KYC — Know your customer

Twice this week I have run into issues involving KYC or know your customer policies, and both were rather odd circumstances. I am preparing to go visit my family in Israel, and this time around I am purchasing an eSIM or virtual SIM card for my phone. Before I could do so, however, I had to upload a photo ID and my own portrait to verify that I am indeed a real person. The process was very smooth and just took a moment to get it all organized.

The second KYC moment happened as part of being onboarded for a new client. (Don’t you just love that term? It seems like it is almost as painful as waterboarded.) I got a strange email from someone in India, who was asking me to get on a Zoom call to verify that I am who I said I am. Now, I had never corresponded with this person, and my contact hadn’t prepared me for the email. So I fired off my own email to my contact to do a bit of my own KYC intelligence.

I don’t fault them for being careful. Things aren’t what they appear to be these days. Remember my blog post from earlier this year about inadvertently hiring North Korean developers? I was reminded of this fromĀ a recent post by Brian Krebs about fake CISOs that are on LinkedIn. What is worse is that these phonies have made their way to one publication’s “top CISO” list. You can’t vet people enough. Many of the job descriptions on LinkedIn were clearly lifted from real people. Krebs suggests that LinkedIn could make things easier by including a “freshness” date when the profile was first created, which is something that Twitter does.

3 thoughts on “KYC — Know your customer

  1. I just got a new iPhone 14, and my carrier AT&T insisted that I upload a PHOTO front and back of my driver’s license. I could not upload a scan or a file; I had to take a new photo with their app, and it kept rejecting the photo until I got just the right ambient reflections to see my face clearly in the photo. Welcome to the future!

  2. These demands for photos of ID create huge potential for identity theft and for security and privacy issues. Front & back of driver’s license, for example, contain personal info that is none of AT&T’s business. How can we know that the info is being properly protected and only will be used for the one stated purpose? Or that it won’t be sold?

    Yes, I’m paranoid – but there are too many such demands with no guarantees around privacy and security. Even Instagram asks for a photo ID – and we know how Meta thinks about privacy ….

  3. There’s a lot to be said for doing business face-to-face with local customers, isn’t there?

    I do have a remote client 200 mi away, and our business relationship got a lot better when I made a trip there to deliver some much needed computer gear.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.