Hacker News new | past | comments | ask | show | jobs | submit login

Careful what you wish for with the low-tech solution. One of the most effective vectors for phone number port-out scams is just showing up to a local cell phone shop and presenting a fake id. Often this is completely free for the attacker since they can just opt to have a new phone added to the account on credit too.

The assessment doesn't need to be based on a potentially counterfeit ID the subject brings, in my hypothetical scheme. It's probably be better to do out-of-band verification with the private/public provider of the ID (State or DMV, for example)

edit: if the value of identity were to be elevated, then the physical security at these locations would be increased to the level of banks or cash-handling facilities to increase the cost of failed attempts at impersonation (to the level similar to attempted cash heists). Infact, the local phone shops should be barred/disincentivized from doing auth badly themselves and should outsource this function, just like they do with creditworthiness.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact