Hetzner requested a copy of my UK passport though.
An image of a passport proves nothing btw, especially since Hetzner is not a UK Govt Agency, that I am aware of, and has zero methods of authenticating such 'evidence' of ID.
The usefulness depends on whether it's an external or an internal requirement. For something Hetzner need themselves it's quite useless. If there's an external requirement to verify the identity of the customer (say to shield them in case of people renting servers for criminal purposes or whatever) then an image of your passport proves that Hetzner tried to verify your identity and that you forged a government document to trick them.
Of course today we have better methods, but Hetzner was founded in the dot.com bubble and since then focused their innovation on providing cheap and reliable servers, not on changing business processes that work (or making pretty interfaces).
generally when I've been asked for my passport details from a Iaas / PaaS / SaaS provider it has been for AML /KYC purposes; so it is like you say, they don't need to know the details per se, just that they've forwarded it on to an external body / company and that it has been checked.
It may prove a fraudster have basic Web searching skills. [1]
If someone is willing to do something wrong, why these companies imagine they wouldn't provide a fake document ID?
Imagine one is spinning up a Hertzner VM to hack and steal something or run a DDoS attack. The minute they see: "upload your passport ID", who thinks they'll go "oh no, we're busted, let's work honestly instead".
It's almost childish how ridiculous online KYC (know your customer) processes are.
Assuming you're being genuine here, OCR on the passport photo plus a string comparison on the card details provided. This is why the criteria for ID scans is so strict, and also why these verifications can take "up to 24 hours".
I just signed up over the weekend for a simple storage box. Today I realized after contacting their support that order was paused pending identity verification, they use something calles idenfy.
Plenty providers have verification only when something seems "off" in some way. Amazon has both lots of experience and data for payment verification and the margin to absorb fraud costs that do go through, smaller providers not so much.
I opened two accounts (different emails, credit cards, billing address) in the span over two years from Colombia. First one worked perfectly fine, but for the second one they wanted me to provide id before spinning up anything. So not sure if this was introduced recently or if they have some system that flags accounts under certain conditions to provide additional info that I tripped the second time.
Hetzner: Excuse us Mr. S. Pamking from Armenia, paying with a credit card of an elderly french lady, could you please send us some id? After that we will gladly spin up your 100 VPS Mail-Servers.
> Excuse us Mr. S. Pamking from Armenia, paying with a credit card of an elderly french lady, could you please send us some id?
Amazon's cool with it. I guess they don't care as much? I do wonder where the fraud prevention requirements come from. It's an interesting question if they are even for fraud prevention.
I assume it happened while the UK was in the EU. You can verify a passport electronically via the identifiers via the EU border control network, AFAIK.
Hetzner aren't aiming to prove your identity. They're most likely aiming to reduce their fraud risk by requiring you to have a relatively-hard-to-fake document which matches your payment details.
In my case they just wanted a copy of my company registration certificate.
An image of a passport proves nothing btw, especially since Hetzner is not a UK Govt Agency, that I am aware of, and has zero methods of authenticating such 'evidence' of ID.