That would be an incorrect assumption. Per https://support.stripe.com/questions/managing-your-id-verifi... customers of Stripe Identity have API access to "captured images of the ID document, selfies, extracted data from the ID document, keyed-in information, and the verification result".
Thus, when you use Stripe Identity to verify your identity, you have to trust that:
1. The website doesn't download, retain, and later leak your selfie and identity information.
2. The website's Stripe API token isn't compromised and exploited by identity thieves to access your selfie and identity information.
Stripe appears to be leaning heavily on their claim that they don't disclose "biometric identifiers" to websites and that these "biometric identifiers" are deleted from their systems within 48 hours. This is extremely deceptive considering that biometric identifiers can be reconstructed from the selfie.
> Considering that Stripe was originally known for letting websites accept credit card payments without seeing your credit card number, one might assume that Stripe Identity only allows websites to see the verification result, and not your selfies and scans of your identity documents.
A few points:
- Fundamentally, Identity makes it possible to choose how much of this data traverses / is stored on your servers, just as Stripe did with card numbers.
- There's a basic difference between card numbers and identity verification. With card numbers, you (generally) don't really care about the number -- you just want the payment. With ID verification, however, many businesses have good reason to want more than just the verification result. For example, they are often subject to compliance requirements that mandate that they themselves possess or have access to the raw information. They may need or wish to perform additional checks on their side. Etc.
- The relevant UI in Identity is deliberately very clear on this points in order to avoid the assumption you're stating. The flow explicitly says "Stripe and [Business] may each use your data." Even though an end user might consider it suboptimal for the business to have their data, we still view it as an improvement to the usual status quo, where this data is frequently stored in very ad hoc fashion and without rigorous security protections.
- While many of the businesses initially building on Identity wanted access to the raw information, it may well make sense for us to enable them to restrict themselves in the future. In this world, Stripe could tell their customers that the business doesn't have access to the raw details. (This might even make sense for Stripe payments in the future.) As a philosophical matter, we consider ourselves to serve the business, which means that limiting access to what we consider to be the business's own information feels a bit strange. That said, it might sometimes be in the interests of the business to allow them to limit themselves in this fashion (especially as Stripe's brand recognition among consumers grows).
- There's a separate concern about compromise of the business's credentials leading to inadvertent disclosure of this information (a situation analogous to an S3 bucket key getting leaked). This is of general concern to us in lots of situations, not just with Identity. We have some new functionality on the way here.
> Fundamentally, Identity makes it possible to choose how much of this data traverses / is stored on your servers, just as Stripe did with card numbers.
There's a stark difference in how Stripe treats exports of card numbers versus exports of raw identity verification data. This makes it way easier, and more likely, for Stripe customers to choose to store raw identity verification information.
> With ID verification, however, many businesses have good reason to want more than just the verification result. For example, they may be subject to compliance requirements that mandate that they themselves possess or have access to the raw information. They may need or wish to perform additional checks on their side. Etc.
I acknowledge that some businesses have a need for this. But I see Discord and Clubhouse among your customer logos, and your product page talks about non-KYC use cases. Many of your customers will have access to identity documents without really needing it. That sucks for the end users of Stripe Identity, because it makes it more likely their data will be misused.
A concrete suggestion: make it possible for businesses to choose whether they have access the raw data, and expose the choice to the end user in the Stripe Identity flow. Ideally, businesses that want the raw data would be subject to security compliance requirements. This is an opportunity for Stripe to be a leader in setting high standards on how this type of data should be handled.
> As a philosophical matter, we consider ourselves to serve the business, which means that limiting access to what we consider to be the business's own information feels a bit strange.
Maybe I'm wrong , but once a customer upload the document on Stripe Identity they are supposed to be YOUR documents.
I worked in Bank as a Service , fundamentally when a customer goes through a verification process , the documents uploaded are not the owned by the partner using our APIs. They are owned by us , the Bank.
For Stripe Identity the same should have apply. Here the goal is not "Lock the Partner" but rather to protect them.
Now that discord has access to my Passport , in case of an identity theft could you tell me EXACTLY whose liable for the leak in regards to the law ?
With BaaS it's pretty clear , the Bank carry the responsibility to keep those documents safe , thus it's safer to not give access to a basic business to the raw details.
With the current API design you are offering, it's more ambigous and more prone very large leak within a business information system like Discord or Uber etc..
Those leak will happen.
I don't ever want to have a card number in my database or via a administration system (my own or my provider's).
So I care... but just perhaps not in quite the way you're thinking :)
I trust Stripe more than a random online forum, a dating app, or a social network, which might offer a higher quality service when people are verified. There's a high risk that the ID documents will leak from these services at some point if they get access to them. I don't want them to know who I am at all, if they don't need to know.
It would also offer a way for preventing sybil attacks on P2P networks, or help connecting to non-evil nodes on a P2P network (such as Bitcoin Lightning Network) without knowing the other person. In these cases there could be a some kind of signature generated by Stripe that could be used as an additional trust factor without centralizing the system.
This sounds great -- I don't want to be handling sensitive data of users, and I don't want to give sensitive data to businesses. But I'd rather this be a separate Verification product, with different branding, docs, and UI, so users and businesses are all clear on what's happening to user data.
It's literally called "(K)now (Y)our (C)ustomer".
> They may need or wish to perform additional checks on their side. Etc.
So they get all the data in the off chance that a Stripe customer might want to do something with the data aside from the basic “yeah our large global identity verification service says this person is legit.”
I’m not super clear what a company might ”wish to” do with that data that isn’t served by the basic “this person is who they say they are” function (Does Stripe need their clients to act as guinea pigs to see if the service actually works as intended? If their mysterious black box “wishes” turn up a case where this isn’t working as intended, are your customers required to share that data with you to ensure the overall reliability of the Stripe Identity service? Or do they just get to build a database of info they get from Stripe Identity?)
> While many of the businesses initially building on Identity wanted access to the raw information, it may well make sense for us to enable them to restrict themselves in the future.
Oh nevermind, asked and answered! Just turn on the data hose to whoever has a website and will pay Stripe for identity data and maybe adjust it later if you catch some flack for this practice?
It’s kinda hilarious that the whole “people trust Stripe with their data” as part of the sales pitch as if this didn’t come across to me (a layperson) as a direct violation of that particular trust.
Businesses that do not have a legitimate reason to view my sensitive document like Passport , should not be allowed to do so.
Only authorized institutions like Licensed Payment Institution / Banks / Insurances etc... should be allowed to do so and AFTER they've been approved.
It's sad because you can tell right away that this will we be abused by Stripe's customers inadvertently. Just like Uber "God View" thats you view any customer ride...
Pretty sure the amount of "Identity Theft" or "Privacy" Scandal is going to explode with such technology available for everyone.
I don't know how a product manager at stripe could tell himself that "Yes , it make sense to give access to sensitive documents" in an age where people are seeking more privacy.
I get parent comment's totally legitimate security concerns. And businesses that have no business having my identity should surely not be asking for it. But I don't honestly understand how this has anything to do with Stripe. These businesses (which for whatever reason are asking for ID verification before doing business with you) are just using Stripes API to verify identity instead of just taking your info themselves.
Any customer giving their information presumably knows they are giving said business their identity documents, the customers might not even know that the business is using Stripe's API.
Furthermore, Stripe is ostensibly coming in here to streamline the process for business taking identity info from customers. Why - in your opinion - is it worse for consumers when these-type businesses (which ask for identity), use their own-rolled id verification than using Stripe's?
Most companies aren't even supposed to ask for identity papers is Stripe verifying with the passport issuer whether the country allows given their passport to some identity?
I think there should be some sort of consent system built in were when the API consumer wants to download a passport the customer gets an email with the question if they consent in them fetching a copy.
This is true, but it's also kind of a misleading statement; the original selling point was that you could accept credit cards without having to deal with the requirements of PCI compliance and merchant accounts, which is done (partially) by you not ever seeing the card data.
If there was similar compliance regulation around document storage, I would assume that Stripe would use "Identity-Document-Standards" compliancy as a selling point. As far as I know, there are no such requirements.
I do think your #2 point though is exceptionally valid, and would hope that the majority of Stripe keys are scoped to not even provide access to this data/endpoints.
Edit: grammar
If you want to export credit card numbers from Stripe, you can only have it transferred directly to another PCI DSS Level 1-compliant payment processor, and Stripe imposes rather strict requirements on the transfer: https://stripe.com/docs/security/data-migrations/exports#whe...
If you want to export ID documents or selfies, you can just make an API call or use the web interface. This can and will be abused.
When a hotel copies my passport, they get a jpg. If they use Stripe, now I know they have my biometrics serialized to JSON. That feels way riskier and scarier to me, especially now that it's all centralized by Stripe.
We hear about our personal data getting leaked and hacked every day, and here is Stripe making themselves an enormous target and serializing all the data for malicious actors.
This feels like a really tone deaf misstep by the company.
Stripe could do this differently:
1. Allow the customer to choose whether or not they need access to the evidence.
2. If customer has chosen to receive access to the evidence, the Stripe Identity UI should clearly disclose this. (And they shouldn't try to deceive users by talking about deleting biometric identifiers.)
3. Require customers with access to evidence to adhere to certain security standards, similar to how they treat exports of credit card numbers: https://stripe.com/docs/security/data-migrations/exports#whe...
Stripe could have been a leader in setting high standards on how this type of information is handled. Instead they've opted to go the easy route and maximize profits while the rest of us pay the negative externalities from identity theft.
I thought that Stripe's original selling point was that you could easily accept payments online without having to integrate with complicated bank and payment processor tech.
For example, imagine Joe Biden buys a widget from WidgetsR.us and wants it shipped to his home address of 1600 Penn Ave in DC.
WidgetsR.us -> Fedex.com/order_XYZ/ship-to/Joe Biden at 1600 Penn Ave in DC
WidgetsR.us <- Fedex.com "201 CREATED" WidgetsR.us -> Stripe.com/identity/123_joe?redirect=Fedex.com/order_XYZ/ship-to/$NAME at $ADDRESS
Stripe.com -> Fedex.com/order_XYZ/ship-to/Joe Biden at 1600 Penn Ave in DC
Stripe.com <- Fedex.com "201 CREATED"
WidgetsR.us <- Stripe.com '"201 CREATED"'
At this point there is giant databases containing everything people need to take complete control of your identity sitting there just waiting to be hacked.
I have no idea how to change it/fix it. But it seems weird to me.
The government already operates an identity service via passports. The only reason they do not have an electronic identity service yet is because it is beneficial for them to be able to blame private actors when things go wrong.
To make it even more complicated, regulators often hold contradictory views. They want to see increased safety, but in the same breath will announce actions against companies for violating privacy. This is a super-difficult balance to strike.
Specifically for Stripe, I trust them. So if I see that a new start-up is using them rather than rolling their own solution, that increases my trust. But it means there is now a big giant server in the cloud with millions (billions?) of identity documents that is worth a lot of money for hackers.
[2] https://stripe.com/docs/acceptable-verification-documents
Re: Age Verifications on Google & YouTube: this has been covered well elsewhere. Google is required to do so by EU law. Blame regulators not the companies.
If it's limited to only people receiving payments, then it's far more reasonable than what I thought was happening (eg. people getting randomly asked for ID scans to use their service).
No. This is something we’ve become dangerously desensitized to.
Is bot spam rampant on discord or something? Are less invasive forms of verification (eg. SMS, credit card, or requiring a deposit) not enough? Can it not be solved via technical means? eg. requiring users to opt-in before receiving messages from a bot?
> And shipping services use Identity when a user is suspected as a fraudster—to double check before creating fraudulent shipping labels.
Yet I can buy hundreds of dollars of goods off amazon (or any other e-commerce site) without uploading my ID and giving them a live video feed of my face.
For both of these use cases, I don't doubt that ID verification provides benefit, I just find the privacy tradeoff to be unacceptable. As an analogy, a store can probably cut down on shoplifting if they performed ID checks at the entrance and kept a visitors log, but I think most people would find that unnecessarily intrusive and would refuse to patronize that store.
This doesn't seem like it works.
Careful there, mate. This is just another form of the infamous "Nothing to hide" fallacy.
That doesn't matter.
2. Any biometric identifiers that are created to perform the verification are never stored or retained—they are fully removed from all of our systems within 48 hours (usually within minutes).
More on this at https://support.stripe.com/questions/managing-your-id-verifi....
That doesn't make me feel a lot better. :( The images are enough to generate biometric data such as facial recognition profiles.
Does Stripe have a legal contract with users that says something to the effect of "if it does 1 and 2 above (by mistake or by choice doesn't matter) - that they will be liable for it". If not, all the support documents and technical security documentation is moot. I want to see "skin in the game" by Stripe. If you're so sure about "security" sign a legal contract.
No need to go any further for an example than Google and its "Don't be evil" somehow evolving into "Normalize the creepy".
They could be charging you AND creating an international ID database.
And frankly, if Stripe is offering any form of credit, it's likely working with the credit unions too.
The only way i would trust such a thing is if i have complete control over my data and how it's used (that's probably never gonna happen from a for-profit imo)
I'm sure they're not as lax as Equifax. I would hope that Stripe compartment all these documents so that a compromise of one database is not a compromise of the whole database. That's basic data storage hygiene in the information age. `Don't put all your eggs in one basket` as the saying goes.
I am too, but that's not an endorsement. And more pertinently, that is nowhere nearly enough.
Every database of value tends towards uncontrollable sharing over time. The more available and more valuable it is, the harder it is to fight that trend.
The best thing for humanity is to stop making high-value data hordes like this. Unfortunately, the interests of smaller groupings are the reverse.
If there was, all black-hats would be coming from Ivy League schools. They’re not.
After that they have: my face, copy of my passport, my voice, my phone number, my IP (unless I'm really going out of my way to obfuscate it), my email, etc.
Once I did this, then the series of documents to sign using Docusign came in.
That was the most serious KYC/AML I've ever seen.
I don't like it much but I gotta say: I can definitely see how it raises the bar for would be scammers/impersonators.
MasterCard and their "True Name" program did a good thing there.
As more commerce moves online, Stripe Identity was built to significantly reduce the number of organizations and humans that would touch your ID—in a faster, secure way that’s hosted by Stripe (https://support.stripe.com/questions/common-questions-about-...).
We are also very direct about collecting consent: https://support.stripe.com/questions/common-questions-about-....
And as we've all come to know the distinction between "able to surveil" and "collect it all" crosses a threshold to make it of a different kind.
If one's mindset is that in general, tech companies, unlike those other entities store it all, then there actually is a recent "trend" to migrate a normal behavior into an abnormally socially adjusted space.
> As more commerce moves online
It is very much a trend and that is very much what you are describing. The problem with identity verification is
a) Business that have no business requesting them do so. Linkedin, Google, Facebook does this when they suspect you are a bot. But if you have been a long time user, they hold your account with your personal data as hostage. You cannot delete your account if you object to providing your official documents.
b) There is very little legal protection if companies (not saying Stripe will) use your official documents to build an extremely detail online profile of you. Its all based on trusting what these companies say.
Maybe these things are designed for KYC’ing crypto and buying alcohol but it’s definitely a trend to apply this process broadly. All for the fear of generally preventing everyday fraud, piracy, and maybe just collecting data for some nebulous future use. Of course they rarely do the actual basics and apply any thought to not treating your real customers like criminals.
I don’t doubt Stripe can make the process better and do it in a good way, but can Stripe minimize what this process is even applied to in the first place and avoid manufactured consent.
Can Stripe hurry up and go public so I can buy some shares?
I observed other teams struggle to build and have tackled challenges posed by identity, 1.5$/user is terrific price. Handling PII data in itself is a rabbit hole of engineering, product, and regulatory challenges. Let alone creating unique identities, matching, and what not.
Some years ago I worked on a system let banks do identity assertions with proofs via SAML attributes instead of sharing customer PII. It is now a federation of banks in wide use for govt services in Canada. The use cases were really limited because the federation partners were too conservative to extend the identity services to relying party consumer applications real people actually wanted to use, and institutional sales cycles meant product feedback was glacial, so it has existed for over a decade in this relative backwater of gov-tech. I think identity companies have mostly failed to get traction because of a terminal lack of consumer sexiness, whereas Stripe has the jelly.
Other companies in the identity space have been working on protocols and platforms, but none of them had a user base to extend an identity federation services into, which means they have never been able to make a real or viable product, just interesting techs. An internet payment provider with young consumer traction getting into identity is a Very Big Deal.
It's going to position Stripe to knock out a lot of retail banks who can't offer similar services. Imo, this could make them bigger than Apple.
But despite paying over £20 a user for each verification they only got one or two banks to join, and the scheme was a disaster.
E.g. when I registered for Covid vaccine I logged in using my bank login.
There are other ways to do it too but since I already had an account in a participating bank I didn’t bother looking into them.
I don’t know if banks earn anything from it. I’d be surprised if they did.
I work for a major US Bank and they are most definitely monetizing KYC data, in fact we have made several billion dollar acquisitions just to scoop peoples data.
What I see is that Stripe doing IAM for platforms and services that people use daily sets them up to dominate retail and small business banking services if they wanted to go there.
See this page:
https://services.securekeyconcierge.com/cbs/saml/login?l=1&l...
The way the service works by getting permission from you, the user, to share some part of your identity with the destination and you can chose what you share. You could pick for example just to share name and not DoB.
The one reason I hate this otherwise superbly designed service and refused to use it is that is has a dark pattern where it creates a "SecureKey / Verified.Me Concierge Account" for "you" when you use it and starts proxying/pre-emptying the bank-login-as-verification process.
WHICH IS STUPID AND SCAMMY IF YOU ARE READING THIS VERIFIED.ME, THIS IS DARK PATTERN BEHAVIOR AND IT IS NOT RIGHT OR FAIR
/start rant
From my perspective, the whole point is - inhale - "I sorta trust my bank because I have to so I will log on to them so that they can vouch for me but I definitely don't trust you so why are you being a dick and making me make an account with your service that I don't trust and will never trust" - exhale
Just let the bank vouch for me each time, this is what I expect a reasonable and non-scammy service provider to do. Don't wait till you have my info then tell me, hey, I will make an verified.met / secureconcierge account for you so that <insert your preferred monetization rationale here> before you do what you promised to do.
I get the idea that they want to consolidate a profile so that you can pick what to share without entering it each time but they way it is done right now feels really slimy.
/end rant
Similar to Stripe, SecureKey currently offers an analysis service for photo ID that looks for anomalies and calls them out. The next version of the service integrates with provincial records to concretely confirm validity.
We'll try Stripe and see how much fraud they can detect.
Fortunately, it is not necessary to do this. Modern passports and many identity cards contain NFC chips that allow you validate the data on an identity document with complete certainty (as in: you know that the data is correct and not tampered with). In the majority of cases (depending on the document supporting the necessary protocols) it is also possible to prove that the chip is authentic and not a clone.
Since the chip also contains a good quality color photo of the document holder, it is then possible to match this with the person holding the phone and do liveness detection.
Remote optical verification of documents is impossible, and anyone who claims they can do it isn't being honest.
Original paper documents are an anachronism. Any serious ID verification involves phoning home. Like police searching their database, border guards scanning your passport, or calling the car insurance company. Visa has depreciated offline EMV transactions. Offline credentials can't revoked so there's only the expiration date.
While there is no infallible system, I think we currently have decently efficient solution (with sizable trade-offs of course, as you rely on the user having a smartphone that is supported, with a decent camera, decent lighting etc.)
1. If you are at a desktop, there is an easy transition to using your phone to take a picture of your ID (or a selfie if that's the use case - it will match selfies with ID photos), and then complete verification on the desktop.
2. It does all the image analysis (i.e. is the ID in focus, etc.) in browser without the need for a native app.
Meaning they can identify my laptop and phone as belonging to the same person. I prefer they don't.
Few years down the line, it requested me to submit my ID data for a booking in China.
All my ID data was pre-filled.
I know in China, the host have to submit a copy of your passport to the government for regulatory reasons. I don't like and I don't want to travel to China for similar reasons (Government is constantly spying on you). But it is not fair to say Airbnb is asking you for your ID.
How would Stripe solve something like this?
* Uses various sophisticated heuristics to detect real vs fake IDs.
* Matches the ID to the human face.
* Detects whether the human face is live or not.
* Dynamically requests more or less information depending on the confidence level.
It also gets better over time based on the attacks and fraud attempts that Stripe itself sees.
> Document checks verify the authenticity of government-issued identity documents. Stripe uses a combination of machine learning models, automated heuristic analysis and manual reviewers to verify the authenticity of hundreds of different document types.
> Selfie checks look for distinguishing biological traits, such as face geometry, from a photo ID and a picture of your user’s face. Stripe then uses advanced machine learning algorithms to ensure the face pictures belong to the same person.
> ID Number checks provide a way to verify a user’s name, date of birth, and national ID number. Stripe uses a combination of third-party data sources such as credit agencies or bureaus, utility or government-issued databases and others to verify the provided ID number.
> Match the ID photo with selfies of the document holder
> Validate SSN and addresses against global databases
Seems fairly clear.
It wanted to scan the back of my dl but Indian dls are totally blank at the back. Then it said my webcam wasn't good enough and showed me a QR code to use for my mobile. The link never opened. Tried it 3 times and 5 minutes later I just googled the next alternative site and bought it from there.
Lesson being use this only if it is totally necessary. You may lose paying customers in your overzealousness to be super tech savvy to KISS sites using a Paypal button.
Edit: This seems to be an internationalization problem. I am from India. The pricing section for Indian page https://stripe.com/en-in/identity#pricing is missing so the link doesn't work.
2. Biometric data is not stored! It’s gone from our systems within 48 hours (usually in just minutes).
3. We think this’ll actually make the state of global privacy better—rather than having individuals collect, and verify your ID, Stripe will securely handle verification.
Multiple much smaller countries' IDs are supported.
If my Stripe Identity can be used across vendors, it's almost like a digital passport. I'll ask, in jest, are Stripe and Estonia (https://e-resident.gov.ee/) in competition?
Definitely more stressful from a, "Did we let a customer of a new product down?" perspective though, for sure.
Also, not for nothing but has Estonia kept their system up to date? I've not been impressed with how it had aged last time I looked into it (a few years back).
I did a deep-dive on KYC providers last year. The more well-known folks commanded 5 figure setup fees, wanted 1 to 2 year commitments, and sought to have you pre-pay for verifications. It reminded me of internet credit card processing pre-Stripe.
Stripe is not for those seeking to run truly international businesses. We've been patient, but we eventually realized that they simply do not care. We care about Sub-Saharan Africa and Latin America, but they do not. We do not trust them to prioritize the global availability of their offerings at this point, and as a result we no longer even bother checking out their offerings. What's the point if instead of empowering us, they restrict our business model.
My angle is in Brazil. Even after all these years, they still don't support monthly installments, which is literally a single line API param that, honestly, I don't know any other payment gateway in Brazil that doesn't support it. Monthly installments is a huge deal in Brazil.
They also only now started the private beta of Boletos, which is unfortunate since Boletos are being phased out in Brazil due to the new PIX, which allow for instant payments 24/7. So they are basically releasing just now a feature that nobody really wants anymore.
Stripe connect also isn't available (AFAIK only the "standard" account is available, which mandates for Stripe onboarding and can't accommodate any white label marketplace integration).
The lack of focus is noticeable even from their marketing pages. Notice how in https://stripe.com/br/connect the explanation for "Cobranças diretas" and "Cobranças de destino" are exactly the same (the text "Os compradores fazem transações diretamente com os vendedores, mas quase nunca notam a existência da plataforma, que pode cobrar tarifas de transação" appears in both), making it impossible to understand the difference, while if you visit https://stripe.com/us/connect you see two different texts for each option.
Their support team has always responded quickly and politely, but we've had an impossible time trying to understand how they could allow us collect payments from abroad as a marketplace operating in Brazil, and that's even pointing out we didn't rule out opening a US-based company via Stripe Atlas if that was necessary. Lots of contradictory information and when we pressed on, they always end with them noticing that Brazil is still in preview and they still can't operate properly with Connect in Brazil.
Which is weird, considering it's LATAM's biggest market. This release of Stripe Identity missing out Brazil on launch, even tough it's a country that badly needs antifraud solutions, is only one more evidence of this.
Identity verification is definitely something that gets better with more data as more people use it. Pricing low to gain market-share is the obvious move for companies which don't have pressure to show immediate returns.
Maybe it shows a more general difference in ambition between companies in the UK to those across the pond.
Because I've used similar services inside apps dozens of times. Sometimes to verify a drivers license to ride a car, sometimes to verify my ID to register a bank account.
Every time is was done in a few seconds so I assumed the companies used an API rather than every car-share building it themselves.
Worst case, if the appearance is really drastic then it would just fail and require a manual intervention.
When an HN post sends me to a Dutch page, it's always Stripe. 100% of the time.
I’m also impressed that Stripe called this “Identity” instead of something more like “Trust and Safety.” The current name makes it sound more like Okta or something but that’s not the case. At least today. Perhaps they want this to grow to overtake stuff like Experian.
If Sift flags that a user may be suspicious, you may need to collect more information about them to confirm if they are legitimate or not. That’s where Identity comes in.
Oftentimes, this is handled manually via an ops team asking a user to reply with a photo. Instead they can collect this automatically by surfacing Stripe Identity.
And do I understand "Stripe uses a combination of machine learning models, automated heuristic analysis and manual reviewers to verify the authenticity of hundreds of different document types." correctly in that I do not only upload video/images of my passport, face to stripe for automatic analysis but in some cases a human would even review it? Or is this a specific option I could choose?
At the moment we take live photos of the individual to help confirm that there’s a real person behind the camera.
Still appreciate seeing Stripe's name when taking a pic of my ID rather than just the rather small startup I was using. No offense to small startups, but I might've balked at it otherwise.
Why is this necessary? I thought the point was to trust Stripe with this data instead of many small companies which could abuse the data
Also surprised they are not leaning more heavily into the existing identity solutions in the countries they are already operating in, like the Netherlands and the Nordics. Maybe hard to differantiate from existing competitors?
We’ve invested heavily in creating an end-to-end verification product with an ergonomic API, responsive capture experience, and advanced fraud detection and verification capabilities.
Scaling ID verification globally also means working with others—we supplement our homegrown system with a number of partners for the best experience for the user. (e.g. Analogous to Stripe credit card payments, we also work with banking institutions.)
- Did you say something politically incorrect? Banned. - Stripe employees don't like you? Banned. - They just feel like it. Banned.
Yeah. No.
They can't know for sure whether an ID is real or fake (they're not the government).
The service then gets the user's personal identity code as a return value.
Looks like that kind of flow is not supported.
Finnish users will be very hesitant of giving scans of their ID documents to foreign companies as no domestic online services require them. And of course Finnish companies cannot practically use this for now, at least for domestic users.
Are any accuracy numbers for Stripe Identity currently available? I'm working with a merchant in Europe who is struggling due to fraud. Would be cool to figure out if Stripe Identity will improve over their current solution.
It's one of those things that you expect a more shady company to release. Then again (and it's all hearsay mind you) that they are not a good company to work with, and when talking to employees who left, they don't seem like a good company to work for.
Stick to CCs, that's intrusive enough.
I had been warned that stripe just wasn't set-up for this type of environment, but I think identity could really help.
At the same time I'm VERY concerned that stripe has allowed the API to download the proof of identity. Just like I don't want to be managing customer credit cards, I don't want to manage customer identity documents either, and I don't want to upload my identity to a company that allows the documents to be downloaded.
When I'm buying something on the internet, maybe I trust the company I'm buying from, maybe not but I know if they are using stripe, they never get my credit card number, so at most, they are able to only get away with the value of my purchase.
My identity is another matter! If I trust stripe to manage my identity, that's probably ok. I don't think stripe should blanket allow their customers to download my identity. I get that perhaps some companies have this requirement, and I'd suggest that they need to be able to work with Stripe directly to enable this for them, but for every company that signs up with stripe to be able to download the identity file...it seems like a huge risk not worth taking.
This looks cool though, and no gimmicks.
Looks like they have been working on it for a few years now. Here's a video from 2019 where someone from Stripe is giving a demo: https://www.youtube.com/watch?v=TDocEZ4f5ow.
* country code search - allow to search by a full country name or by other types of code. Was searching for Ireland and "irl", "ire" does not yield any results, only a direct match to "ie" does.
* "Provide personal information" - could default to the country where the text message went or at least could have a search instead of a <select>
Not sure if it is possible but some of the orgs will ask to limit the phone numbers to just one region, e.g. only UK. I know I need to RTFM
Sounds like an epic data leak that’s waiting to happen.
A fake ID is still a fake ID. Just because it passes a looks-similar test doesn't mean it's being verified.
verify > verb > make sure or demonstrate that (something) is true, accurate, or justified.
If it's not confirmed by issuer(in person or programmatically), it can never be 100% thus can never be verified.
Also, how long does the VerificationSession verified_outputs field remain accessible?
Previously, you'd have had to use something like Jumio for this, which was (to be generous) pretty wonky.
If we need to use our identity online for Age Vertification, then why doesn't the government step in with an anonymous service for that?
That - and - sites should have to get some kind of basic regulatory approval for asking for id.
And then liable if they leak the data.
And how is the development process?
Love it.
There are ways to securely address the problems Stripe Identity is solving for that don't involve a single centralized honeypot that both collect and retain all identification documents, build profiles of individuals, and handles authentication and attestation. These should be broken up.
A company like Stripe sets and maintains norms. They have the means to work towards something better, instead of bidding up on the status quo with a blackbox moated vertical integration where market capture wins over everything else. If we don't get either industry cross-collaboration on open federated standards and networks, the only option will be strong government regulation enforcing well-intended but poorly executed alternatives.
There are a lot of existing work on more open protocols, federated standards, and whatnot. All of that is being ignored, and nothing else is proposed as an alternative.
Both companies (Stripe Identity's customer base) and individuals deserve better.
---
Anecdote:
I apologize if I am more verbose than I would have been if I hadn't just spent most of the past 5h in a Kafkaesque series of phone calls with Paypal. Replace Paypal payments with Stripe Identity in the following and tell me I'm exaggerating when I say that this is a danger to society:
I was trying to do a single webshop purchase where the vendor only had Paypal integrated as an option. Something (supposedly with my IP/browser) made them require registering an account to proceed, which required phone verification in the country of my credit card. Account immediately got flagged and completely locked before the purchase was completed, everything got changed to the language of my credit card country (which I don't speak or read) and they told me to call Paypal support in that country, on a given number. I called and despite speaking great English, they were unable to help me in English, and told me I had to call the NA support instead. The robot voice on the other end asked what I wanted and after a couple of honest attempts, I tried with "live agent". At first it seemed like there was no way to get to a real person instead of the robot. It demanded me to verify the credit card associated with the number I was calling from - a Skype number that is not on any account of mine. I persisted in saying only "live agent" as an answer whatever the question as the voice persisted in its demands for information, until after 6~8 I was actually patched through.
I was after that escalated/sent around 5 different times, each agent taking a good time to repeat the same conversation from the beginning, making me repeat each line of information they had and a fresh round of either of SMS or e-mail validation. The final agent stayed with me for the last couple of hours as we went through everything in detail. They guided me through another e-mail validation, a password change, each step involving a browser taking painfully long time due to extended reCaptchas at every step. At some point it seemed like it would just not work as there was an infinite loop of reCaptcha and login form. The agent refused to proceed as apparently this was the only way to verify my e-mail address. All this as I was actually still logged into the blocked account and clicking links in e-mails. Trying from another device and network connection, that loop finally got broken. Eventually it came to that I had the option of an "appeal process", involving me uploading a photo ID. I said I was not comfortable doing that. My only option then was to close my account. Which requires providing a photo ID. At this point I was very frustrated and told the agent that as a resident of the EU, I would like to request data deletion. After arguing a bit about that, it turned out that there was another way to close the account, but it involved another appeal process. The agent told me that should take about 3-5 business days. After the call I received an e-mail saying account closure had been initiated but will take a minimum of 180 days to complete.
As for the purchase, the same agent actually stayed with me on the line as we tried from the beginning to do a "guest checkout", which is what I had been attempting to do from the beginning. It took a bit of back and forth until the conclusion was "it usually works but computer says no and I can't tell you why".