Credit card is a largely fixed risk of financial loss, with some legal safeguards for recovery, and the ability to get a replacement card with a different number. Passport carries an open long-term risk of impersonation and you can't just get a new passport because some company has a copy. Just the financial side of that risk can have much greater impact. Unless a company has a legal requirement to "know your customer", e.g. a financial institution, this is a red flag.
Couldn’t have put it better myself. Even with payment processors, most they ask for is SSN and business EIN.
When I read about the WireCard scandal, the KYC stuff sent to them over the years is probably in the hands of foreign intelligence already. That’s what gave me pause.
> Unless a company has a legal requirement to "know your customer", e.g. a financial institution, this is a red flag.
Germany also has legal KYC requirements for web hosting and most other things relating to telecommunications.
And if those requirements include the need to supply passport information, that's a reason not to host in Germany.