Online illegal operators often abuse the services offered by European Online Service Providers to carry out their activities on an industrial scale.

The problem is that commercial entities that intentionally distribute (often lucrative) illegal and harmful services or content tend to hide their true identity when signing up for a service. In spite of the E-Commerce Directive establishing general information requirements for service providers, they continue to provide fake company names, fake addresses and contact details and operate in complete anonymity.

Many service providers don’t check.

KYBC – Know Your Business Customer 

Protecting European consumers and businesses from online harms

The Issue

The problem is that commercial entities that intentionally distribute, often lucrative, illegal and harmful services or content tend to hide their true identity when signing up for service.  In spite of Article 5 ECD establishing general information requirements for service providers, they continue to provide fake company names, fake addresses and contact details and operate in complete anonymity.

Many service providers don’t check.

A Simple Solution: Know Your Business Customer

Intermediaries such as hosting providers, online advertising companies, proxies and payment gateways and marketplaces providing commercial services to online businesses should implement a “Know Your Business Customer” (KYBC) protocol.

It is easy for any real business to comply, but difficult for criminals.

What can the EU do?

Introduce broad KYBC obligations in the Digital Services Act (DSA).

“Digital Services Act: Know Your Business Customer obligations must apply to all intermediary service providers to offer a meaningful tool for tackling illegal activities and products online.”

Know Your Business Customer can help prevent

Fraud

Data Theft

Phishing

Counterfeit Products

Fake Medication

Malware

Piracy

Child Exploitation

Illegal Gambling

Case Studies & Research

Openload 

Openload is a notorious pirate service – listed on the European Commission’s piracy and counterfeiting watch list. An investigation revealed that Openload operated within the European Union using infrastructure and hosting services provided by EU companies.

A court ordered the European hosting company to identify customer details for Openload, but it turned out that the listed customer was a defunct shell entity. The hosting provider admitted the customer data they hold is “purely declarative” and that it had no way of tracing or authenticating the identity of Openload. This is despite the hosting company having received more than €19 Million in fees paid through a PayPal account linked to a Costa Rican advertising agency and various untraceable credit cards.