Identity Proofing Policy
Last Updated: July 25, 2017
Effective: July 25, 2017
IF YOU DO NOT AGREE TO ALL OF THESE TERMS, YOU SHOULD NOT USE INFLECTION IDENTITY PROOFING SERVICES.
Description of Services
Inflection provides a number of identity proofing and verification services, including:
- Digital and biometric identity verification
- Identity validation based on authoritative records
- Government ID and document validation
- Remote identity proofing that meets NIST SP 800-63-2 Assurance Level 3 standards
Your Data Choices
When we request PII from you in order to complete an identity proofing transaction, you may choose not to provide certain identity attributes to us. You may also choose not to start or complete the identity proofing transaction by navigating away from our website in your browser. And lastly, you may choose to complete the identity proofing process, but not share the resulting verified information with the service or agency that you're trying to access. However, there are some things you should know about these choices:
- If you choose not to provide the PII that we request to complete an identity proofing transaction, we may not be able to verify you successfully.
- If you leave the identity proofing process or choose not to share the results of your verification with the service or agency that you're trying to access, you may not be eligible to use that service. However, we don't have any control over how a third-party service will respond if you choose to remain unverified.
Biometric Identity Verification
Facial biometric identity verification is performed by comparing two or more captured images of faces. For example, we may compare the face on a government-issued photo ID against a "selfie" that you capture and send to us. The biometric identifiers used to perform this comparison are derived from the photographs that you submit. After performing the comparison, the biometric identifiers are destroyed within 24 hours, although the underlying photographic images may be retained for longer. We may also re-analyze the photographic images to confirm the results of an initial identity verification, and the resulting re-created biometric identifiers will similarly be destroyed within 24 hours after re-analysis. Because biometric identifiers are derived from these photographic images for the initial purpose of identity verification and fraud prevention, you agree that we may use this biometric information for up to 3 years after you submit it to us.
You acknowledge and agree that:
- biometric information is being collected from you when you submit images to us;
- you have been informed in writing of the specific purpose and length of term for which biometric information is being collected, stored, and used; and
Remote Identity Proofing
In order to complete Remote Identity Proofing at Assurance Level 3, you must provide (and are attesting to the possession of) the following information about yourself:
- Given and family names;
- Full address of your primary residence (including street number, street name, building unit [if applicable], city, state, and ZIP code)
- Birthdate (including full day, month, and year of birth)
- Social Security number (SSN)
- Mobile phone number
If we are unable to confirm that you are the primary owner of the mobile phone number that you provide, we may ask you to provide:
- A financial account number (such as a checking account, savings account, or credit card)
In order to successfully complete Remote Identity Proofing:
- You must successfully complete a knowledge-based out-of-wallet quiz
- You must demonstrate that you have access to your mobile phone (or financial account, if you don't have your mobile phone with you)
- We must be able to corroborate your full legal name, full birthdate, full home address, SSN, and mobile or financial account number against authoritative databases, such as those maintained by consumer data bureaus, financial institutions, and government agencies.
- We must be able to confirm your address of record during the credential issuance process by verifying a unique code that we send you.
If we detect anomalies or suspicious activity during the identity proofing process, we may automatically fail your identity proofing attempt or ask you to provide supplemental identity documents, even if you answer the knowledge-based quiz correctly.
You acknowledge that, due to the inherent nature of remote identity proofing, we will need to share your personal information with third parties for the sole purpose of confirming its authenticity. Those third parties may include consumer data bureaus, government agencies, financial institutions, mobile network operators, and other vendors that provide access into these systems. The information is not shared or used for our own or third party marketing purposes.
All successfully identity-proofed credentials are valid for 5 years, at which point you will need to re-verify your personal information. If your personal information changes before then (for example, you change your name or your primary address), you can update your records by re-verifying yourself through this process.
We retain a record of all identity proofing transactions, both successful and unsuccessful, for a minimum of 5 years. This record includes relevant facts related to the verification process, such as the date and time that it was performed, which verification processes were initiated, and the results of the verification. The retained record does not include sensitive personal information.
If a Relying Party (someone who requires you to provide an identity before accessing their services, such as a government agency or financial institution) has directed you to Identity.com to verify your information, you agree that we may share verification results with that Relying Party.