Escrow.com Is Now Asking For Photos of Personal Docs

[Cdomains]

Escrow/com Is Now Asking For Photos of Personal Documents.

I just logged in to Escrow/com and they are now asking for extensive verification including Photos or scans of ID's and other personal and business documents to be stored on their servers.

I have used them for years for all my transactions.

With all the hacks of servers happening around the world and security breaches exposing us to identity theft I have refused to give photos of my ID's and other documents to companies who request it.

I will not do business with Flippa for this reason.

I recently had my account frozen at a registrar that asked me for this and I refused.

Will you give photos of your personal ID's, bank records, etc to Escrow/com or will you use another service?

Personally, I think I am going to take my business somewhere else.

I am really disappointed about this after all these years.

---

Related:

• New Escrow.com Account Verification Process

 

[djum]

Is this Escrow or Transpact thread?
I don't know transpact, and haven't use their service maybe someday.

Let's keep it for Escrow.com where it is already a lot of question from buyers and sellers.

It's called crowdmarketing or hijacking the thread

With all this increasing security measures that are generally useless, no surprise bitcoin shooting all time high.

People extremely dissatisfied with government work and this secirity trend, they vote Brexit, vote Trump, police knew exactly what terrorists in 9/11 were planting, that guy in Germany was planting attack, still did nothing, now everyone will have to get verified, surely it will help.

 

[DN_Hunter]

In the document referenced, there are a few types of "exclusions" for the verification requirements.

What is the definition of "Equipment"? Can a Domain Name be defined as "Equipment"?

Why it might be relevant...

covered financial institutions are exempt from the beneficial ownership requirement with respect to accounts solely used to finance the purchase or leasing of equipment and for which payments are remitted directly by the financial institution to the vendor or lessor of this equipment.

 

[FairTrial]

...
We've led the way on requiring customer ID verification for years, for larger transactions.
The reason is purely down to anti-money laundering and counter terrorist-financing laws, to prevent escrow services from being used to launder the proceeds of crime, and prevent the funding of terrorism.

We do not require these intrusive checks for our own purposes in any way whatsoever as we have the customer’s money, which is what counts - we would very happily ditch the checks, but they are imposed purely due to Government regulation (we have our own other security checks).

Would you kindly post a link to the specific legislation to which you are referring?

And explain also what checks you require, and whether they are explicitly required by that legislation.

Sure - see https://www.gov.uk/government/publi...ndering-guidance-for-money-service-businesses for details - from the UK Government website.
Section 4 may be of most interest to you, although other sections also important.
All other developed countries have very similar Government regulation and legislation.

We do not divulge our anti-money laundering / Counter Terrorist-Financing checks, as to do so would assist criminals and money launderers who could use the information in advance to plan to avoid our checks. I am sure you will appreciate this.
The actual checks are anyway highly transaction specific, and there is wide variability in what (if anything - often nothing if our own checks achieve verification) the client is required to provide or do.


---
Two side issues:

1) The main threat causing the regulation and verification is not terrorist financing (although that is a smaller threat).
The main threat is money-laundering.

2) We are not hijacking the thread.
Jackson Elsegood of Escrow.com actually liked our post, as it gives information for all escrow services.
In this post, we are speaking in general as an escrow provider, and what we say mostly is fully relevant for all escrow providers very much including Escrow.com.
Because we are an EU based service, and Escrow.com is USA based, there are important differences, but the majority of what is said is true for all jurisdictions.

 

[TheWatcher]

@FairTrial
@Jackson Elsegood
Are your company ISO 27001 or PCI/DSS certified? or any industry standard related certification in place to protect your customer data.

You can say all things that you protect your customer data with encryption from end-to-end, encryption at rest, etc. but we don't really know. Unless third party organization perform a yearly audit against your process.

All I see from your website is Network Solutions Secure logo.

 

[carob]

Sure - see https://www.gov.uk/government/publi...ndering-guidance-for-money-service-businesses for details - from the UK Government website.
Section 4 may be of most interest to you, although other sections also important.
All other developed countries have very similar Government regulation and legislation.
.

Ok thanks that says this about how to identify a remote customer
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/387032/mlr_msb.pdf

The significance is it sets out 4 possible ways to identify a customer. ID is only one choice - and it says that copies of IDs would need to be formally certified. It also says payment from customer's bank account is an acceptable way to identify them, which is what Paypal typically do.

4.23 Simplified due diligence is never appropriate if your customer is another
Money Service Business because of the money laundering risk. When your
customer is another Money Service
Business you must do customer due
diligence and HMRC expects you to do enhanced due diligence before
entering into a business relationship.
Enhanced due diligence
4.24 ‘Enhanced due diligence’ means in si
tuations that are high risk, taking
additional measures to identify and verify the customer’s identity and source
of funds and doing additional ongoing m
onitoring. You must do this when:

your customer is not
physically present for identification face-to-face

your customer is a politically ex
posed person, or an immediate family
member or a close associate
of a politically exposed person

the nature of a particular situat
ion presents a higher risk of money
laundering or terrorist financing
Non face-to-face customers
4.25 If you can't identify a customer face-to-face, then you must do more due
diligence to check their
identity, for example:

obtain additional information or ev
idence to establish the customer's
identity

take additional measures to verify
the documents suppl
ied, or require
that copies of the customer’s documentation are certified by a bank,
financial institution,
lawyer or notary

verification of the customer’s identity using reputable third party software

ensure the first payment of the
operations is made through a bank
account in the customer’s name

You didn't answer the question about what checks you ask for, but you being in this thread implies that you ask for IDs. Really I think you need your own thread.

 

[TheWatcher]

Next questions is. If not escrow.com what's your alternative? GoDaddy Escrow service/ Sedo.

I know DN.com did the verification last year as mandated by the Chinese government to provide them government issued identification. That's the last time I login to my DN.com account.


Why not Namepros "verified members" become the third party? I'm just throwing this idea.

 

[Kate]

What makes sending your personal docs through the mail any safer?

Also, how can you be sure how your docs will be handled once and if they arrive safely.

How do you know they won't be scanned into their systems once they receive them thorough the mail?

...

How many companies use "paper" systems and files anymore?

In the computer age - not many!

Completely correct. If they end up scanning the document it doesn't help much. But I know that some banks are still keeping ID copies in binders but it depends.
When I must send a scanned document somewhere, I always add a watermark on it, with the name/URL of the recipient and I black out portions of the picture (ID numbers etc). The aim is to render the document unusable in case of a breach, and thwart identity theft.

On a number of occasions I have even had the document notarized through the local US embassy and it's always been accepted.

 

[DN_Hunter]

For some clients for lower value transactions through our service, the client does not even realise their identity has been verified (as we are legally required to do), as they did not have to provide any extra documentation or take any action.

For larger transactions and other clients, the time taken in verification is normally minimal in relation to the transaction, and not a problem.

This is very interesting. It implies that there is a transaction amount that triggers the "intense" verification process. Out of curiosity, what are the transaction amounts that would not need additional verification? These might be great for smaller one-off domain name purchases where people are just buying one domain name with a credit card...

 

[FairTrial]

@FairTrial
@Jackson Elsegood
Are your company ISO 27001 or PCI/DSS certified? or any industry standard related certification in place to protect your customer data.

As Transpact.com are an EU based financial firm, you will be pleased to know that the EU has pre-empted your question and concerns, and mandated the protection you require into law.

The new Payment Services Directive (PSD2) mandates all EU-based financial firms to have robust process in place to restrict access to all sensitive information relating to payment (including client information), and to have robust procedures in place to monitor and follow up any security incidents should they nevertheless occur.

Under a separate new important EU data law, soon to come into force (for all firms, not just payment firms), EU based organisations will be able to be fined up to 4% of their worldwide turnover for any negligent data breaches and hacks.
So those demanding fines for hacks have been heard and answered.

As Transpact.com is FCA authorised in the UK, we automatically fall within the remit of these laws and regulations.
As long as you see that we are still FCA authorised, then you know that we will be complying with these requirements and standards, and that we have more than robust measures to prevent data intrusion, data loss or similar, and an absolute obligation to report to authorities any breach discovered (with possible large fine).

This goes further than ISO 27001 (an amended form of which the European Bank is currently consulting on enforcing on all EU financial firms), and PCI/DSs which is not relevant to escrow firms that do not accept payment by credit card.

Hope this gives you some comfort.

I have no knowledge of USA law, and whether similar requirements are imposed on US based companies. Sorry (and apologies that this post was EU specific - but the question was asked directly to us - all our other posts have had relevance globally for ALL escrow firms).

 

[TheWatcher]

Good enough for now
Maybe I will reconsider checking your escrow service.

 

[FairTrial]

This is very interesting. It implies that there is a transaction amount that triggers the "intense" verification process. Out of curiosity, what are the transaction amounts that would not need additional verification? These might be great for smaller one-off domain name purchases where people are just buying one domain name with a credit card...

It may help you to know that the majority of our transactions do not require any extra verification, but maybe that is because our service does not accept payment by credit card, only bank transfer (which is free and immediate in the EU).

Global money laundering rules state that transaction amount triggers must be risk based and assessed, so there will be not be a single answer to your question on transaction amounts for additional verification.
For any escrow service, it will be very much a case-by-case risk based and flagged scenario.

 

[FairTrial]

To keep this thread specific to Escrow.com (or to global escrow matters which also impact and affect Escrow.com), I've created a separate thread for any comments which are EU or Transpact.com specific.

The thread is here: https://www.namepros.com/threads/transpact-com-account-verification-process.993567/

 

[Start]

I for one appreciate the replies by Transpact (FairTrial) in this thread.

And also that Escrow.com (Jackson Elsegood) started the thread and has discussed it.


That said, I've used Escrow.com a lot over the years, and had been considering using Transpact for a UK buyer recently (only really became aware of them a couple of months ago).

But this rule seems like overkill, and it is a troublesome hoop for buyers to have to jump through.

I'm unfortunately going to have to try to avoid both companies as much as possible now, and I'll go with alternatives.


I understand the need for verification, but in the case of established corporations, there should be some flexibility on a case by case basis... like for US or Canadian companies, you can usually look-up corporate info online.


FLEXIBILITY?

So how about this scenario:

- A company gives you the URL to their online corporate info listing at the government database web site.

- And you see that the disbursement payment wire transfer is going to that company name, to a US/Canadian bank account (with the bank account postal address also matching the government database listing).

- And if it helps, you can see their web site and the fact that it's a long-established company.

- And perhaps the company has also already bought or sold large amounts with Escrow.com / Transpact over the years.


...so shouldn't that be good enough? (I would be okay with that) And I think it complies with the rules you need to follow.

And in that case, why would you also need personal photo ID?


HUGE CORPORATIONS?

Plus, if the buyer is a huge corporation (perhaps even publicly traded, or private but owned by a billionaire), whose photo ID will you be asking for anyway? Some of those CEOs get paid huge salaries, and I can't see them being very comfortable sending their personal documents on behalf of a corporate purchase?
(and if you would ask a billionaire owner because they are the ultimate beneficiary, they would be even less comfortable)


So anyway, I think there should be an exception regarding personal ID for the corporate scenario I describe above.

I understand if it's simply easier to say on the page "Everyone needs to provide personal photo ID"... but if an Escrow.com customer contacts you directly regarding such a scenario, can you consider it on a case by case basis?

Thanks in advance for your reply

 

[wwwweb]

I have to ask this also, when it is a corporate buyer who sends their photo id in, what employee is going to do this from the buying side.

I reviewed the current requirements, and escrow is over reaching about 15 months early than is required, is this upset necessary for yoir company at this time.

You do realize all these people here dictate where they bring their customers to checkout.

I think you guys need to pause, check with your counsel, and really think this thru.

 

[pokainc]

@wwwweb greatly said

 

[Addison]

If not escrow.com what's your alternative? GoDaddy Escrow service/ Sedo.

I know DN.com did the verification last year as mandated by the Chinese government to provide them government issued identification. That's the last time I login to my DN.com account.

Alternatives to Escrow.com

 

[NameYourself]

The common dilemma.. striking the appropriate balance between govt regulation and business. I can tell you right now that if there are other options out there that do not require such sensitive information, even if it is only for another 1.5 years that a large number of people will switch to those services and begin using them instead. Escrow/com, you are hurting yourself here. Just look at the vote responses so far. Some type of advanced notification on any big changes like this in the future would be extremely helpful next time.

 

[wwwweb]

The common dilemma.. striking the appropriate balance between govt regulation and business. I can tell you right now that if there are other options out there that do not require such sensitive information, even if it is only for another 1.5 years that a large number of people will switch to those services and begin using them instead. Escrow/com, you are hurting yourself here. Just look at the vote responses so far. Some type of advanced notification on any big changes like this in the future would be extremely helpful next time.

I agree domainers are a fickle bunch for sure, if 1 service catches on, they will leave in droves and join the others. Escrow.com can surely sustain some of it's success to the fact domainers use, and recommend this service. It is a 2 way street, and sometimes one person has to move over to let traffic pass so to speak.

This is why the actions Escrow.com takes forward really effects what their business does going forward, as we know they have invested alot in opening new offices, and with the new additional personnel. As stated above even delaying it 1.5 years would help them gradually transition such changes into effect.

As I read from the framework this is not something required until Q2 2018, as an escrow agency would be defined, unless I miss something consequential in that document.

Domainers bring your business to your door, the % of sales I do 90% are first time Escrow users. I am sure a % of these who have good success, on another deal wish to use the same service again, and again.

No amount of advertising, can assist as much as word of mouth business, especially one that has a direct hyperlink.

 

[Joe Styler]

if possible, I'd like to hear whether gd auction sales will in any way be affected by this escrow.com move please.. @Joe Styler ... thanks.

We will continue to use escrow as usual. If they are asking to have you fill out some additional verification you will need to complete it I believe to continue to use them. We are in the midst of filling it out ourselves for our accounts there.

 

[Jurgen Wolf]

The simplest way is to move/reregister escrow-company under another jurisdiction... for example - in Dubai, and that's all.

 

[Jurgen Wolf]

Regarding voting...
If even ~3/4 of domainers are unhappy - then imagine the percentage of endusers...

 

[tonecas]

ethereum and smart contracts to the rescue...

 

[tonecas]

@Jackson Elsegood in Portugal is now forbidden to ask for and store a copy of a identification document. so how is Escrow "keep up with regulators and new rules all over the world"?

 

[tonyk2000]

Well, I will not use escrow.com as a seller for any transactions "brokered" (or initiated) by myself anymore (unless they change their mind or mode of operations). I do care about my buyers and do not want to have sales lost or delayed. (In fact, I'm not feeling comfortable with providing them even my own docs. Which is a matter of trust - or lack of 100% trust - seeing so many issues with how are new escrow.com owners running the business they purchased).

Since I have a number of domains under Uniregistry/Domainnamesales brokerage, I just tried to UNLINK my escrow.com account from Uniregistry, to make sure that their brokers would not mistakenly start an escrow.com transaction with myself as seller and uniregistry as a broker. So far, I was unable to locate such an "unlink" option. Uniregistry should add it and ASAP...

Silly me All I had to do was - a) delete current escrow account email from "escrow integration" screen. b) resubmit "escrow integration" form without agreeing to the terms.

And - no more escrow.com integration for transactions powered by Uniregistry brokers for my account. I would have instructed brokers to send buyers to Uniregistry Marketplace processing anyway, but still... (the whole Uni system is too automated sometimes).

As a side note, if the memory serves me correctly, this particular marketplace only accepts wires if the domain is at outside registrar. Domain "in sale" needs to be with Uniregistry for the whole set of payment options. Well, even more reasons to consolidate domains with Uniregistry registrar (which is a good registrar)

 

[BenLondon]

I read all NamePros members comments here. As I understand we are not only one not happy with Escrow/com new rule and will not use Escrow/com any more unless they change this...
Already we lost customers... We are looking for alternative solution...

Escrow/com team must read carefully NamePros members' comments below. I am sure they will lose a lot of customers... Domainers and endusers not happy at all...

"in Portugal is now forbidden to ask for and store a copy of a identification document. so how is Escrow "keep up with regulators and new rules all over the world"?
tonecas / Active Member

"Regarding voting...
If even ~3/4 of domainers are unhappy - then imagine the percentage of endusers..."
Jurgen Wolf / Active Member


"What's going to happen is that godaddy and sedo are going to make money and escrow will lose clients...
Clients already sometimes said I prefer to buy it through Godaddy despite the 20% extra fee... good luck convincing buyers to send photo ID and sensitive info. What about corporations.. they have to send private corporate files?"
pokainc / NamePros Supporter

"Well, I will not use escrow.com as a seller for any transactions "brokered" (or initiated) by myself anymore (unless they change their mind or mode of operations). I do care about my buyers and do not want to have sales lost or delayed. (In fact, I'm not feeling comfortable with providing them even my own docs. Which is a matter of trust - or lack of 100% trust - seeing so many issues with how are new escrow.com owners running the business they purchased)."
tonyk2000 / Established Member

"And per my understanding - many buyers will reject it as well."
Jurgen Wolf / Active Member


....and many other negative -but right- comments...