Are you guys ok with your service provider having access to your personal documents?

[manwithtoupe]

I know you should probably use a reputable company with lots of revenue at stake.

But what prevents a single, rogue employee from copying your documents to his/her personal laptop and opening accounts in your name?

Considering that some CSP's don't even use TLS, and that most have never heard about PGP encryption, what are the odds of their customer database having adequate encryption and auditing in place?

Realistically your documents are probably sitting unencrypted in someone's email inbox, protected by an easily crackable password and with no 2FA in place. How is this not a recipe for disaster?

 

[Tax Cow]

No, and you're precisely right.

I responded with similar concerns in this post

Approach the offshore service provider with an ID of a smurf, darks, or a proxy residency/citizenship to obfuscate where you live.

 

[JohnLocke]

That's why you only want to use real agency firms which actually may be a law firm or certified accountants in a reputable country. All these resellers that popped up the last years but thankfully are stopping again had all your documents. You won't know at this time who else has these docs!

 

[James Turner]

I agree it is a huge risk. Regulators provide lots of guidance/enforcement on what documents should be retained but have absolutely no concern for the way in which those confidential documents are stored. I think the only good point is that if an agent is operating in accordance with regulations you would hope they had also considered their client security. At least with regulatory control they are not likely to be fly by night.

 

[BlueMist]

That's why you only want to use real agency firms which actually may be a law firm or certified accountants in a reputable country. All these resellers that popped up the last years but thankfully are stopping again had all your documents. You won't know at this time who else has these docs!

Like Mossack Fonseca?

 

[JohnLocke]

Like Mossack Fonseca?

They are just one out of many. How many reseller's and Russian so Chinese providers of such services do you think have collected KYC documents and more to sell the information? I have no clue, but I think we would get a chock if we knew.

 

[BlueMist]

They are just one out of many. How many reseller's and Russian so Chinese providers of such services do you think have collected KYC documents and more to sell the information? I have no clue, but I think we would get a chock if we knew.

I don't know but what I know is that Mossack Fonseca was not "just one out of many", they were one of the most reputable, solid and expensive companies in the industry. They were one of the biggest offshore provider in the world.

 

[JohnLocke]

I have read the book, and still they are one out of more! It doesn't have to be many but there are more, rest assured.

mossfon was just an intelligent German with roots in the WWII Waffen SS which may have been pulling him through this dark side of the world, but to assume they are the only one is careless and naive.

 

[OTR365]

No, I am not OK with that, but what are the alternatives? Governments force KYC on people, but don't care about consequences. I don't see this changing in the foreseeable future.

Since 2013 I've been KYC'd in at least 10 bitcoin exchanges. Name, address, tel#, high-res passport scan etc. Many, if not most, of these exchanges have been hacked once or twice. When Mt. Gox was hacked, the hacker(s) got unencrypted documents. These guys can run a crypto exchange, but don't care to salt + encrypt a document. Even worse, the exchange BTC-E was already run by Russians with possible links to a hacker/intelligence group Fancy Bear.

Every hotel where you check in, photocopies your passport. Sometimes they want to know your address & phone number as well. They swipe your credit card, too . In some countries the same happens when exchanging money, or buying a SIM card. Some hotels, taxi companies etc. in Ukraine, Poland, Lithuania etc. sell your email to spammers afterward. Etc. etc.

 

[daxbr]

No, I am not OK with that, but what are the alternatives? Governments force KYC on people, but don't care about consequences. I don't see this changing in the foreseeable future.

Since 2013 I've been KYC'd in at least 10 bitcoin exchanges. Name, address, tel#, high-res passport scan etc. Many, if not most, of these exchanges have been hacked once or twice. When Mt. Gox was hacked, the hacker(s) got unencrypted documents. These guys can run a crypto exchange, but don't care to salt + encrypt a document. Even worse, the exchange BTC-E was already run by Russians with possible links to a hacker/intelligence group Fancy Bear.

Every hotel where you check in, photocopies your passport. Sometimes they want to know your address & phone number as well. They swipe your credit card, too . In some countries the same happens when exchanging money, or buying a SIM card. Some hotels, taxi companies etc. in Ukraine, Poland, Lithuania etc. sell your email to spammers afterward. Etc. etc.

Maybe you should have more "emails".

 

[JohnLocke]

Maybe you should have more "emails".

How would a email help you here when they have already a copy of your passport and credit card!??

 

[OTR365]

Maybe you should have more "emails".

Well, yes. I've given out my primary email only by accident. But travel enough, buy enough tickets/stuff online, and accidents happen.

- For address, I mostly use a P.O. Box.
- for email, a separate junk email(s)
- for payments, a virtual CC or cash

Even this does not protect fully against identity theft. That passport scan alone is very bad.

 

[daxbr]

How would a email help you here when they have already a copy of your passport and credit card!??

Well, yes. I've given out my primary email only by accident. But travel enough, buy enough tickets/stuff online, and accidents happen.

- For address, I mostly use a P.O. Box.
- for email, a separate junk email(s)
- for payments, a virtual CC or cash

Even this does not protect fully against identity theft. That passport scan alone is very bad.

My very point, why provide real scans if one won't give email to possibly link to other business. Just personal opinion, but times has changed and it is reckless to trust professionals with own welfare, and do so despite overwhelming evidence. Reason this forum is so much fun.

 

[Shaoling]

i Think its more about the agent, and his way of doing the things..

In my case i provide Brokerage technology to customers.. and of course i do KYC. i always print the documentation, and i have it in a very safe place. i always delete everything from my office PC.

i think the agents should do something similar, cause no matter you have the most sophisticated hardware and software, you are never hackingproof.

 

[JohnLocke]

i think the agents should do something similar, cause no matter you have the most sophisticated hardware and software, you are never hackingproof.

The major issue one may consider is that your documents get sold to a third party!

 

[Shaoling]

Like identities trafficking?

I have created a company in hong kong, with a secretary i meet in person here in my country.. he offered me and insisted on using the nominee director services.. I took it.. the worst decision ever.. I never found a bank account for that company..

The thing is that I have the passport of that chinese guy.. in my attempt to get and emi account, the EMI told me "this passport is just 1 month away from expiration, please send us other".. the secretary only took 2 hours to send me a new one.. with just 1 day of released.. another chinese guy in the picture, different passport number.. but same name..

I knew that probably this chinese guy never existed.. and probably all this is photoshop documents or, stolen documents from former customer..

 

[daxbr]

Like identities trafficking?

I have created a company in hong kong, with a secretary i meet in person here in my country.. he offered me and insisted on using the nominee director services.. I took it.. the worst decision ever.. I never found a bank account for that company..

The thing is that I have the passport of that chinese guy.. in my attempt to get and emi account, the EMI told me "this passport is just 1 month away from expiration, please send us other".. the secretary only took 2 hours to send me a new one.. with just 1 day of released.. another chinese guy in the picture, different passport number.. but same name..

I knew that probably this chinese guy never existed.. and probably all this is photoshop documents or, stolen documents from former customer..

EMI took second passport?

 

[Shaoling]

EMI took second passport?

i got rejected by all EMIs but one took it.. i never place a dime on it... cause i knew i will lose my money

 

[JohnLocke]

I knew that probably this chinese guy never existed.. and probably all this is photoshop documents or, stolen documents from former customer..

That's some sort of story, what provider / agent was this? just so no one else is going to use them?

It is the opposite as discussed here but still interesting to learn about, thank you for sharing

 

[Shaoling]

i made the deal with an intermediary guy here in europe. but the secretary is a company named GOLDEN CLASS CORPORATION LIMITED in HK.