Hacker News new | past | comments | ask | show | jobs | submit login

Hetzner requested a copy of my UK passport though.

An image of a passport proves nothing btw, especially since Hetzner is not a UK Govt Agency, that I am aware of, and has zero methods of authenticating such 'evidence' of ID.




The usefulness depends on whether it's an external or an internal requirement. For something Hetzner need themselves it's quite useless. If there's an external requirement to verify the identity of the customer (say to shield them in case of people renting servers for criminal purposes or whatever) then an image of your passport proves that Hetzner tried to verify your identity and that you forged a government document to trick them.

Of course today we have better methods, but Hetzner was founded in the dot.com bubble and since then focused their innovation on providing cheap and reliable servers, not on changing business processes that work (or making pretty interfaces).


generally when I've been asked for my passport details from a Iaas / PaaS / SaaS provider it has been for AML /KYC purposes; so it is like you say, they don't need to know the details per se, just that they've forwarded it on to an external body / company and that it has been checked.


> An image of a passport proves nothing btw

It may prove a fraudster have basic Web searching skills. [1]

If someone is willing to do something wrong, why these companies imagine they wouldn't provide a fake document ID?

Imagine one is spinning up a Hertzner VM to hack and steal something or run a DDoS attack. The minute they see: "upload your passport ID", who thinks they'll go "oh no, we're busted, let's work honestly instead".

It's almost childish how ridiculous online KYC (know your customer) processes are.

[1] https://www.google.com/search?q=example+of+british+passport+...


It's not "just" a passport photo, it's a photo of a passport with a name that matches the payment method.


how are they going to know that the name matches the credit card?


idk, how do you compare strings?


Assuming you're being genuine here, OCR on the passport photo plus a string comparison on the card details provided. This is why the criteria for ID scans is so strict, and also why these verifications can take "up to 24 hours".


I've not needed to verify identity to spin up VPS or order storage boxes. For what reason did you have to verify yourself?


I just signed up over the weekend for a simple storage box. Today I realized after contacting their support that order was paused pending identity verification, they use something calles idenfy.


Plenty providers have verification only when something seems "off" in some way. Amazon has both lots of experience and data for payment verification and the margin to absorb fraud costs that do go through, smaller providers not so much.


I opened two accounts (different emails, credit cards, billing address) in the span over two years from Colombia. First one worked perfectly fine, but for the second one they wanted me to provide id before spinning up anything. So not sure if this was introduced recently or if they have some system that flags accounts under certain conditions to provide additional info that I tripped the second time.


I assumed because I was not an EU citizen?


Hetzner: Excuse us Mr. S. Pamking from Armenia, paying with a credit card of an elderly french lady, could you please send us some id? After that we will gladly spin up your 100 VPS Mail-Servers.


> Excuse us Mr. S. Pamking from Armenia, paying with a credit card of an elderly french lady, could you please send us some id?

Amazon's cool with it. I guess they don't care as much? I do wonder where the fraud prevention requirements come from. It's an interesting question if they are even for fraud prevention.


No, they ask for EU citizens also.


I am not an EU citizen, but Hetzner didn't ask me for any ID.


How long ago was that?

"Well, there goes the Privacy - Hetzner Hosting" https://www.reddit.com/r/privacytoolsIO/comments/b5qp08/well...


Okay, looks like it was just before that.


I assume it happened while the UK was in the EU. You can verify a passport electronically via the identifiers via the EU border control network, AFAIK.

So, it's enough of a verification.


Hetzner aren't aiming to prove your identity. They're most likely aiming to reduce their fraud risk by requiring you to have a relatively-hard-to-fake document which matches your payment details.

In my case they just wanted a copy of my company registration certificate.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: