Businesses collecting identity information is nothing new. Somebody like Stripe putting a concerted effort out there to make it more secure and improve the experience so that identity information is stored in a less ad-hoc way is a win and will reduce the odds of some catastrophic leak. If you are only worried about identity leaks now then you are simply miss-calibrated on your assumptions about the nature of online identities. If you are seriously this worried, then you probably shouldn't be using the internet for anything.
> so that identity information is stored in a less ad-hoc way
It will be more ad hoc. Stripe does not decide how their client stores such data. Stripe will make asking for an ID very easy and that will vastly expand the number of businesses utilizing this method of registration.
Right now I think of Stripe as a reliable service. When one of their customer's data is breached or leaked, I don't know that everyone will still trust Stripe as a brand. News articles about such breaches won't be able to relate the nuance of who's at fault.
I'm not concerned about my online personas being linked to me. I'm concerned about making it easy for bad actors to perform identity theft en masse.
I'm not sure you understand. When a business needs your ID to do business, they ask you for it and store it in their infrastructure. This already happens today. Nothing Stripe is doing necessarily changes this. Stripe is simply providing a streamlined mechanism by which business can fulfill their KYC requirements and obtain this information. And now they have the choice to continue to store it in their infrastructure or look it up via the API as needed. If somebody breaches WellsFargo and dumps all the identity info of their customers, clearly Wells Fargo is at fault. Nobody will care if the entry form where they put their info in when they signed up for a bank account was hosted by Stripe and white labeled by Wells Fargo, or if there was a permission box that popped up from Stripe asking if you'd like to allow Wells Fargo access to your info, or if it was simply hosted by Wells Fargo. I don't see the problem here.
I get it. No need to say I don't. Streamlined means more companies will ask you for such identification. Eventually stripe will be part of a news story about a data leak. I imagine they've already factored this in and decided it's worth it, due to requests they've been getting from customers. Essentially, if they don't do it, someone else will. Personally I think they should let someone else do it, or break it into another company, but that's not my call.
I disagree a bit on this. Looking at previous data breaches, when something like an s3 bucket gets hacked, the news is not going to be about on how Amazon is responsible for company X's data breach but on how company X's servers got hacked. Stripe, like AWS, is the infrastructure, the onus is on a company to ensure their infrastructure security as it can be an existential risk. A philosophy of Stripe's is that that they succeed when their customers succeed, I'd like to think that they have a shared interest in try to prevent their customers being breached as much as possible.
You may be right about how breaches are received in the news by people. It may depend on how they roll it out. I'm sure Stripe will do their best to help clients secure their customers' data. At the end of the day, though, it seems inevitable that breaches will occur.
