Identity Proofing Policy
Last Updated: July 8, 2019
Effective: July 8, 2019
IF YOU DO NOT AGREE TO ALL OF THESE TERMS, YOU SHOULD NOT USE INFLECTION IDENTITY PROOFING SERVICES.
Description of Services
Inflection provides a number of identity proofing and verification services, including:
Identity validation based on authoritative records
Government ID and document validation
Remote identity proofing that meets NIST SP 800-63-2 Assurance Level 3 standards
Your Data Choices
When we request PII from you in order to complete an identity proofing transaction, you may choose not to provide certain identity attributes to us. You may also choose not to start or complete the identity proofing transaction by navigating away from our website in your browser. And lastly, you may choose to complete the identity proofing process, but not share the resulting verified information with the service or agency that you're trying to access. However, there are some things you should know about these choices:
If you choose not to provide the PII that we request to complete an identity proofing transaction, we may not be able to verify you successfully.
If you leave the identity proofing process or choose not to share the results of your verification with the service or agency that you're trying to access, you may not be eligible to use that service. However, we don't have any control over how a third-party service will respond if you choose to remain unverified.
Remote Identity Proofing
In order to complete Remote Identity Proofing at Assurance Level 3, you must provide (and are attesting to the possession of) the following information about yourself:
Given and family names;
Full address of your primary residence (including street number, street name, building unit [if applicable], city, state, and ZIP code)
Birthdate (including full day, month, and year of birth)
Social Security number (SSN)
Mobile phone number
If we are unable to confirm that you are the primary owner of the mobile phone number that you provide, we may ask you to provide:
A financial account number (such as a checking account, savings account, or credit card)
In order to successfully complete Remote Identity Proofing:
You must successfully complete a knowledge-based out-of-wallet quiz
You must demonstrate that you have access to your mobile phone (or financial account, if you don't have your mobile phone with you)
We must be able to corroborate your full legal name, full birthdate, full home address, SSN, and mobile or financial account number against authoritative databases, such as those maintained by consumer data bureaus, financial institutions, and government agencies.
We must be able to confirm your address of record during the credential issuance process by verifying a unique code that we send you.
If we detect anomalies or suspicious activity during the identity proofing process, we may automatically fail your identity proofing attempt or ask you to provide supplemental identity documents, even if you answer the knowledge-based quiz correctly.
You acknowledge that, due to the inherent nature of remote identity proofing, we will need to share your personal information with third parties for the sole purpose of confirming its authenticity. Those third parties may include consumer data bureaus, government agencies, financial institutions, mobile network operators, and other vendors that provide access into these systems. The information is not shared or used for our own or third party marketing purposes.
All successfully identity-proofed credentials are valid for 5 years, at which point you will need to re-verify your personal information. If your personal information changes before then (for example, you change your name or your primary address), you can update your records by re-verifying yourself through this process.
We retain a record of all identity proofing transactions, both successful and unsuccessful, for a minimum of 5 years. This record includes relevant facts related to the verification process, such as the date and time that it was performed, which verification processes were initiated, and the results of the verification. The retained record does not include sensitive personal information.