Twice this week I have run into issues involving KYC or know your customer policies, and both were rather odd circumstances. I am preparing to go visit my family in Israel, and this time around I am purchasing an eSIM or virtual SIM card for my phone. Before I could do so, however, I had to upload a photo ID and my own portrait to verify that I am indeed a real person. The process was very smooth and just took a moment to get it all organized.
The second KYC moment happened as part of being onboarded for a new client. (Don’t you just love that term? It seems like it is almost as painful as waterboarded.) I got a strange email from someone in India, who was asking me to get on a Zoom call to verify that I am who I said I am. Now, I had never corresponded with this person, and my contact hadn’t prepared me for the email. So I fired off my own email to my contact to do a bit of my own KYC intelligence.
I don’t fault them for being careful. Things aren’t what they appear to be these days. Remember my blog post from earlier this year about inadvertently hiring North Korean developers? I was reminded of this from a recent post by Brian Krebs about fake CISOs that are on LinkedIn. What is worse is that these phonies have made their way to one publication’s “top CISO” list. You can’t vet people enough. Many of the job descriptions on LinkedIn were clearly lifted from real people. Krebs suggests that LinkedIn could make things easier by including a “freshness” date when the profile was first created, which is something that Twitter does.