- This topic has 23 replies, 1 voice, and was last updated 3 months, 2 weeks ago by DynamoDylan.
- Sunday, August 21st, 2022 at 15:17 #358931StompyaParticipant
What are my risks when doing KYC?
Submitting photos of my ID and video of my face along with all my personal information seems like a great way to have my identity stolen, yet millions of people have done it on multiple exchanges. What’s protecting me in a data breach?
That’s basically it for my question. So far most hacks/exploits have been from exchanges – security issues have happened but the blockchains themselves are almost never the issue ([barring the occasional bug](https://bitcoincore.org/en/2018/09/20/notice/). I’ve been asked to submit KYC by a newer company and I’m not sure what’s protecting my identity besides them promising they’ll try not to let anyone steal it.Sunday, August 21st, 2022 at 15:17 #358943Agincourt_Tui
Why are you looking to on board with a newer company during this bear market that has seen a number of failures? Why not stick with the bog boys and have, presumably, greater peace of mind about security in the process?Sunday, August 21st, 2022 at 15:17 #358954DynamoDylan
The risk is they leak your info or get it stolen. Also the tax man will know you have crypto.Sunday, August 21st, 2022 at 15:17 #358953notsusaccount69
You basically just need to companies with your identitySunday, August 21st, 2022 at 15:17 #358952VapingLawrence
Once you submit your data, it is already stolen, so your activity can (and will be) monitored.
All in the name of “stopping financing terrorism” and “money laundering.”
It is way too late to be so naive.Sunday, August 21st, 2022 at 15:17 #358951reality___hater
There are tons of securities and law shenanigans in place when it comes to personal information being stored by an organization, there are even ISO-(random numbers here, I couldn’t care that much to remember something so specific) stuff that needs to be reviewed regularly. Of course this would all be in vain when a certain group of people were able to crack that organization’s security.Sunday, August 21st, 2022 at 15:17 #358950drgnfamily
It’s very intrusive Ive only signed up for one exchange to negate the riskSunday, August 21st, 2022 at 15:17 #358949390TrainsOfficial
> What’s protecting me in a data breach?
Nothing. It’s just that most of the larger exchanges, such as Coinbase, Kraken, Crypto.com, Gemini, Nexo and even Binance have a lot of software developers and penetration testers that work to ensure that their systems are reasonably secure and that any security flaws are fixed before an adversary discovers them. However, the one thing it’s important to remember is that no computer system is 100% hack-proof: even a **massive** corporation such as Google *could* be hacked at some point in the future. Social engineering is also a possible threat that **wouldn’t be due to a technical flaw**, but I’d imagine that these companies vet people in a similar way to the verification carried out by banks (where credit checks and references are used).
It’s slightly riskier when a centralised exchange outsources their KYC verification to a different firm (e.g OnFido) because they can’t be 100% certain about the identity verification firm’s security practices, but the most reputable identity verification firms verify the identity of **millions of people** (and not just to allow them to use a centralised exchange, I’ve had to use OnFido to prove my right to work when applying for a job before) and receive lots of money from companies which they hopefully use to entice some of the brightest minds in the cybersecurity industry to work for them.
> by a newer company
Handing over your identity documents to a newer company is riskier because:
* they typically don’t have as robust security practices
* they may not have as many potential job applicants to choose from
* it’s unclear whether the exchange will remain trading
However, you can decide whether to verify your ID by considering the following:
1. Can you do what you want to do using a different exchange?
2. How essential is what you want to do? Could you use a decentralised exchange?
3. Are you sure that the exchange is legitimate?
> besides them promising
Most companies are very vague about their security practices. There’s an important reason for this: if someone is aware of what’s being done, they’ll be able to work out what **isn’t** being done and use that information to find a way of getting into the company’s systems. There’s not really much more that they can say.Sunday, August 21st, 2022 at 15:17 #358948shakerek
Go through the KYC, notify your government that you lost your ID, get a new one with different numbers and you safe.Sunday, August 21st, 2022 at 15:17 #358947greenappletree
Submitting ID is just the begging – I had f’ng cex that wanted me to hold my id up to a camera and read out a ducking script like a criminal – WTFSunday, August 21st, 2022 at 15:17 #358946reddito321
Not less risky than e.g. taking a driver’s licenseSunday, August 21st, 2022 at 15:17 #358945Emergency-Length4401
You make a good point, most people dont realize that any bad actor can sell our data and just dissapear.
There is always a risk when you give your personal informations, so make sure you trust the exchangeSunday, August 21st, 2022 at 15:17 #358944ChorizoSandwich
Theres never no risk.
I can only advies to use trusted and widely used platforms. They tend to have better setups and securities.
Not sure on this, but i always thought personal info like this is only stored temporary and should be destroyed after the x time expired and it served its goal.Sunday, August 21st, 2022 at 15:17 #358942Dr_Scythe
It’s up to you where you draw the line but only do KYC with a company you trust. Though in saying that, if you don’t trust a company with your KYC info, you probably shouldn’t have your crypto with them either…Sunday, August 21st, 2022 at 15:17 #358941The_Daycare_Dazzler
I’m just here to learn the answer too.Sunday, August 21st, 2022 at 15:17 #358940The-Francois8
There’s definitely a trust factor there. Want to stick to reputable exchanges.Sunday, August 21st, 2022 at 15:17 #358939bigmaneting
I just use kucoin to avoid kycSunday, August 21st, 2022 at 15:17 #358938surrender_the_juice
My identity has been stolen and exposed so many times, that I don’t think it really matters at this point.Sunday, August 21st, 2022 at 15:17 #358937HeirOfRhoads
They laugh at you if you are uglySunday, August 21st, 2022 at 15:17 #358936SuspiciousBarry
Yeah only do KYC with a company you trust. Not a small one and definitely not a new oneSunday, August 21st, 2022 at 15:17 #358935Don-QueHotas
I doubt anyone wants my identity. Provides absolutely no value. HahaSunday, August 21st, 2022 at 15:17 #358934kraken-community
I was asking the same question when doing KYC: “How safe is my data?”
In regards to all exchanges out there I cannot say for certain. However, at our exchange we do the following:
Database security- Databases containing sensitive client data aren’t accessible from our website. They’re encrypted and can’t be decrypted without access to multiple highly secured systems. Access is strictly controlled and monitored.
Document security- All documents uploaded to our website are watermarked. This means that in the unlikely scenario our security systems are breached, your documents will not be re-usable elsewhere.
Account security- The most likely scenario for leakage of personal data would be client-specific, rather than a breach of the database as a whole — that is, if someone gained access to your personal sign-in credentials due to the account not being properly secured.
Additionally, we test third-party services and products in an effort to help identify, publicize and solve issues before they’re exploited by bad actors.
Hopefully this gives you some clarity.
Kraken- RosaSunday, August 21st, 2022 at 15:17 #358933Connect-Ad-1088
The benefits of kyc outweigh the risks if u want to purchase trade and cash out, otherwise your loading your non kyc wallet with crypto bought thru an atm with virtually no way of cashing out and getting raped with fees….Sunday, August 21st, 2022 at 15:17 #358932CryptoDad2100
First, there’s no guarantee that there won’t be a data breach for **any** company, including your bank(s). It’s happened before to the largest of organizations and will happen again.
Second, you can take reasonable measures, such as using well-known/major exchanges (Coinbase, CDC, Kraken, Binance, etc.).
Third, you can consider paying a small premium (which may even be offered at a discount through your employer) for an identity monitoring service, which aggregates data, notifies you of any potential exposures/breaches, and also provides insurance and legal services. A number of insurance companies in the US provide this.
And finally, you can diversify your risk. Multiple wallets (self custody), multiple exchanges, multiple brokerages in fiat, etc. – just depends how much you want to spread your $.
- You must be logged in to reply to this topic.