We VERY much encourage all of our clients to enable two-factor authentication (2FA) and withdrawal address allowlisting. This combination removes a significant amount of risk, but even when used together, is not a “silver bullet”.
Behind the scenes we run analytics based on a number of factors to determine the risk of any client transaction, especially withdrawals. Occasionally, a withdrawal may trigger a PII verification—even with 2FA and allowlisting enabled.
PII verification has less to do with AML and KYC and more to do with us wanting to be sure you are in fact you and the withdrawal is valid. This PII verification decision is fed by numerous variables, which can include amount, velocity of transactions, and geographic location.
For more information, please see thread here from our CSO Adam Healy.