Please can a Revolut rep/leader/staff member who is able to talk in specific facts (Not assumptions or generalisations) about ID verification and PII explain the account ID verification process, specifically covering but not limited to these points;
Once photo and ID is captured
Where is it stored and in what form (file/blob/hashed/together/separated/emailed in a zip file to the fraud team mailing list)
What parts of this are shared outside of Revolut control (Or stored in a 3rd party ID verification SaaS product) and with whom?
How do those third parties store/retain above data and for how long?
Do you have agreements with said 3rd parties that restrict their use of and retention of PII data?
Then, after verification, what from the above is stored and how long is it retained for:
If a successful ID verification is completed
If a verification is failed
I am aware of enhanced KYC regulation in the UK and Europe. I understand why you are asking for ID, I understand the convenience it provides digitally. What I would like to know is if/after I give you a package of my photo and ID (fraud-in-a-box) in digital form - which is much more concerning to me than my high street banking provider taking a scan of my ID in-person - how you are handling my PII and how you are setting controls for the providers you select to share my PII with.