Considering that Stripe was originally known for letting websites accept credit card payments without seeing your credit card number, one might assume that Stripe Identity only allows websites to see the verification result, and not your selfies and scans of your identity documents.
That would be an incorrect assumption. Per https://support.stripe.com/questions/managing-your-id-verifi... customers of Stripe Identity have API access to "captured images of the ID document, selfies, extracted data from the ID document, keyed-in information, and the verification result".
Thus, when you use Stripe Identity to verify your identity, you have to trust that:
1. The website doesn't download, retain, and later leak your selfie and identity information.
2. The website's Stripe API token isn't compromised and exploited by identity thieves to access your selfie and identity information.
Stripe appears to be leaning heavily on their claim that they don't disclose "biometric identifiers" to websites and that these "biometric identifiers" are deleted from their systems within 48 hours. This is extremely deceptive considering that biometric identifiers can be reconstructed from the selfie.
> Considering that Stripe was originally known for letting websites accept credit card payments without seeing your credit card number, one might assume that Stripe Identity only allows websites to see the verification result, and not your selfies and scans of your identity documents.
A few points:
- Fundamentally, Identity makes it possible to choose how much of this data traverses / is stored on your servers, just as Stripe did with card numbers.
- There's a basic difference between card numbers and identity verification. With card numbers, you (generally) don't really care about the number -- you just want the payment. With ID verification, however, many businesses have good reason to want more than just the verification result. For example, they are often subject to compliance requirements that mandate that they themselves possess or have access to the raw information. They may need or wish to perform additional checks on their side. Etc.
- The relevant UI in Identity is deliberately very clear on this points in order to avoid the assumption you're stating. The flow explicitly says "Stripe and [Business] may each use your data." Even though an end user might consider it suboptimal for the business to have their data, we still view it as an improvement to the usual status quo, where this data is frequently stored in very ad hoc fashion and without rigorous security protections.
- While many of the businesses initially building on Identity wanted access to the raw information, it may well make sense for us to enable them to restrict themselves in the future. In this world, Stripe could tell their customers that the business doesn't have access to the raw details. (This might even make sense for Stripe payments in the future.) As a philosophical matter, we consider ourselves to serve the business, which means that limiting access to what we consider to be the business's own information feels a bit strange. That said, it might sometimes be in the interests of the business to allow them to limit themselves in this fashion (especially as Stripe's brand recognition among consumers grows).
- There's a separate concern about compromise of the business's credentials leading to inadvertent disclosure of this information (a situation analogous to an S3 bucket key getting leaked). This is of general concern to us in lots of situations, not just with Identity. We have some new functionality on the way here.
It's unfortunate , I'm an Enterprise Architect in Banking and honestly I wouldn't have let that feature go in production.
Businesses that do not have a legitimate reason to view my sensitive document like Passport , should not be allowed to do so.
Only authorized institutions like Licensed Payment Institution / Banks / Insurances etc... should be allowed to do so and AFTER they've been approved.
It's sad because you can tell right away that this will we be abused by Stripe's customers inadvertently. Just like Uber "God View" thats you view any customer ride...
Pretty sure the amount of "Identity Theft" or "Privacy" Scandal is going to explode with such technology available for everyone.
I don't know how a product manager at stripe could tell himself that "Yes , it make sense to give access to sensitive documents" in an age where people are seeking more privacy.
> Considering that Stripe's original selling point was that it let websites accept credit card payments without seeing your credit card number
This is true, but it's also kind of a misleading statement; the original selling point was that you could accept credit cards without having to deal with the requirements of PCI compliance and merchant accounts, which is done (partially) by you not ever seeing the card data.
If there was similar compliance regulation around document storage, I would assume that Stripe would use "Identity-Document-Standards" compliancy as a selling point. As far as I know, there are no such requirements.
I do think your #2 point though is exceptionally valid, and would hope that the majority of Stripe keys are scoped to not even provide access to this data/endpoints.
Edwin from Stripe here. The two cases are actually very similar. If you want to avoid ID documents ever being stored on your servers, Identity makes it easy to do that. (Just as Elements/Stripe.js makes that easy for card numbers.) On the other hand, if you want to score card numbers or ID documents (and there are sometimes good reasons for doing this!), Stripe makes that straightforward.
I suspect most (if not all) KYC regulations require you to keep the evidence you used to verify the identity - even landlords in the UK are required to keep the evidence they saw of your right to live in the UK, let alone any institution that actually needs to prevent fraud etc. I suspect it's just a basic requirement of selling such a service to most medium-large businesses.
>Considering that Stripe's original selling point was that it let websites accept credit card payments without seeing your credit card number
I thought that Stripe's original selling point was that you could easily accept payments online without having to integrate with complicated bank and payment processor tech.
I wonder if instead Stripe could have routed calls through itself, filling in the secret info. Perhaps it was discussed?
For example, imagine Joe Biden buys a widget from WidgetsR.us and wants it shipped to his home address of 1600 Penn Ave in DC.
WidgetsR.us -> Fedex.com/order_XYZ/ship-to/Joe Biden at 1600 Penn Ave in DC
WidgetsR.us <- Fedex.com "201 CREATED"
Instead they could route through Stripe (where 123_joe corresponds to Joe Biden's identity docs in Stripe), which fills in the missing info.
WidgetsR.us -> Stripe.com/identity/123_joe?redirect=Fedex.com/order_XYZ/ship-to/$NAME at $ADDRESS
Stripe.com -> Fedex.com/order_XYZ/ship-to/Joe Biden at 1600 Penn Ave in DC
Stripe.com <- Fedex.com "201 CREATED"
WidgetsR.us <- Stripe.com '"201 CREATED"'
That way WidgetsR.us never knew the $NAME or $ADDRESS of user 123_joe, but was still able to use them. (Yes, they could send that info to themselves, but then they're on the hook for protecting it.) The huge downside here is putting Stripe in your business's critical path. But if it's already there for payments, then why not for identity?
Just an update on this—we've some changes in flight. Accessing sensitive verification results like date of birth, extracted document numbers, or collected images will soon require the use of restricted API keys. (More at https://stripe.com/docs/identity/verification-sessions#resul....) Thanks again for your feedback. I'll shoot you an email to chat more too.
The landing page contains logos for clubhouse, discord, and shippo, which are presumably companies use the service. Does anyone find those usages to be unnecessarily intrusive? Maybe it's just me, but a chat app or shipping site asking me for a drivers license scan + selfie would make me never want to use the service again. It's appalling how this sort of stuff is getting normalized, eg. google asking for id scans for age verification.
Smart. Banks haven't been allowed to monetize their KYC data, but this new non-bank class of payments companies have this opportunity. Interac has been trying to do this for many years.
Some years ago I worked on a system let banks do identity assertions with proofs via SAML attributes instead of sharing customer PII. It is now a federation of banks in wide use for govt services in Canada. The use cases were really limited because the federation partners were too conservative to extend the identity services to relying party consumer applications real people actually wanted to use, and institutional sales cycles meant product feedback was glacial, so it has existed for over a decade in this relative backwater of gov-tech. I think identity companies have mostly failed to get traction because of a terminal lack of consumer sexiness, whereas Stripe has the jelly.
Other companies in the identity space have been working on protocols and platforms, but none of them had a user base to extend an identity federation services into, which means they have never been able to make a real or viable product, just interesting techs. An internet payment provider with young consumer traction getting into identity is a Very Big Deal.
It's going to position Stripe to knock out a lot of retail banks who can't offer similar services. Imo, this could make them bigger than Apple.
Do banks want to monetise their KYC data? In the UK, the government launched a similar system in 2014 called Verify, a platform for banks and other firms with existing customer relationships to offer identity verification as a service to the government, and eventually, third party sites. Users would choose a participating bank they has a relationship with and login to their account as verification.
But despite paying over £20 a user for each verification they only got one or two banks to join, and the scheme was a disaster.
"Banks haven't been allowed to monetize their KYC data"?
I work for a major US Bank and they are most definitely monetizing KYC data, in fact we have made several billion dollar acquisitions just to scoop peoples data.
Actually, it seems that this did go into production - you can now verify identity using the service. For example, you can identify yourself for Govt. of Canada services (immigration, taxes) by logging into to your banking platform that then vouches for your identity using a service called SecureKeyConcierge / Verified.Me - note that ALL of Canada's major and quite a few minor banks are signed up to the service.
The way the service works by getting permission from you, the user, to share some part of your identity with the destination and you can chose what you share. You could pick for example just to share name and not DoB.
The one reason I hate this otherwise superbly designed service and refused to use it is that is has a dark pattern where it creates a "SecureKey / Verified.Me Concierge Account" for "you" when you use it and starts proxying/pre-emptying the bank-login-as-verification process.
WHICH IS STUPID
AND SCAMMY
IF YOU ARE READING THIS VERIFIED.ME, THIS IS DARK PATTERN BEHAVIOR AND IT IS NOT RIGHT OR FAIR
/start rant
From my perspective, the whole point is - inhale - "I sorta trust my bank because I have to so I will log on to them so that they can vouch for me but I definitely don't trust you so why are you being a dick and making me make an account with your service that I don't trust and will never trust" - exhale
Just let the bank vouch for me each time, this is what I expect a reasonable and non-scammy service provider to do. Don't wait till you have my info then tell me, hey, I will make an verified.met / secureconcierge account for you so that <insert your preferred monetization rationale here> before you do what you promised to do.
I get the idea that they want to consolidate a profile so that you can pick what to share without entering it each time but they way it is done right now feels really slimy.
There's definitely a market for this. Back when I worked in porn (in the camming sphere), we had a team of moderators whose main job was verifying the identity (especially age) of performers. With over 10k performers, this was a lot of work. And you can't just do it once. You have to do it every time a performer starts a performance. People would try all sorts of tricks, like taking a picture of themselves with an older sister's ID, all kinds of fake IDs, some better than others. Verifying an identity over webcam is no easy feat, those moderators had to be able to tell different passports apart (many, many, nationalities), tease out the fakes, and then make sure that they person in the ID is the same person presenting the ID. Problem is multiplied by the number of performers in the room. Performers who are eager to start making money instead of satisfying the moderators checklist.
Does Stripe intend to make a giant online database of international identity documents? Why should we trust Stripe to secure these? It could be Equifax levels of problematic if there would be a intrusion, but I also can't tell how Stripe plans to use this information.
These databases already exist. For example, all driver's licenses issued in a state are part of the public record, and many companies already maintain databases of them. For example, you can sign up for an account with the NY DMV that allows you to search all DMV records, as long as your use falls within one of a dozen permissible use-cases (including "To verify the accuracy of information submitted by the individual to the business"). Identity documents are designed to be verifiable, which in this case generally precludes them from being secret
No. 1. Stripe cares tremendously about and knows the importance of security—we’ve learned a lot from securely processing hundreds of billions of dollars in payments annually, and Identity is built from those learnings. (https://stripe.com/docs/security/stripe).
2. Any biometric identifiers that are created to perform the verification are never stored or retained—they are fully removed from all of our systems within 48 hours (usually within minutes).
I never wanted Equifax to have any of my data, and yet here we are. After the breach, I wouldn’t ever be a paying customer to them if I had a choice. (Indirectly, I am still a “customer” in the sense that they probably still have my data and get new data about me—but apart from canceling all my cards, not sure what choice I have). In comparison, Stripe seems to charge for each product it offers. I think that’s a more fair and transparent model.
These databases already exist. Typically the way it works is after you claim an identity, they will look up past addresses, phone numbers or employers then present multiple choice questions asking which one is part of your past. The companies I've seen that do these are not hosting (or claim to not host) any of the data, but rather have hooks to fetch it from financial institutions. I think it's mostly credit bureaus, but could also be banks.
The only way i would trust such a thing is if i have complete control over my data and how it's used (that's probably never gonna happen from a for-profit imo)
I really despise this trend of uploading your ID and a selfie for verification. I know it makes sense in some legal frameworks, but beyond that I find it invasive and risky (and rude.)
At work we do eIDV of customers and we tested 5 companies. One was quality but too expensive and required too large commitments; two couldn't detect badly photoshopped frauds we threw together, another couldn't detect a printed or on-screen copy of a document being captured (vs the real document - difficult to do, but important). The fifth which we're using can detect printed copies of documents around half the time, but their OCR is shockingly poor when it comes to recognising DoBs so we have to manually check and update the age.
We'll try Stripe and see how much fraud they can detect.
The Stripe Identity product is fantastic. Some of the most impressive things:
1. If you are at a desktop, there is an easy transition to using your phone to take a picture of your ID (or a selfie if that's the use case - it will match selfies with ID photos), and then complete verification on the desktop.
2. It does all the image analysis (i.e. is the ID in focus, etc.) in browser without the need for a native app.
This seems like a really useful service but I am concerned this is going to normalize requiring identity info for sites which do not legally need it. I imagine the pretext for most will be fraud prevention, and while this might be true, I cannot see how this wouldn’t eventually be used for ad targeting and other “consumer is the product” funding models without regulation restricting it.
Wow, I would like to know about this has been engineered and QA'd. Owning this system on the product side would keep me awake nights. One question is tolerance on false negatives (you don't look enough like your govt id) - maybe they collect additional information, and use third party service for corroboration.
If my Stripe Identity can be used across vendors, it's almost like a digital passport. I'll ask, in jest, are Stripe and Estonia (https://e-resident.gov.ee/) in competition?
Had to do this on a site recently and it didn't work for me at all.
It wanted to scan the back of my dl but Indian dls are totally blank at the back. Then it said my webcam wasn't good enough and showed me a QR code to use for my mobile. The link never opened. Tried it 3 times and 5 minutes later I just googled the next alternative site and bought it from there.
Lesson being use this only if it is totally necessary. You may lose paying customers in your overzealousness to be super tech savvy to KISS sites using a Paypal button.
The pricing link on the top doesn't refer to any pricing section on the page. Is it missing?
Edit: This seems to be an internationalization problem. I am from India. The pricing section for Indian page https://stripe.com/en-in/identity#pricing is missing so the link doesn't work.
I've never seen a company release incredible products with as high velocity as Stripe has over the last few years. Truly incredible. $1.50/user may sound outrageously expensive at first, but having seen all the engineering power it takes to build something like this at Uber...it's a totally fair price.
This is on the less expensive side of alternatives and doesn't require a minimum annual spend quota. They nailed this for startups, which I imagine is a combination response to / anticipation of regulatory requirements in Web3 apps.
> $1.50/user may sound outrageously expensive at first, but having seen all the engineering power it takes to build something like this at Uber...it's a totally fair price.
I observed other teams struggle to build and have tackled challenges posed by identity, 1.5$/user is terrific price. Handling PII data in itself is a rabbit hole of engineering, product, and regulatory challenges. Let alone creating unique identities, matching, and what not.
Sadly out of reach for small projects. For example if you had a site with 100k users, you'd barely cover server costs with Ad Sense. $150k to check all of them? Would never happen :/ Maybe if they could pay for verification themselves?
This is a refreshingly affordable and beneficial offering.
I did a deep-dive on KYC providers last year. The more well-known folks commanded 5 figure setup fees, wanted 1 to 2 year commitments, and sought to have you pre-pay for verifications. It reminded me of internet credit card processing pre-Stripe.
Absolute game changer, other actors in this market have big bulky sales processes with difficult pricing models and high commitment. If Stripe is competitive on pricing they will definitely win this market.
I gave up on Stripe because they clearly are a US-focused company, and do not have a global outlook. I find it disappointing that after so many years of being in business, their payment processing services are still only available to a few dozen countries. This for example makes it impossible to rely on them to build a global marketplace with Stripe Connect accepting merchants from all over the world.
Stripe is not for those seeking to run truly international businesses. We've been patient, but we eventually realized that they simply do not care. We care about Sub-Saharan Africa and Latin America, but they do not. We do not trust them to prioritize the global availability of their offerings at this point, and as a result we no longer even bother checking out their offerings. What's the point if instead of empowering us, they restrict our business model.
The way domestic services (both public and private) in Finland verify user's identity is via bank credentials (Finnish Trust Network), via Mobile ID (Mobiilivarmenne), or via government FINeID. All these involve multi-factor authentication.
The service then gets the user's personal identity code as a return value.
Looks like that kind of flow is not supported.
Finnish users will be very hesitant of giving scans of their ID documents to foreign companies as no domestic online services require them. And of course Finnish companies cannot practically use this for now, at least for domestic users.
[+] [-] agwa|4 years ago|reply
That would be an incorrect assumption. Per https://support.stripe.com/questions/managing-your-id-verifi... customers of Stripe Identity have API access to "captured images of the ID document, selfies, extracted data from the ID document, keyed-in information, and the verification result".
Thus, when you use Stripe Identity to verify your identity, you have to trust that:
1. The website doesn't download, retain, and later leak your selfie and identity information.
2. The website's Stripe API token isn't compromised and exploited by identity thieves to access your selfie and identity information.
Stripe appears to be leaning heavily on their claim that they don't disclose "biometric identifiers" to websites and that these "biometric identifiers" are deleted from their systems within 48 hours. This is extremely deceptive considering that biometric identifiers can be reconstructed from the selfie.
[+] [-] pc|4 years ago|reply
> Considering that Stripe was originally known for letting websites accept credit card payments without seeing your credit card number, one might assume that Stripe Identity only allows websites to see the verification result, and not your selfies and scans of your identity documents.
A few points:
- Fundamentally, Identity makes it possible to choose how much of this data traverses / is stored on your servers, just as Stripe did with card numbers.
- There's a basic difference between card numbers and identity verification. With card numbers, you (generally) don't really care about the number -- you just want the payment. With ID verification, however, many businesses have good reason to want more than just the verification result. For example, they are often subject to compliance requirements that mandate that they themselves possess or have access to the raw information. They may need or wish to perform additional checks on their side. Etc.
- The relevant UI in Identity is deliberately very clear on this points in order to avoid the assumption you're stating. The flow explicitly says "Stripe and [Business] may each use your data." Even though an end user might consider it suboptimal for the business to have their data, we still view it as an improvement to the usual status quo, where this data is frequently stored in very ad hoc fashion and without rigorous security protections.
- While many of the businesses initially building on Identity wanted access to the raw information, it may well make sense for us to enable them to restrict themselves in the future. In this world, Stripe could tell their customers that the business doesn't have access to the raw details. (This might even make sense for Stripe payments in the future.) As a philosophical matter, we consider ourselves to serve the business, which means that limiting access to what we consider to be the business's own information feels a bit strange. That said, it might sometimes be in the interests of the business to allow them to limit themselves in this fashion (especially as Stripe's brand recognition among consumers grows).
- There's a separate concern about compromise of the business's credentials leading to inadvertent disclosure of this information (a situation analogous to an S3 bucket key getting leaked). This is of general concern to us in lots of situations, not just with Identity. We have some new functionality on the way here.
[+] [-] echopom|4 years ago|reply
Businesses that do not have a legitimate reason to view my sensitive document like Passport , should not be allowed to do so.
Only authorized institutions like Licensed Payment Institution / Banks / Insurances etc... should be allowed to do so and AFTER they've been approved.
It's sad because you can tell right away that this will we be abused by Stripe's customers inadvertently. Just like Uber "God View" thats you view any customer ride...
Pretty sure the amount of "Identity Theft" or "Privacy" Scandal is going to explode with such technology available for everyone.
I don't know how a product manager at stripe could tell himself that "Yes , it make sense to give access to sensitive documents" in an age where people are seeking more privacy.
[+] [-] nrmitchi|4 years ago|reply
This is true, but it's also kind of a misleading statement; the original selling point was that you could accept credit cards without having to deal with the requirements of PCI compliance and merchant accounts, which is done (partially) by you not ever seeing the card data.
If there was similar compliance regulation around document storage, I would assume that Stripe would use "Identity-Document-Standards" compliancy as a selling point. As far as I know, there are no such requirements.
I do think your #2 point though is exceptionally valid, and would hope that the majority of Stripe keys are scoped to not even provide access to this data/endpoints.
Edit: grammar
[+] [-] edwinwee|4 years ago|reply
[+] [-] alexchamberlain|4 years ago|reply
[+] [-] poorman|4 years ago|reply
I thought that Stripe's original selling point was that you could easily accept payments online without having to integrate with complicated bank and payment processor tech.
[+] [-] mLuby|4 years ago|reply
For example, imagine Joe Biden buys a widget from WidgetsR.us and wants it shipped to his home address of 1600 Penn Ave in DC.
Instead they could route through Stripe (where 123_joe corresponds to Joe Biden's identity docs in Stripe), which fills in the missing info. That way WidgetsR.us never knew the $NAME or $ADDRESS of user 123_joe, but was still able to use them. (Yes, they could send that info to themselves, but then they're on the hook for protecting it.) The huge downside here is putting Stripe in your business's critical path. But if it's already there for payments, then why not for identity?[+] [-] edwinwee|4 years ago|reply
[+] [-] nati0n|4 years ago|reply
[+] [-] gruez|4 years ago|reply
[+] [-] motohagiography|4 years ago|reply
Some years ago I worked on a system let banks do identity assertions with proofs via SAML attributes instead of sharing customer PII. It is now a federation of banks in wide use for govt services in Canada. The use cases were really limited because the federation partners were too conservative to extend the identity services to relying party consumer applications real people actually wanted to use, and institutional sales cycles meant product feedback was glacial, so it has existed for over a decade in this relative backwater of gov-tech. I think identity companies have mostly failed to get traction because of a terminal lack of consumer sexiness, whereas Stripe has the jelly.
Other companies in the identity space have been working on protocols and platforms, but none of them had a user base to extend an identity federation services into, which means they have never been able to make a real or viable product, just interesting techs. An internet payment provider with young consumer traction getting into identity is a Very Big Deal.
It's going to position Stripe to knock out a lot of retail banks who can't offer similar services. Imo, this could make them bigger than Apple.
[+] [-] jsmith99|4 years ago|reply
But despite paying over £20 a user for each verification they only got one or two banks to join, and the scheme was a disaster.
[+] [-] cycop|4 years ago|reply
I work for a major US Bank and they are most definitely monetizing KYC data, in fact we have made several billion dollar acquisitions just to scoop peoples data.
[+] [-] throwaway201606|4 years ago|reply
See this page:
https://services.securekeyconcierge.com/cbs/saml/login?l=1&l...
The way the service works by getting permission from you, the user, to share some part of your identity with the destination and you can chose what you share. You could pick for example just to share name and not DoB.
The one reason I hate this otherwise superbly designed service and refused to use it is that is has a dark pattern where it creates a "SecureKey / Verified.Me Concierge Account" for "you" when you use it and starts proxying/pre-emptying the bank-login-as-verification process.
WHICH IS STUPID AND SCAMMY IF YOU ARE READING THIS VERIFIED.ME, THIS IS DARK PATTERN BEHAVIOR AND IT IS NOT RIGHT OR FAIR
/start rant
From my perspective, the whole point is - inhale - "I sorta trust my bank because I have to so I will log on to them so that they can vouch for me but I definitely don't trust you so why are you being a dick and making me make an account with your service that I don't trust and will never trust" - exhale
Just let the bank vouch for me each time, this is what I expect a reasonable and non-scammy service provider to do. Don't wait till you have my info then tell me, hey, I will make an verified.met / secureconcierge account for you so that <insert your preferred monetization rationale here> before you do what you promised to do.
I get the idea that they want to consolidate a profile so that you can pick what to share without entering it each time but they way it is done right now feels really slimy.
/end rant
[+] [-] elric|4 years ago|reply
[+] [-] f38zf5vdt|4 years ago|reply
[+] [-] nightpool|4 years ago|reply
[+] [-] edwinwee|4 years ago|reply
2. Any biometric identifiers that are created to perform the verification are never stored or retained—they are fully removed from all of our systems within 48 hours (usually within minutes).
More on this at https://support.stripe.com/questions/managing-your-id-verifi....
[+] [-] rokobobo|4 years ago|reply
[+] [-] tootie|4 years ago|reply
[+] [-] arthur_sav|4 years ago|reply
The only way i would trust such a thing is if i have complete control over my data and how it's used (that's probably never gonna happen from a for-profit imo)
[+] [-] tracedddd|4 years ago|reply
[+] [-] pbowyer|4 years ago|reply
We'll try Stripe and see how much fraud they can detect.
[+] [-] hn_throwaway_99|4 years ago|reply
1. If you are at a desktop, there is an easy transition to using your phone to take a picture of your ID (or a selfie if that's the use case - it will match selfies with ID photos), and then complete verification on the desktop.
2. It does all the image analysis (i.e. is the ID in focus, etc.) in browser without the need for a native app.
[+] [-] mikeiz404|4 years ago|reply
[+] [-] foota|4 years ago|reply
[+] [-] SN76477|4 years ago|reply
[+] [-] gima|4 years ago|reply
[+] [-] notdang|4 years ago|reply
[+] [-] rattray|4 years ago|reply
[+] [-] troelsSteegin|4 years ago|reply
If my Stripe Identity can be used across vendors, it's almost like a digital passport. I'll ask, in jest, are Stripe and Estonia (https://e-resident.gov.ee/) in competition?
[+] [-] superasn|4 years ago|reply
It wanted to scan the back of my dl but Indian dls are totally blank at the back. Then it said my webcam wasn't good enough and showed me a QR code to use for my mobile. The link never opened. Tried it 3 times and 5 minutes later I just googled the next alternative site and bought it from there.
Lesson being use this only if it is totally necessary. You may lose paying customers in your overzealousness to be super tech savvy to KISS sites using a Paypal button.
[+] [-] searchableguy|4 years ago|reply
Edit: This seems to be an internationalization problem. I am from India. The pricing section for Indian page https://stripe.com/en-in/identity#pricing is missing so the link doesn't work.
[+] [-] ngoel36|4 years ago|reply
[+] [-] recursive4|4 years ago|reply
[+] [-] grouseway|4 years ago|reply
[+] [-] jonplackett|4 years ago|reply
Can Stripe hurry up and go public so I can buy some shares?
[+] [-] vishnugupta|4 years ago|reply
I observed other teams struggle to build and have tackled challenges posed by identity, 1.5$/user is terrific price. Handling PII data in itself is a rabbit hole of engineering, product, and regulatory challenges. Let alone creating unique identities, matching, and what not.
[+] [-] andy_ppp|4 years ago|reply
[+] [-] tyingq|4 years ago|reply
[+] [-] privatdozent|4 years ago|reply
[+] [-] varispeed|4 years ago|reply
[+] [-] ankurpatel|4 years ago|reply
[+] [-] ianhawes|4 years ago|reply
I did a deep-dive on KYC providers last year. The more well-known folks commanded 5 figure setup fees, wanted 1 to 2 year commitments, and sought to have you pre-pay for verifications. It reminded me of internet credit card processing pre-Stripe.
[+] [-] willeh|4 years ago|reply
[+] [-] throwaway9398|4 years ago|reply
Stripe is not for those seeking to run truly international businesses. We've been patient, but we eventually realized that they simply do not care. We care about Sub-Saharan Africa and Latin America, but they do not. We do not trust them to prioritize the global availability of their offerings at this point, and as a result we no longer even bother checking out their offerings. What's the point if instead of empowering us, they restrict our business model.
[+] [-] maxehmookau|4 years ago|reply
[+] [-] sidcool|4 years ago|reply
[+] [-] AnssiH|4 years ago|reply
The service then gets the user's personal identity code as a return value.
Looks like that kind of flow is not supported.
Finnish users will be very hesitant of giving scans of their ID documents to foreign companies as no domestic online services require them. And of course Finnish companies cannot practically use this for now, at least for domestic users.