Tax records don’t have to include the customer if it’s retail. If that was a requirement cash businesses would have massive problems, and the rule of keeping those records for seven years significantly predates our current model of credit for everything.
Beyond that, if I go to a restaurant they don’t have my name and address or any other information. Businesses need to keep records like “we bought x from y for $z,” and “we sold x to a for $b.”
And even further, the government could clarify that (if in some countries customer data was part of tax data) that the law was now to protect customer privacy and data.
KYC is typically a due diligence process tied to regulated financial industry participants – the restaurant example has a much different function. Banks and FIs have much broader retention (and disclosure) obligations.
Here, let’s put it slightly differently. I’ll reference Canadian regulations/processes more, as those are the ones I’m most familiar with. If you’re a bank, you’re required to flag suspicious transactions related to the customer – and in order to know when those transactions are suspicious, you need some way of reviewing it within the context of the customer. You may even have an obligation to second guess / question / try and advise the customer ‘not’ to make a transaction, based on knowing your customer.
The most basic example of that, is where Credit Cards will decline payments / request a call if you try and make a purchase in a totally abnormal location – like you “know your customer” lives in Toronto, but suddenly see them spending money in Mexico? Or if they called you before they took a trip to mexico, that’d also go into a KYC type file to let people know to expect those sorts of charges and let em get processed. That’s tied to KYC.
The media will often run stories about seniors getting scammed, with the general message being “WHY DIDNT BANKS DO MORE TO PROTECT?”. Well, that’s KYC too. You gotta ‘know’ your senior members, and their spending habits to some extent, to find those outliers. You also need to be familiar with them enough to know whether its “normal” for them to come by and take out cash, and in what quantities and for what purpose, cause seniors will sometimes ‘show up’ with a person pressuring them to take out cash to ‘pay a bill’ (scammms galore!). All part of KYC due diligence.
Or the somewhat obvious elephant in the room – if you have a “personal” account member, who keeps receiving etransfers to his “jeevacation@gmail.com” account for some reason, you gotta look into it a bit and sort out what all those payments are related to, cause it isn’t a business account. And if you see anything suspicious, it gets reported to the authorities, where, most likely, Trump shits himself and Americans ignore the crimes.
Notably there have been almost zero data breaches of large banks, because their requirements for security are significantly higher than most other companies. My original comment was not about banks, they obviously need to retain a lot of customer data, and most of that is not exposed to the internet at all. I was talking about things like a pizza shop or an online retailer. There’s no need for Burger King or a webcomic artist I’m buying a print from to have a login or my email address for longer than it takes me to get my items.
Yeah, but this breach is specifically about KYC, about financial industry stuff. The company that got porked, was the company the banks used for their KYC stuff.
Tax records don’t have to include the customer if it’s retail. If that was a requirement cash businesses would have massive problems, and the rule of keeping those records for seven years significantly predates our current model of credit for everything.
Beyond that, if I go to a restaurant they don’t have my name and address or any other information. Businesses need to keep records like “we bought x from y for $z,” and “we sold x to a for $b.”
And even further, the government could clarify that (if in some countries customer data was part of tax data) that the law was now to protect customer privacy and data.
KYC is typically a due diligence process tied to regulated financial industry participants – the restaurant example has a much different function. Banks and FIs have much broader retention (and disclosure) obligations.
Here, let’s put it slightly differently. I’ll reference Canadian regulations/processes more, as those are the ones I’m most familiar with. If you’re a bank, you’re required to flag suspicious transactions related to the customer – and in order to know when those transactions are suspicious, you need some way of reviewing it within the context of the customer. You may even have an obligation to second guess / question / try and advise the customer ‘not’ to make a transaction, based on knowing your customer.
The most basic example of that, is where Credit Cards will decline payments / request a call if you try and make a purchase in a totally abnormal location – like you “know your customer” lives in Toronto, but suddenly see them spending money in Mexico? Or if they called you before they took a trip to mexico, that’d also go into a KYC type file to let people know to expect those sorts of charges and let em get processed. That’s tied to KYC.
The media will often run stories about seniors getting scammed, with the general message being “WHY DIDNT BANKS DO MORE TO PROTECT?”. Well, that’s KYC too. You gotta ‘know’ your senior members, and their spending habits to some extent, to find those outliers. You also need to be familiar with them enough to know whether its “normal” for them to come by and take out cash, and in what quantities and for what purpose, cause seniors will sometimes ‘show up’ with a person pressuring them to take out cash to ‘pay a bill’ (scammms galore!). All part of KYC due diligence.
Or the somewhat obvious elephant in the room – if you have a “personal” account member, who keeps receiving etransfers to his “jeevacation@gmail.com” account for some reason, you gotta look into it a bit and sort out what all those payments are related to, cause it isn’t a business account. And if you see anything suspicious, it gets reported to the authorities, where, most likely, Trump shits himself and Americans ignore the crimes.
Notably there have been almost zero data breaches of large banks, because their requirements for security are significantly higher than most other companies. My original comment was not about banks, they obviously need to retain a lot of customer data, and most of that is not exposed to the internet at all. I was talking about things like a pizza shop or an online retailer. There’s no need for Burger King or a webcomic artist I’m buying a print from to have a login or my email address for longer than it takes me to get my items.
Yeah, but this breach is specifically about KYC, about financial industry stuff. The company that got porked, was the company the banks used for their KYC stuff.