Maybe this is more of a Europe vs. US observation than a programmer vs. lawyer observation, but I have indeed made the observation that US companies are often satisfied with "identity verification" that would absolutely not fly elsewhere. A PDF of a utility bill as "proof of residency", knowing somebody's SSN as "identity verification"...
Yes, they might be definitionally best practice and accordingly enough from a legal perspective, but I don't see them having any value in actually keeping out bad actors. A fence that surrounds 99% of your pasture indeed has no value if the wolves know where the 1% gap is.
That's not really a EU Vs US thing though, but a "country with mandatory official declaration of residence" vs not.
France is the same as the US there, and I would assume the UK as well. Well I now realise the UK is not in the EU anymore... but France is probably not the only remaining country in the EU where you can move without some kind of administrative declaration?
Anyway the point for these countries is to not have a centralised record of where citizens live, for anti-surveillance reasons and resilience against potentially hostile authorities. So you can't ask the state to prove that you live somewhere because it doesn't have a record or if it has it cannot legally communicate it to anyone.
In contrast, Belgium for example has centralised records of residents and if your car is parked wrongly, the local police can look up the plate and call you on your registered phone number or knock to your door at your registered address, to tell you to move it. It's practical, but I find it creepy and dangerous. A hostile government would have so much power here.
> the point for these countries is to not have a centralised record of where citizens live
In the US, state DMVs effectively still know everybody's address, don't they?
And even if they wouldn't – that information is only one data broker query away in the US.
I've recently experienced this by signing up for a financial company that, after entering only my phone number and SSN, presented me with my full address and asked me whether everything looks accurate. I understand that historically and value-wise, this is part of where the resistance to centralized government databases is coming from. But practically, they already exist.
In the US, resistance against government ID for private contracts seems to come more from an intention of not wanting the government to be able to interfere with the right of people to legally transact with each other without government mandate or intervention. But even that resistance is largely over – I had to show my driver's license to every bank I ever opened an account with.
That's what happens when government is regulated but companies aren't. The kind of process you describe is totally illegal and unheard of in the EU.
In France banks also take utilities bills as proof of residence (but they also ask for id or passport to check your identity). ID cards do have an address as well as passports and driving licences, but even the government doesn't accept them as proof of residence because they're often out of date.
In my case they all have different addresses and none of them has my current address. My Belgian ID though has to be reissued every time I move to a different municipality.
Oh and regarding DMV having addresses yes, but (in France) they are indexed by a DMV-specific key that cannot easily be matched to another database, say social security or taxes (which also independently have addresses on most citizens). Driving license number, fiscal number, SSN, cannot legally be used anywhere else than with their respective services. There is of course the names that can be used, but no system is perfect I guess.
Anyway these are just implementation details, but my point is that the EU has many different administrative systems and in at least some of them, utilities are the only legal proof of residence.
If the law says that providing a fake document to a financial institution is considered fraud / money laundering and can be prosecuted, it makes a lot more sense.
This puts criminals in an untenable position. If they provide fake documents to a bank, they save the police a lot of work. If tere's ever any suspicion of criminal activity in their accounts, nobody has to prove anything beyond the fact that they provided fake documents, which isn't that hard. That's enough to send them to prison. They can always provide real documents of course, but there's a reason they were use fake ones in the first place.
