In the process of registering to Callcentric, they asked me a scanned copy of my passport.

I already gave them my mobile number, where they could possibly make an interview, and of course they have my IP address, which allows to obtain my identity from my ISP in case of a fraudulent activity.

I read this question, but it should be noted that I am not buying payment services, properties or applying for a job/loan. They just sell VoIP services, similar to Google Voice, who does not require your passport.

Is this type of sensitive information required by some US law?

A VoIP service has the same scope and purpose of an email service, after all. Will this reduce the risks involved, as the support staff writes, or rather compromise my security?

Asking my mobile number for SMS authentication prevents identity theft, instead, giving out my passport data greatly increases the risk of the theft of my identity.

It should also be noted that, while they claim not to share my personal data, in their Privacy Policy it reads that the company "reserves the right to modify the Privacy Policy at any time without notice."

Update

Another thing to make me wary of this practice is that, unless the passport is scanned by a trusted third party, any serious criminal would simply send a fake scan with fake information impossible to detect.