New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to respond to ID scan requests
You order a LEB and the provider politely sends you a request like this:
As a new customer, we kindly request that you provide us with a copy scan/photo) of your passport or ID card for authentication purposes. Please would you send the document by fax or as an email attachment to this email address.
Here is how I am now responding to them, with all sweetness and serious I might add.
That sounds like a great idea. Since this is the first time I'm ordering from you I'd like to authenticate your team as well. Please send me a copy of either the passport or ID card for anyone handling this email and ultimately responsible for this order and managing the server. You can send them to this email or I'll provide you a fax number if you prefer.
Your move provider.
Thanked by 1raindog308
Comments
why respond that way? just say "sorry i don't send such info" .. case close.
I understand just fine why they want ID - it's hard to trust some random order, and a dodgy client can cause a lot of damage (in terms of pissing off other customers, getting IPs blacklisted, or getting your upstream grumpy with you).
They're perfectly entitled to ask....just as I'm entitled to say "no thank you" and go somewhere else. Because I don't trust most companies (even big ones) to properly and securely handle it.
You need to know that providers can also choose their clients just as we choose our providers.
As the OP has tagged this with "humor", it may very well be for just that.
Tagged humor, but I only see jackass.
That's not the right way to deal with it. I think it's better to candidly express your concerns - if enough people do it then hopefully they'll at least try to find a better way of establishing trust and reducing fraud.
I had this issue with BuyVM - the guy was rude about it so I moved after explaining my case. I understand that there's a lot of fraud but this should be, in my opinion, a last resort for this type of service.
If you're signing up for a host that you don't trust, I don't understand the point of signing up. If they haven't already developed some kind of trust that has made it's way to you, I don't understand why they're on your radar as a customer.
However, as a host, I can absolutely understand why they want to establish trust with you. After all, they have to protect their customers above all else. When someone comes in and sends out a DDOS, how many others see packet loss if only for a second? Letting people on your infrastructure means trusting them with the ability to cause problems for your other clients, that will always be true to some degree (though the degree may vary based on infrastructure).
You, you have nothing to lose here. You're signing up for a host you don't even trust, clearly. They have everything to lose. They have paying customers who depend on them to keep the pipeline clean.
As I've suggested in another thread, I understand a provider's desire to limit and mitigate fraud, but I would strongly advise no legitimate customer ever bow to these requests. Giving away such private documents to a provider, particularly one you've not yet entered into a contract with, is inherently dangerous and I'd argue wholly unnecessary. You are at the mercy of that provider's control over those documents. Do you really want to trust their handling of such documents?
Likewise, a provider potentially puts itself at risk, maybe more than just their reputation if those documents ever escape their control.
I hold no hard feelings with providers who choose to request such things, but the snark is meant to convey a message and signal what I feel is the silliness of such requests. I doubt any would take any offense. None is certainly intended. I'll be sure to send a smiley if I ever receive a request again. Thankfully I've only had three providers out of dozens ever request this of me.
Amazes me that someone would even make such a thread like this.
Just use common sense. If you cannot trust the host, move on and send your ID to a host you can trust.
You cannot trust any host, then see a doc.
Trusting someone to administer a server and not peek at your files is an entirely different kind of trust to trusting someone to properly handle identity documents.
You are not required to give full ID photocopy. You can cover some sensitive content using your hand (or your finger) and still showing your name and part of address. They are not looking for the whole copy, they just want to make sure you possess the ID with your name.
It doesn't even have to be a matter of trusting a host.
Hackers frequently target emails used for ID verification with incorporation services, hosts and small time payment processors. They're then used to similarly verify payments and accounts with illegitimate details and commit fraud, especially through faxes.
With ID verification, its just a disaster waiting to happen as hosts don't consider the potential consequences of storing scans longer than needed.
A host can have perfect technical security but there will always be vulnerabilities waiting to be taken advantage of.
Overlay with red letters "for use only by PROVIDER for verification purposed" in a way that can't be cropped out but still lets them do their thing. Done.
They don't? How do you know?
I think both are important, and if you don't trust them on one of those points you shouldn't host with them. At some point, unless you're of the anonymous bitcoin user flavor, they're going to have details about you that you'd rather not get out.
Not the best reply, I'd say they're about to suspend your order.
You could ask for their ISO certification in relation to handling and storing of said documents.
Every host I've talked to and asked about the retention period specifies anywhere from 2 years to indefinitely. Re: Patrick7, OVH, EvoBurst, NearlyFreeSpeech, e.g.
Correct. PCI Compliance too.
Weird. Can't think of a good reason for that. Increases liability. I've been known to delete immediately on request.
How in the hell is an ID private? Getting carded happens all the time at any place selling alcohol or other items with age restrictions.
They could more easily abuse your credit card info than your ID. So could any random waitress. Such theft is vanishingly small compared to other exposure. Unless you have evidence of identity theft directly related to a provider's ID verification, I think you're just being paranoid.
"Carded" is to show your card, this instance is like the cashier whacking out their iPhone and taking a photo, and I think that some countries your ID can contain more personal info and could make it easier for people to impersonate you.
I mean no Offence to @jarland but If he took a photo of my ID I would be worried... @MrGeneral in a mankini would be acceptable so long as I can have a selfi with him... but hay... thats my 7c.
Generally, providers will not mind if you add a watermark on the ID card so that the host cannot fraudulently use it. It's win-win; the provider gets the verification they need and you'll know they can't sell it, etc.
This thread is a joke. If you don't trust your provider then don't host with them, plain and simple. If your provider asks for XYZ and you don't want to provide it then go elsewhere, no need to even reply to the ticket if you don't want to. Ignorantly wasting your time and theirs is not a valid solution.
If a provider is asking for your ID then ask them what information they require and their data retention policy. If you're afraid to provide documentation showing the information they already have on file then the problem is with you and not the provider.
Some providers required unedited photo ID because they use validation software to check the images, this makes sense and with the amount of fraud, abuse, and financial loss in this industry providers have to protect themselves AND their clients (these things impact other clients directly).
At the end of the day you have a choice where you'd like to shop and what information you want to provide. If a provider asks you for something you don't feel comfortable with then just walk away, don't give the support rep crap for doing their job.
You can...
It's more like the cashier swiping your ID card when you purchase alcohol... which is very common now.
Quite a few retailers swipe your ID when you make returns, too (e.g. Target and Best Buy).
Oh yea, i've seen that on American Dad and did some research then, a crap system which is easily solved by some Ebay hardware, useful :')
("Faking Bad", S10E07, 2013)
I would however not send my full id to any provider.
If they don't have the time to manually verify me when their automated id card check fails, because you covered some sensitive information, then they probably also don't have the time to answer any ticket aswell.
We use ID scan request too when the order are souspicious and most of the time we hit a frauder.
I mean, customers that sign from vpn or open proxy are marked as fraud because their billing address and ip have big distance, so why a provider are not entitled to ask a confirmation for their ID?
Most of them say "no i want keep my privacy safe..." but all of them know that 99% is "i'm a frauder and i not want give you my real data.
When we find an order to be suspicious we simply reject it. No amount of ID scans you may want to send us will make us accept a suspicious order.
When drServer asks for ID, we usually only require the first name, last name and the address(if it's present on it). All other data can be masked out.
We ask for ID, in case you fail MaxMind.
Is is usually how I respond to them...
On a completely unrelated note to this thread....
Kids who think they know everything are the worst clients ever.