KYC (Know Your Customer) check is a widespread requirement of regulators which are trying to fight money laundering with the help of cryptocurrency. For sure, you have noticed that during the last 2–3 years this check has been introduced in more and more crypto services, including exchanges and wallets. And what about exchangers?
So can you guarantee the exchange won't ask customers for any kyc verification documents if there isn't icon like this, and if there are no verification rules mentioned anywhere on exchange website terms?
No, of course, there are no such guarantees. In practice, such icons (or their absence) only indicate the degree of probability AML checks. That means if there is such an icon, the probability of it is very high or even 100%, and if there are no additional icons, it means that the checks are no systematic, i.e. they are carried out selectively under certain specific conditions (for example, based on the results of an express assessment of transaction sources).
As for mentioning in the website rules — this is a required condition both from a legal viewpoint and our position. If the exchanger hasn’t clearly specified in the rules the conditions of carrying out checks, they do not have the right to demand them. In practice, it doesn’t happen, usually exchange services bring their “website rules” in accordance with general standards.
At the same time, we need to note that the verification in no way is a way of stealing the client’s data and using it illegally. This is just a necessity caused by the requirement of regulators, and a reliable exchanger will not give the information about the user to a third party.
We saw what happened with ''trusted'' centralized exchanges and how they keep customer documents ''safu''.
Didn't Binance leaked millions of customer passports with personal images that later ended up on some darknet forum, available in public for everyone to see.
In this case customers should trust one more third party, so there is much higher risk, because both of them can now leak information.
Your claims are well-grounded, but they are not about the necessity to follow international norms. The fact that lots of companies around the world use very mediocre protection, store user data in unencrypted form, and most importantly do not bear any serious responsibility for leaks, is a topic for a separate discussion.
Until the world has come up with an alternative to the standard KYC procedure (although something interesting is happening around Polygon ID if it will be "fine-tuned" and scaled in the future), one has to take such risks, as with any other financial services around the world.
What about data leaks from banks, insurance companies, mobile operators, trading platforms, and payment systems? Quantitatively, there are even more of them than there are leaks from crypto exchanges and their counterparties, simply because the crypto industry is obviously more advanced and is "obsessed" with protection, and the organizations themselves are much smaller.
But we are in no way defending Binance and others, they took on the obligation to store the most valuable thing that their customers have, but they did not cope with this and should have been held accountable to the fullest extent. But the world has not yet rebuilt under the concept that personal data is most valued, for about the last 20 years inside Web2.0 it has been the hottest commodity, and until the mass adoption of Web3.0 principles, the safety of our data will be neglected, this is a fact.
However, all of the above is not a reason to ignore the principles of working with finance accepted by the world community. You do not prove to the bank that they do not have the moral right to check your passport in order to open an account? Motivating, for example, by the fact that Capital One was hacked in 2019.