst idea is to centrally store a large number of personal data. The more data is centrally stored, the more attractive it becomes for hackers.
KYC regulations force providers to collect and store the most personal information of users in a central manner. It’s a privacy nightmare and puts all customers at risk all the time.
KYC is not only dangerous but also it’s not a reliable method to prevent money laundering or fraud, as criminals can easily use false identities to bypass these checks.
The centralized storage of personal information in a single location massively increases the risk of data breaches, which can result in the loss of sensitive information for millions of customers. This highlights the need for regulators to re-evaluate their approach to KYC and to find more secure and reliable methods to prevent illicit activities.
In summary, KYC is a practice that is intended to prevent money laundering and other illegal activities, but it has been shown to put users at risk. The centralized storage of personal information makes companies a prime target for hackers, who can steal this information and sell it on the dark web. Recent data breaches have exposed the personal information of millions of customers, highlighting the need for a more secure and reliable approach to KYC.
