No thanks.
We'd love to hear suggestion on how we can improve that without resorting to requesting an ID because obviously that isn't something that's ideal.
New policy of requiring scanned documents is unacceptable in the environment of pervasive nation-state level monitoring and destruction of privacy. If this is a permanent change, I won't recommend DO any longer.
The solution is extremely simple: accept bitcoins for payments and/or fair use verification for free tiers. Also there is a market for forged document scans, just read krebsonsecurity.
The reasons are this:
Banks are legally required to conduct some kind of Know Your Customer where an individual has to physically present themselves so their provided ID is matched against their physical person. So KYC is done by a bank. And I'm paying with a bank / credit card.
In the case of someone opening an account by using a fraudulent card, it is trivial to attach what looks like a mediocre scan of a passport or divers licence.
Notarised IDs are not requested, so there is no way to verify with a lawyer. And Notarisation is expensive, so it will turn almost all customers away.
Closing circle: If the name on the card matches the ID provided and it is not a case of a fraudulent transaction, the individual can be pursued via their bank. This is probably not worth it at a time vs reward level, unless the abuse of the network is such law enforcement should be involved, but is not something for you to do, but for your bank, as correspondent bank, to do.
While obviously a liability in terms of information security and the risk of a breach, requiring such personal information is a precedent: If all companies did so for low value transactions, then this information would end up in thousands of online repositories (and therefore of large scale, opposed to, say, a hostel seeing a handful of customers per day keeping paper records) which would surely have leaks. The risk becomes systematic. Which increases fraud.
Let the banks do KYC. Let the hosting company ensure the network is monitored in the way they desire.
Edit: Having worked in a couple of banks at a middle management level, and covering regulatory, compliance and information security roles, what really helps when regulators or general law enforcement audit or inspect a function, what really matters is showing both internal policies showing banking regulations are drilled into employees, and anticipative policies where regulations are not yet set in stone are also followed. If you don't have internal policy documents on how your network is monitored and a kind of minimum standards dashboard, make one and keep records, as it can be invaluable as defense against accusations nonfeasance, misfeasance or even malfeasance.
Barring that, detect mining and terminate it with system monitoring tools, and prevent port scanning/flooding at your network border (your netops team is active on NANOG and seem to know what they're doing).
Thanks!
I am a customer of DO's but I am not a happy one since I have to muck around with 6in4 tunnels just to get this basic stuff working.
Not sure what the legal/regulatory differences are for hosting in London compared to elsewhere?
Personally, I love being able to spin up Linode (and now DO) vms in London but pay USD prices.
Is there a conversion charge that your credit card company levies on you for paying in US$?
Anyway, as others have said, there are charges and spreads on foreign currency banking. It also adds complications to my otherwise very simple accounting needs.
At least, it's the case with my French and my Dutch bank.
That's one of the great benefit of the Euro when shopping in the EU (well, except for our British friends :) )
Edit: corrected a typo
About 90% of my company's expenses are in dollars, so I've had to become proficient at dealing with it, but I imagine it's more annoying for companies who only make the occasional USD transaction, especially as they may have smalltime accountants unfamiliar with or unwilling to deal with the exchange rate stuff properly.
