open bank accounts and launder money and lead a mile long paper trail to the wrong person
Like gp says, I've handed my actual passport to every hotel I've stayed at, and they usually make a photocopy. If anyone is assuming that a photocopy of a passport is good evidence that someone is who they say they are, they're wrong. If someone is assuming that just the number proves anything, then they're more wrong.
The times I've needed my passport online to prove my identity, it was usually one of those ID processes where I need to be in front of a camera holding my actual passport.
That has nothing to do with someone else leveraging gaps in the financial system and acknowledging those gaps exist. To that i would say AML/KYC/OFAC is the joke and should just be dropped since anyone can transfer any amount of value under someone else’s ID on a computer near where the compromised ID owner is expected to live.
There are open source tools to wear someone else’s face over webcam while holding up a doctored passport at 240p resolution. Even easier with a still image. And many places do not ask for more than just the ID itself.
I don’t really understand who the denial here is helping.
If I say my passport number is 134563543, how does anyone check that? Is there a database of passport numbers and identities that can be checked?
I get that the ID process of camera-and-passport can be spoofed, but in the context of this particular data breach, that's irrelevant. If I can dummy up a passport that looks good enough over 240p resolution then it doesn't matter if it's my actual number or whatever. The process I've been through checks for the watermark/sheen on the passport, but if you can dummy a face then you can dummy some glittery lights fine.
My original question stands: do you just need the passport number to prove identity? Because I've never had to provide just that as proof of identity.
You have way too much respect for the security and redundancies of the system.
Only need one account anywhere to be approved. Then you can just do a completely clearnet illicit source transfer to a crypto exchange and disappear the money into tornado.cash or Monero or whatever. The problem stays with the person whose name is on the account.
Alternatively, on Dread, people brag about maintaining funded brokerage accounts opened under other people’s names and accessed over compromised windows machines near where the physical person lives. They trading stocks and options with dollars, with the intent to deal with actual laundering later with a larger amount. There are market places for compromised windows machines by postal code and bandwidth.
