A massive global data leak linked to IDMerit has exposed 1 billion personal records, including national IDs and emails, across the US, Europe, and Asia.
KYC is typically a due diligence process tied to regulated financial industry participants – the restaurant example has a much different function. Banks and FIs have much broader retention (and disclosure) obligations.
Here, let’s put it slightly differently. I’ll reference Canadian regulations/processes more, as those are the ones I’m most familiar with. If you’re a bank, you’re required to flag suspicious transactions related to the customer – and in order to know when those transactions are suspicious, you need some way of reviewing it within the context of the customer. You may even have an obligation to second guess / question / try and advise the customer ‘not’ to make a transaction, based on knowing your customer.
The most basic example of that, is where Credit Cards will decline payments / request a call if you try and make a purchase in a totally abnormal location – like you “know your customer” lives in Toronto, but suddenly see them spending money in Mexico? Or if they called you before they took a trip to mexico, that’d also go into a KYC type file to let people know to expect those sorts of charges and let em get processed. That’s tied to KYC.
The media will often run stories about seniors getting scammed, with the general message being “WHY DIDNT BANKS DO MORE TO PROTECT?”. Well, that’s KYC too. You gotta ‘know’ your senior members, and their spending habits to some extent, to find those outliers. You also need to be familiar with them enough to know whether its “normal” for them to come by and take out cash, and in what quantities and for what purpose, cause seniors will sometimes ‘show up’ with a person pressuring them to take out cash to ‘pay a bill’ (scammms galore!). All part of KYC due diligence.
Or the somewhat obvious elephant in the room – if you have a “personal” account member, who keeps receiving etransfers to his “[email protected]” account for some reason, you gotta look into it a bit and sort out what all those payments are related to, cause it isn’t a business account. And if you see anything suspicious, it gets reported to the authorities, where, most likely, Trump shits himself and Americans ignore the crimes.
Notably there have been almost zero data breaches of large banks, because their requirements for security are significantly higher than most other companies. My original comment was not about banks, they obviously need to retain a lot of customer data, and most of that is not exposed to the internet at all. I was talking about things like a pizza shop or an online retailer. There’s no need for Burger King or a webcomic artist I’m buying a print from to have a login or my email address for longer than it takes me to get my items.
Yeah, but this breach is specifically about KYC, about financial industry stuff. The company that got porked, was the company the banks used for their KYC stuff.
KYC is typically a due diligence process tied to regulated financial industry participants – the restaurant example has a much different function. Banks and FIs have much broader retention (and disclosure) obligations.
Here, let’s put it slightly differently. I’ll reference Canadian regulations/processes more, as those are the ones I’m most familiar with. If you’re a bank, you’re required to flag suspicious transactions related to the customer – and in order to know when those transactions are suspicious, you need some way of reviewing it within the context of the customer. You may even have an obligation to second guess / question / try and advise the customer ‘not’ to make a transaction, based on knowing your customer.
The most basic example of that, is where Credit Cards will decline payments / request a call if you try and make a purchase in a totally abnormal location – like you “know your customer” lives in Toronto, but suddenly see them spending money in Mexico? Or if they called you before they took a trip to mexico, that’d also go into a KYC type file to let people know to expect those sorts of charges and let em get processed. That’s tied to KYC.
The media will often run stories about seniors getting scammed, with the general message being “WHY DIDNT BANKS DO MORE TO PROTECT?”. Well, that’s KYC too. You gotta ‘know’ your senior members, and their spending habits to some extent, to find those outliers. You also need to be familiar with them enough to know whether its “normal” for them to come by and take out cash, and in what quantities and for what purpose, cause seniors will sometimes ‘show up’ with a person pressuring them to take out cash to ‘pay a bill’ (scammms galore!). All part of KYC due diligence.
Or the somewhat obvious elephant in the room – if you have a “personal” account member, who keeps receiving etransfers to his “[email protected]” account for some reason, you gotta look into it a bit and sort out what all those payments are related to, cause it isn’t a business account. And if you see anything suspicious, it gets reported to the authorities, where, most likely, Trump shits himself and Americans ignore the crimes.
Notably there have been almost zero data breaches of large banks, because their requirements for security are significantly higher than most other companies. My original comment was not about banks, they obviously need to retain a lot of customer data, and most of that is not exposed to the internet at all. I was talking about things like a pizza shop or an online retailer. There’s no need for Burger King or a webcomic artist I’m buying a print from to have a login or my email address for longer than it takes me to get my items.
Yeah, but this breach is specifically about KYC, about financial industry stuff. The company that got porked, was the company the banks used for their KYC stuff.