Identity Proofing Policy

Last Updated: July 8, 2019
Effective: July 8, 2019

This Identity Proofing Policy ("Policy") governs all identity proofing services ("Identity Proofing Services") provided by Inflection Risk Solutions, LLC ("we", "us", "our", "Inflection"), and is incorporated as Additional Service Terms into the Inflection Terms of Use. You ("you", your") must agree to the terms outlined in this Policy before you can use the Screening Services.


General Terms

Description of Services

Inflection provides a number of identity proofing and verification services, including:

  • Identity validation based on authoritative records

  • Government ID and document validation

  • Remote identity proofing that meets NIST SP 800-63-2 Assurance Level 3 standards

Depending on the nature of the identity proofing requested, different procedures may be followed, and your information may be shared with authoritative third-party sources for validation (e.g. we may send the phone number you provide to us to your mobile carrier to confirm that the account is valid.) All personally identifiable information ("PII") that you provide to us is only used and shared in accordance with our Privacy Policy.


Your Data Choices

When we request PII from you in order to complete an identity proofing transaction, you may choose not to provide certain identity attributes to us. You may also choose not to start or complete the identity proofing transaction by navigating away from our website in your browser. And lastly, you may choose to complete the identity proofing process, but not share the resulting verified information with the service or agency that you're trying to access. However, there are some things you should know about these choices:

  • If you choose not to provide the PII that we request to complete an identity proofing transaction, we may not be able to verify you successfully.

  • If you leave the identity proofing process or choose not to share the results of your verification with the service or agency that you're trying to access, you may not be eligible to use that service. However, we don't have any control over how a third-party service will respond if you choose to remain unverified.


Service-Specific Terms

Remote Identity Proofing

In order to complete Remote Identity Proofing at Assurance Level 3, you must provide (and are attesting to the possession of) the following information about yourself:

  • Given and family names;

  • Full address of your primary residence (including street number, street name, building unit [if applicable], city, state, and ZIP code)

  • Birthdate (including full day, month, and year of birth)

  • Social Security number (SSN)

  • Mobile phone number

If we are unable to confirm that you are the primary owner of the mobile phone number that you provide, we may ask you to provide:

  • A financial account number (such as a checking account, savings account, or credit card)

In order to successfully complete Remote Identity Proofing:

  • You must successfully complete a knowledge-based out-of-wallet quiz

  • You must demonstrate that you have access to your mobile phone (or financial account, if you don't have your mobile phone with you)

  • We must be able to corroborate your full legal name, full birthdate, full home address, SSN, and mobile or financial account number against authoritative databases, such as those maintained by consumer data bureaus, financial institutions, and government agencies.

  • We must be able to confirm your address of record during the credential issuance process by verifying a unique code that we send you.

If we detect anomalies or suspicious activity during the identity proofing process, we may automatically fail your identity proofing attempt or ask you to provide supplemental identity documents, even if you answer the knowledge-based quiz correctly.

You acknowledge that, due to the inherent nature of remote identity proofing, we will need to share your personal information with third parties for the sole purpose of confirming its authenticity. Those third parties may include consumer data bureaus, government agencies, financial institutions, mobile network operators, and other vendors that provide access into these systems. The information is not shared or used for our own or third party marketing purposes.

All successfully identity-proofed credentials are valid for 5 years, at which point you will need to re-verify your personal information. If your personal information changes before then (for example, you change your name or your primary address), you can update your records by re-verifying yourself through this process.

We retain a record of all identity proofing transactions, both successful and unsuccessful, for a minimum of 5 years. This record includes relevant facts related to the verification process, such as the date and time that it was performed, which verification processes were initiated, and the results of the verification. The retained record does not include sensitive personal information.