Bank A: give us your address where you sleep at night or we freeze your acct. Bank B: we were breached… cyber criminals have all your data, sorry!
One of my banks is threatening to freeze my account unless I disclose my residential address where I sleep at night (with proof! Thus all info that proof comes with). Their privacy policy starts with the standard “we take privacy seriously” then they go on to say deeper in the doc that they may share my personal info around to the full extent allowed by law (using weasel words that try to imply the contrary to sloppy/fast readers), vaguely to credit bureaus (who I have no contract with and who will share the data further, or leak it in a breach). This bank claims “regulations require…” No, they do not. The regs say they must collect residential address OR business address, or if those are not available an address to a family member. So the bank is bullshitting.
At the same time, another bank says in so many words: sorry to inform you we were breached. Cyber criminals have all your sensitive info. We take privacy and security seriously. We offer you a credit monitoring subscription to compensate you. If you are interested, you can share your sensitive info with that monitoring org, who in turn will share the info with their subcontractors. And anonymous access is blocked so you must also share your IP address.
In light of these two shitty¹ banks, I would like to give a big fuck you to those who say:
“You don’t want your bank to know where you live? What are you hiding? What kind of dodgy shit are you into?”
“You expect your bank to let you access your account from Tor? LOL. Why don’t you trust your bank with your IP address? Why don’t you want your ISP to know where you bank? What kind of dodgy shit are you into?”
Bruce Schneiere: “cryptocurrency is a solution looking for a problem”
“Cash is for tax evaders. You have no legitimate cause to demand cash payment or to pay in cash.”
“A cashless society protects us from criminals & money launderers”
In the very least, we need a general right to be unbanked.
¹ I don’t mean two imply these to banks are exceptionally shitty. They are just like any bank. All banks, credit unions, etc, are shitty in the same way.
(edit) Bank B also waited several months after they knew of the breach to inform me. So I imagine there were months of backroom chatter: “can we hide this? Do we have to tell the press and the victims?” They must have spent those months debating about whether or not to tell victims. Makes me wonder how many other breaches I was exposed to by banks without my knowledge.
Unfortunately it’s a political problem - your bank has regulatory requirements meant to make money laundering difficult. These requirements mean they need an address at which you can be sued or arrested or they’ll be fined for doing business with you.
About all you can do is vote for candidates who promise to make banking more accessible and private by making it easier for criminals to launder money. It’s a world of trade-offs!
Are you talking about 31 C.F.R. § 103.121, which states:
“(i) Customer information required—(A) In general. The CIP must contain procedures for opening an account that specify the identifying information that will be obtained from each customer. Except as permitted by paragraphs (b)(2)(i)(B) and (C) of this section, the bank must obtain, at a minimum,the following information from the customer prior to opening an account:
Name;
Date of birth, for an individual;
Address, which shall be:
(i) For an individual, a residential or business street address;
(ii) For an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual; or …