I made the stupid mistake of scanning in my brand new US Passport, in full color, high resolution because Bitstamp says thats all they will accept (i didnt have my drivers license on me at the time).
Then realized after the fact that you should *never* let your passport out of your sight, let alone upload it to some website on another continent.
Identity theft anyone?
Ever wonder how Jason Bourne had 15 passports in his safety deposit box?
What happens to our sensitive personal docs after verification ? Does bitstamp at least state they will discard of it? I couldn't find anything on the matter.
As mentioned earlier, data is never safe - unless the business in question go to lengths about securing it. For example, there's no need for systems that holds identity papers to be online. These should be offline. And of course, once you give away copies of your identity papers, then it could always be misused. You have to trust the exchange not to misuse your scans. What you could do, is to black out sensitive parts of the documents, if the business allow this. And also, it's possible to water-mark a document, which is not visible to the verification drone that is checking your scans. That way, you'd know where the leakage was in the event of identity theft.
But it's true what you say, this really poses a great risk in the digital world, and perhaps it would've been better if there was one major company doing the verification, like say digicert, and then all other companies trusting certificates given from this company which they only release after having verified your id.
Ideally I think the way it should work was that a verification company had offices where you could go and show your ID, and no copy would be taken, but you were given a digital certificate that you could give to anyone so you could prove your ID. Well - such a certificate could be stolen, but the same thing could be said about ID's. I'm sure there's a lot of fake ID's floating around and to be sold at various marketplaces.
And naturally, the more places you upload your ID to, the higher the risk of fraud. Imagine someone stealing the entire database of a company containing all these ID documents.
Of course, if you wanted to offload the risk from yourself, you could always get someone others ID, but that would of course be highly illegal, and would cause problems in and off itself if you ever got caught doing it.
So, yeah - really - this is a problem giving up ID to all kinds of weird online companies. It's always wise to do dd and make a risk assesment, to see if this is a company you want to deal with or not.
I would rather trust a well established company, than some shady outfit in a strange sounding country.
