Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Whats wrong with verifying the ID?

The issue is they decided to roll their own extremely questionable service and insecurely store sensitive images in a public bucket

Multiple SAAS vendors provide ID verification for ~$2/each. They should have eaten that fee when it was small and then found a way pass it onto the users later



> Whats wrong with verifying the ID?

- IDs usually contain enough information to totally steal a person's identity (beyond just their name and mailing address).

- IDs usually have secret security mechanisms beyond what's publicly known for a government to verify if an ID is real or not.

- 3rd party business systems can only verify the publicly known security stuff. And because that security stuff is public, it can get faked easily.

- IDs are super easy to fake.

- The only entity that can totally verify an ID is a government, because you'd have to verify the secret security mechanisms as well.

And there's a million reasons why you wouldn't necessarily want a government to verify an ID for a private business transaction.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: