Now Appearing At Your Local Security Theatre: Know-Your-Customer

Dateline: Berlin, 19th March 2025.Remember the good old days when people used to rob banks for money? At least there was no contagion. Apart from anything else, thanks to fungibility, it wasn’t your money that was being stolen anyway, it was the banks’ money. Today though, smart criminals rob banks for identity, which is much more valuable.Subscribe nowSecurity? What Security?Your data is worth so much more than your money, financial institutions really should work much harder to protect it because the consequences of your data being copied are so much worse than the consequences of their money being stolen.Look at the example of Evolve Bank & Trust, where the theft of personal data and alleged images of identity credentials means that the impact of the attack will spread well beyond that bank’s customers and across the broader financial sector. The bank’s website reported that the data that hackers and copied and then released was Personal Identification Information (PII) including “name, Social Security Number, date of birth, account information and/or other personal information”. It doesn’t take much imagination to predict that the primary use of this information, apart from industrial scale phishing attacks, is that it will undoubtedly be used to create new bank accounts. Oh dear.If you are wondering, as I was, why it is that a bank would be storing pictures of driving licences and passports and so on, the answer is of course know-your-customer (KYC) regulations. The noted investor Paul Graham commented on this sort of thing saying…Now Appearing At Your Local Security Theatre: Know-Your-Customer