Most active commenters
  • lxgr(4)
  • Etheryte(3)
  • rtpg(3)

←back to thread

A change of address led to our Wise accounts being shut down

(shaun.nz)
325 points jemmyw | 12 comments | 30 Oct 25 22:41 UTC | HN request time: 0.975s | source | bottom
Show context
lxgr ◴[30 Oct 25 23:21 UTC] No.45766597[source]
> a dropdown list of acceptable documents: a lease agreement, rates notice, tax document, utilities bill, or telecommunications bill.

It’s baffling to me that these types of (usually unsigned in both the electronic and the ink way, not that the latter would prove anything in a scan) PDFs are still somehow the gold standard for “proofs” of address.

replies(5): >>45766620 #>>45767560 #>>45767634 #>>45768438 #>>45768966 #
1. Etheryte ◴[30 Oct 25 23:24 UTC] No.45766620[source]
In many countries worldwide that's the reasonable best option. A scan of a physically signed piece of paper is no better, anyone could've signed it. So long as there is no global standard for digitally signed documents, that's what we're stuck with, no?
replies(2): >>45766712 #>>45770926 #
2. rtpg ◴[30 Oct 25 23:35 UTC] No.45766712[source]
While you can always outright commit fraud, there are many jurisdictions where there are decently strong forms of proof that go beyond a letter.

Things like tax numbers with addresses associated to them, official address registers... hell, a lot of ID cards in many jurisdictions just have your address printed on it!

Now, again, fraud is possible, but "I registered my drivers license to a fake address" is a bit of a higher hurdle than "I edited my utility PDF to show the right address".

Though there's a bit of a blessing in things like PDFs being easily editable, in that many badly organized criminals will likely do it haphazardly, leading to messy metadata, or even more amateur hour stuff around just having the font be wrong or the like. More opportunities for a fraudster to trip up, so to speak.

replies(1): >>45766825 #
3. Etheryte ◴[30 Oct 25 23:48 UTC] No.45766825[source]
In countries where you do have e.g. tax numbers associated with addresses no government agency is going to give it to a random private company. I've lived in many countries both in the EU and outside of it and I can think of only a few countries where you actually could do something better than a pdf — and they use digital signatures.
replies(3): >>45768012 #>>45768596 #>>45768838 #
4. lmm ◴[31 Oct 25 03:20 UTC] No.45768012{3}[source]
> In countries where you do have e.g. tax numbers associated with addresses no government agency is going to give it to a random private company.

Why not? In my country the company registry is public, anyone can pay a small fee to get an official certificate of a company's address and company number.

replies(1): >>45768440 #
5. Etheryte ◴[31 Oct 25 04:28 UTC] No.45768440{4}[source]
We're talking about different things, what you're describing is the opposite problem. The vast majority of the customers are people, not companies, and no information will be released about them.
replies(1): >>45768826 #
6. jltsiren ◴[31 Oct 25 05:03 UTC] No.45768596{3}[source]
A bank is not a random private company.

In Finland, people are supposed to have a single official address. When you move, the government informs banks and other businesses that have a legitimate reason to know your official address, unless you have opted out. There are a few exceptions, such as temporary addresses and international relocations, where you have to give the new address yourself.

7. lmm ◴[31 Oct 25 05:55 UTC] No.45768826{5}[source]
The post we're discussing is about a company, so I think that's the relevant case. (And for what it's worth the registry I'm talking about also applies to sole proprietors, at least those who've registered for the associated tax treatment).
8. rtpg ◴[31 Oct 25 05:59 UTC] No.45768838{3}[source]
I don't know about the rest of the EU but France just has national ID cards with your address printed on the back! No need for anything fancy there.

In both Australia and Japan there are tax numbers used for corporate identity verification (remember: here we're talking about a Wise account used for a business)

replies(1): >>45771695 #
9. lxgr ◴[31 Oct 25 11:41 UTC] No.45770926[source]
Does it necessarily need to be a global standard? Just starting with the ones that do have a digital signature infrastructure would be something. The EU has eIDAS, which already covers 27 countries, for example.
10. lxgr ◴[31 Oct 25 13:19 UTC] No.45771695{4}[source]
> France just has national ID cards with your address printed on the back! No need for anything fancy there.

Is a scan/photo of a government ID that much more reliable, though?

Physical IDs are designed to be validated in person because they're hard to replicate. That's not the case for a scan/photo of an ID.

replies(1): >>45776805 #
11. rtpg ◴[31 Oct 25 21:17 UTC] No.45776805{5}[source]
So a couple of things:

- I don’t know for France but for Japan one of the ID cards (My Number cards) have RFID chips in them. This means that KYC procedures can involve both scanning the card with your phone, and then doing some video “turn your head” verification stuff

- even absent that, video-based KYC flows (which I see a lot of) just leave less margin of error for fraudsters. And for people being honest, a national ID card is yet another way for someone to have proof, despite their other circumstances

There’s always going to be people in edge cases of course, I just feel like leaning on ID cards that many jurisdictions have is straightforward

replies(1): >>45782815 #
12. lxgr ◴[01 Nov 25 16:11 UTC] No.45782815{6}[source]
One big problem I see with that is that, while almost all passports and EU ID cards now support ICAO cryptographic document validation standards, there's usually no publicly accessible revocation list for these.

Combine that with the absence of any built-in user verification (some national schemes have a PIN code, but the track record of that isn't great), and it becomes clear why these documents don't fully solve the problem of strong identity verification.