Escrow.com Is Now Asking For Photos of Personal Docs

[Cdomains]

Escrow/com Is Now Asking For Photos of Personal Documents.

I just logged in to Escrow/com and they are now asking for extensive verification including Photos or scans of ID's and other personal and business documents to be stored on their servers.

I have used them for years for all my transactions.

With all the hacks of servers happening around the world and security breaches exposing us to identity theft I have refused to give photos of my ID's and other documents to companies who request it.

I will not do business with Flippa for this reason.

I recently had my account frozen at a registrar that asked me for this and I refused.

Will you give photos of your personal ID's, bank records, etc to Escrow/com or will you use another service?

Personally, I think I am going to take my business somewhere else.

I am really disappointed about this after all these years.

---

Related:

• New Escrow.com Account Verification Process

 

[johnn]

Bad move.

I have been using them since 2005 and this is not good change.
You can only prevent the good guy from doing the bad things but you cannot prevent the bad guys from doing the bad things.

Fake ID is not difficult to get.

 

[bmugford]

Many buyers use Escrow.com for a one off transaction. They are only buying one domain and will likely never use Escrow.com again.

If a buyer needs to verify their account by providing these documents, that is going to be a major issue going forward. I would expect Escrow.com to lose a lot of business because of this new burden.

Brad

 

[000]

I've been using them for 10+ years, and continued to use them even as things went south, but this is the final straw. Escrow.com, I will NOT ask my customers to trust you with their sensitive documents. Effective immediately I'm taking all future high-value transactions elsewhere. This isn't 2006 anymore and you'll soon be harshly reminded that y'all ain't the only option in town !

Bye bye Escrow.com !

 

[bmugford]

Many buyers use Escrow.com for a one off transaction. They are only buying one domain and will likely never use Escrow.com again.

If a buyer needs to verify their account by providing information and documents, that is going to be a major issue going forward.

Brad

 

[ison]

We're apply this process to all accounts, that way no matter who you transact with on Escrow.com you will know that they have been verified.

Hi,

I work for Transpact.com - Europe's leading escrow company (we handle many domain transactions).

Let me give a bit of inside information from our point of view on customer identification and verification.

We've led the way on requiring customer ID verification for years, for larger transactions.
The reason is purely down to anti-money laundering and counter terrorist-financing laws, to prevent escrow services from being used to launder the proceeds of crime, and prevent the funding of terrorism.

We do not require these intrusive checks for our own purposes in any way whatsoever as we have the customer’s money, which is what counts - we would very happily ditch the checks, but they are imposed purely due to Government regulation (we have our own other security checks).

Europe (the EU) has been much stricter on the actual implementation of these rules than the USA, but it looks like the USA is finally tightening up and implementing the letter of the law.
It is surprising that it has taken so long, as escrow is a known vector for terrorist financing and money laundering. For example, the 2010 assassination of Mahmoud Al-Mabhouh was reportedly funded through escrow arrangements.

Over the years, we have turned away much business to other escrow companies, when customers refuse to supply us detailed information strictly confidentially and highly securely (we never, ever divulge this information - except by written Court or Government Agency Order), and store the information highly securely and strictly confidentially.
In addition, many companies trace corporate or trust ownership through tax havens such as the British Virgin Islands or Cayman Islands, making true customer verification very difficult - so we do not deal with those clients, again turning them away.

One interesting development is that the legal definition of money-laundering is about to change in June, to include money which has had tax evaded.

So any escrow service that makes payment to or from a firm that is not paying its taxes fully may be prosecuted by the authorities.

Why are escrow services targeted this way ?
Well, banks and money remitters are heavily regulated this way, and escrow services are conditional money remitters! Escrow services effectively remit a payment on to the seller if X occurs, and back to the buyer if Y occurs (X and Y being the successful or non-successful transfer of the domain in the case of a domain transaction - X and Y need to be fully defined for each transaction).

Sorry for the long diatribe, but I thought this might prove useful to the questioners.

The fight against terrorist financing and money laundering looks like it is only going to increase as world events ratchet-up, and Governments correspondingly tighten regulations.

Just gonna put this out there.

It doesn't take much to obtain fake IDs, area-sensitive VOIP phone numbers and even utility bills from the Darknet. You can be sitting in front of your PC in Manila or Tirana and build an entirely fictitious - and verifiable* - identity elsewhere in the world with just a little effort. Online verification is inherently flawed, and to use it as a buffer against threats of terrorism or money laundering is, with all due respect, hilarious.

Now that your companies are known to handle sensitive user info, I think you guys should be prepared for the attention of less savory elements of the interwebs. Keep in mind though that, Citigroup, Ameritrade, RBS Worldpay and many, many other far larger organizations, have suffered at the hands of hackers, and those data are also sold on the Darknet.

 

[tonyk2000]

Some years ago, escrow used to ask similar things from buyers who used Credit Cards. It took me just a few minutes to open an old email archive and find a very common buyers response:

(quote begin)
===
We went to the escrow.com web site, and found they require a Fax form with
credit card information and Phote ID.

This is unacceptable, from a security and fraud prevention point of view.
You might call this paranoid, but I don't want credit card information and
a photo ID floating around.

In fact, the terms and conditions of all our credit cards. MC, Amex and
Visa, states this is something you never should and must do.

We either find another way to make the payment, PayPal, or forget about the
transaction.
===
(quote end)

And, by the way, I can hardly imagine a corporate buyer - who just wants to purchase something (domain name) online - scanning and uploading their corporate documents in order to pay (maybe using verified company paypal or even bank transfer from a company account).

 

[johname]

Just uploaded mine, says 24 hours to approve.

But will your customers do the same?

 

[Duomain]

It's acceptable for me to upload ID. But where could I find the proof of address written in Roman/English characters?

Is ESCROW kidding me? I'm from China. We use address in Chinese. Could anyone give me a hand here?

The verification team member has provided additional information:
Please submit the entirety of your proof of address. Also, make sure that it's written in Roman/English characters.

It's time to find an escrow alternative. Thank you guys for sharing. May try EPIK or Payoneer. But PayPal is my first choice for repeated users.

 

[alcy]

I think Escrow mentioned in another thread this was some sort of compliance update by law.

Edit: Just logged in and checked, top of page says:

"For regulatory and compliance reasons it is important that you verify your account. Verify your Account"

yeah right.. by escrow.com law

but.. okay.. let's wait and see a wave of all other escrow services out there asking now for ids and scans and fotos. not gonna happen. bye bye escrow.com.

 

[bmugford]

I just saw a notice on both my accounts as well. I have used escrow for hundreds of transactions buying and selling over many years.

Escrow.com needs to let us know what is going on. Why is this information needed, especially for well established accounts?

I don't really feel comfortable trusting a 3rd party with sensitive documents.

Brad

 

[FairTrial]

Hi,

I work for Transpact.com - Europe's leading escrow company (we handle many domain transactions).

Let me give a bit of inside information from our point of view on customer identification and verification.

We've led the way on requiring customer ID verification for years, for larger transactions.
The reason is purely down to anti-money laundering and counter terrorist-financing laws, to prevent escrow services from being used to launder the proceeds of crime, and prevent the funding of terrorism.

We do not require these intrusive checks for our own purposes in any way whatsoever as we have the customer’s money, which is what counts - we would very happily ditch the checks, but they are imposed purely due to Government regulation (we have our own other security checks).

Europe (the EU) has been much stricter on the actual implementation of these rules than the USA, but it looks like the USA is finally tightening up and implementing the letter of the law.
It is surprising that it has taken so long, as escrow is a known vector for terrorist financing and money laundering. For example, the 2010 assassination of Mahmoud Al-Mabhouh was reportedly funded through escrow arrangements.

Over the years, we have turned away much business to other escrow companies, when customers refuse to supply us detailed information strictly confidentially and highly securely (we never, ever divulge this information - except by written Court or Government Agency Order), and store the information highly securely and strictly confidentially.
In addition, many companies trace corporate or trust ownership through tax havens such as the British Virgin Islands or Cayman Islands, making true customer verification very difficult - so we do not deal with those clients, again turning them away.

One interesting development is that the legal definition of money-laundering is about to change in June, to include money which has had tax evaded.

So any escrow service that makes payment to or from a firm that is not paying its taxes fully may be prosecuted by the authorities.

Why are escrow services targeted this way ?
Well, banks and money remitters are heavily regulated this way, and escrow services are conditional money remitters! Escrow services effectively remit a payment on to the seller if X occurs, and back to the buyer if Y occurs (X and Y being the successful or non-successful transfer of the domain in the case of a domain transaction - X and Y need to be fully defined for each transaction).

Sorry for the long diatribe, but I thought this might prove useful to the questioners.

The fight against terrorist financing and money laundering looks like it is only going to increase as world events ratchet-up, and Governments correspondingly tighten regulations.

 

[Cdomains]

I have no problem with standard business documents like tax Ids.

That is understandable and I have given that info to any company I do business with who requests it.

 

[kriss05]

In 2017, the risks of money laundering and terrorism financing are arguably greater than they have ever been.

Any links/proof for that?

We take our obligations very seriously and believe that these requirements ultimately benefit and improve the safety of the whole of the Escrow.com community.

Please explain me how demanding expensive international calls helps to improve my safety? I wasted money/time to confirm my identity this way in my last Escrow.com transaction despite being Escrow.com customer for years. Escrow.com support also said it is for my protection, but they failed to explain how does wasting my time/money protect ME?

I could understand, little bit, if that demand came before I started Escrow.com transaction or before buyer paid, but I was requested to call Escrow.com only after buyer's payment arrived - I had no choice to dismiss/choose another escrow platform. Very nice. Is that the gold standard are you talking about? Very disappointed to say the least.

Until and unless all escrow companies are demanded by all laws to collect photo ids/utility bills/pictures of wifes nude, I'm not going to send mine and I will never require my buyers to use such escrow services - will you take any liability if your servers are hacked?

Meanwhile, it is so amazing to watch how people are killing their own successful, profitable business.

 

[Doron Vermaat]

@Doron Vermaat
What do you think Doron? Efty platform allowed to practically exclude the need to pay huge commissions to marketplaces for usually no help in sale.

Escrow made a favour to marketplaces for sure... Initially I'd risk to say that I'd prefer to lose $1k in $5k deal processing through Afternic (but above $5k Afternic uses escrowcom anyway) instead of losing $5k deal because a legitimate buyer will be "verified to death" at verification process...

Personally, I'm not a fan of anything that makes it harder or more complicated for an end-user to purchase a domain name. A lot of sales in the $2,000 range are still often impulse-driven purchases and any extra step in the payment or escrow process might result in buyers backing out. At Efty we're currently working on integrating with two more partners that will allow you to take payments from buyers so our users will soon have several options when it comes to setting BIN prices for their domains.

 

[GoKaizen]

Alternatives to Escrow
https://www.namepros.com/threads/alternatives-to-escrow-com.993362/

Epik Escrow
http://www.epik.com/services/escrow/

https://www.namepros.com/threads/epik-announces-escrow-service.895046/

 

[mad409]

Here's my 2 cents on this change. I agree Escrow.com does have the obligation to verify, follow the know your customer law per domainers receiving money.

I don't agree if these requirements are enforced if an end user is making a purchase with a credit card transaction. Reason: If that were the case every site you visited online would require documents before you could purchase anything, not gonna happen.

So my suggestion is for them to require verification from the receiving party but if the end user is paying by credit card this would not be a requirement.

There's no laws I'm aware of that would require someone making a purchase online with a credit card to provide identification documents..

If this would work for them all we have to do is tell the end user to pay by CC.

Addition: Debit Card too...

 

[Kate]

 

[discobull]

I look at this from a risk/reward perspective. On the risk side, complying with the new escrow.com requirements means that I have to hope that they know what they're doing when it comes to safeguarding my documents. I have to hope that they do a good job of picking trustworthy employees who won't be tempted to steal my data for their personal enrichment. I also have to hope that these additional verification requirements won't turn off any buyers and end up killing some of my deals.

That summarizes the gamble I'm being asked to take by going along with this new policy. Now let's examine the reward side. So, what is my big payoff to me for taking these additional risks? A big fat 0. Nothing whatsoever.

I don't buy the anti-terrorism argument. That sounds to me like total BS and as we've seen, there are absolutely no legal requirements for escrow.com to do what they're doing. I'm guessing that the real motivation for them to do this is to reduce losses stemming from fraudulent payments. In other words, my added risk translates into a reward FOR THEM.

While there may come a time when every escrow service requires these additional verification measures, we're not at that point yet. That means we have other options. And, since I really can't think of any reason to add to my risk for escrow.com's benefit, I'm going to take my business elsewhere.

 

[Kate]

The irony about all those KYC rules is that they make us less secure, because the more you send documents over to third parties, the more you risk that they will fall in the hands of hackers or be misused for ID theft.
Many corporations have poor security and little incentive to beef up security until it's too late. Many of them outsource customer support to call centers overseas, that have high employee turnover and lax security.

But if there is one party to blame, it's your government. Nothing to do with terrorism or money laundering, governments wants to track your money and tax it (or confiscate it).

For sure this is going to be a putoff for some buyers, it's already hard enough to sell domain names. Escrow.com is popular because it's very simple to use even when you're dealing with inexperienced users.

PS: breaches are more frequent than people think because they often go unnoticed. Your data could already be for sale on the darknet.
PPS: I suspect that Escrow.com's systems are rather old: I've seen headers that indicate mail is sent through CDONTS (ASP).
PPPS: Outside the US more or more people don't trust US companies any longer due to widespread spying.

This recent development should incentivize domainers to incorporate if they haven't already. End users may be more willing to remit payment to an established corporation in good standing. Plus, there are some tax benefits available and asset protection too.

 

[BostonDomainer]

I thought it was just me since I had so many transactions going on at once. I don't like this move what so ever.

 

[tonyk2000]

As a seller, I do not feel comfortable to upload such a sensitive info online, or to give this info to escrow.com. I am sure that many buyers would feel the same - and it is even more important. Lost sales after a long time negotiations? Sorry. I am wondering where will brokerage plaforms (Uniregistry Markert, Godaddy for >$5000 USD transactions, DomainAgents, ...) will now send the buyers?

 

[Kate]

Just logged in, but the notice doesn't show for me. I am wondering if this is new company policy, applying to all clients, or select clients only. Or if the new requirements stem from regulatory changes.

 

[creataweb]

I think Escrow mentioned in another thread this was some sort of compliance update by law.

Edit: Just logged in and checked, top of page says:

"For regulatory and compliance reasons it is important that you verify your account. Verify your Account"

 

[wwwweb]

You know where this is really going to hurt, is that $2,500 buyer who is going to be like sorry, I am buying a domain, not giving my whole ID portfolio, take it or leave it. Will lose customers thru this process, as legit as it might be, some people are just not willing to give up those details to buy a domain.