privacy-policy.png
 

Identity Proofing Policy

Last Updated: July 25, 2017
Effective: July 25, 2017

This Identity Proofing Policy ("Policy") governs all identity proofing services ("Identity Proofing Services") provided by Inflection Risk Solutions, LLC ("we", "us", "our", "Inflection"), and is incorporated as Additional Service Terms into the Inflection Terms of Use. You ("you", your") must agree to the terms outlined in this Policy before you can use the Screening Services.

IF YOU DO NOT AGREE TO ALL OF THESE TERMS, YOU SHOULD NOT USE INFLECTION IDENTITY PROOFING SERVICES.

General Terms

Description of Services

Inflection provides a number of identity proofing and verification services, including:

  • Digital and biometric identity verification
  • Identity validation based on authoritative records
  • Government ID and document validation
  • Remote identity proofing that meets NIST SP 800-63-2 Assurance Level 3 standards

Depending on the nature of the identity proofing requested, different procedures may be followed, and your information may be shared with authoritative third-party sources for validation (e.g. we may send the phone number you provide to us to your mobile carrier to confirm that the account is valid.) All personally identifiable information ("PII") that you provide to us is only used and shared in accordance with our Privacy Policy.

 

Your Data Choices

When we request PII from you in order to complete an identity proofing transaction, you may choose not to provide certain identity attributes to us. You may also choose not to start or complete the identity proofing transaction by navigating away from our website in your browser. And lastly, you may choose to complete the identity proofing process, but not share the resulting verified information with the service or agency that you're trying to access. However, there are some things you should know about these choices:

  • If you choose not to provide the PII that we request to complete an identity proofing transaction, we may not be able to verify you successfully.
  • If you leave the identity proofing process or choose not to share the results of your verification with the service or agency that you're trying to access, you may not be eligible to use that service. However, we don't have any control over how a third-party service will respond if you choose to remain unverified.

 

Service-Specific Terms

Biometric Identity Verification

Facial biometric identity verification is performed by comparing two or more captured images of faces. For example, we may compare the face on a government-issued photo ID against a "selfie" that you capture and send to us. The biometric identifiers used to perform this comparison are derived from the photographs that you submit. After performing the comparison, the biometric identifiers are destroyed within 24 hours, although the underlying photographic images may be retained for longer. We may also re-analyze the photographic images to confirm the results of an initial identity verification, and the resulting re-created biometric identifiers will similarly be destroyed within 24 hours after re-analysis. Because biometric identifiers are derived from these photographic images for the initial purpose of identity verification and fraud prevention, you agree that we may use this biometric information for up to 3 years after you submit it to us.

You acknowledge and agree that:

  • biometric information is being collected from you when you submit images to us;
  • you have been informed in writing of the specific purpose and length of term for which biometric information is being collected, stored, and used; and
  • by agreeing to the Terms of Use and this Identity Proofing Policy, you are providing a release to us in writing that you expressly authorize us to perform these activities.

 

Remote Identity Proofing

In order to complete Remote Identity Proofing at Assurance Level 3, you must provide (and are attesting to the possession of) the following information about yourself:

  • Given and family names;
  • Full address of your primary residence (including street number, street name, building unit [if applicable], city, state, and ZIP code)
  • Birthdate (including full day, month, and year of birth)
  • Social Security number (SSN)
  • Mobile phone number

If we are unable to confirm that you are the primary owner of the mobile phone number that you provide, we may ask you to provide:

  • A financial account number (such as a checking account, savings account, or credit card)

In order to successfully complete Remote Identity Proofing:

  • You must successfully complete a knowledge-based out-of-wallet quiz
  • You must demonstrate that you have access to your mobile phone (or financial account, if you don't have your mobile phone with you)
  • We must be able to corroborate your full legal name, full birthdate, full home address, SSN, and mobile or financial account number against authoritative databases, such as those maintained by consumer data bureaus, financial institutions, and government agencies.
  • We must be able to confirm your address of record during the credential issuance process by verifying a unique code that we send you.

If we detect anomalies or suspicious activity during the identity proofing process, we may automatically fail your identity proofing attempt or ask you to provide supplemental identity documents, even if you answer the knowledge-based quiz correctly.

You acknowledge that, due to the inherent nature of remote identity proofing, we will need to share your personal information with third parties for the sole purpose of confirming its authenticity. Those third parties may include consumer data bureaus, government agencies, financial institutions, mobile network operators, and other vendors that provide access into these systems. The information is not shared or used for our own or third party marketing purposes.

All successfully identity-proofed credentials are valid for 5 years, at which point you will need to re-verify your personal information. If your personal information changes before then (for example, you change your name or your primary address), you can update your records by re-verifying yourself through this process.

We retain a record of all identity proofing transactions, both successful and unsuccessful, for a minimum of 5 years. This record includes relevant facts related to the verification process, such as the date and time that it was performed, which verification processes were initiated, and the results of the verification. The retained record does not include sensitive personal information.

If a Relying Party (someone who requires you to provide an identity before accessing their services, such as a government agency or financial institution) has directed you to Identity.com to verify your information, you agree that we may share verification results with that Relying Party.