To provide our Identity Services, we need to collect certain information about our clients’ users. The exact information needed depends on the check that’s being carried out or the service being provided on behalf of our client. For example, when verifying the identity of a user, we’ll ask for an image or images of their identity document as well as a picture or video of their face. We’ll then seek to verify whether the identity document is likely to be genuine and whether the person in the photo or video is likely the same person pictured in the identity document. We will also look to identify signs of fraud (for example, someone wearing a mask to impersonate another person or to conceal their own real identity). If the user is successful on both the document and facial verification checks, Freedom ID’s client will likely consider the user to have proven their identity.
In some cases, we may also further check whether we have previously verified a user on behalf of a specific client by comparing the picture of their face to the pictures previously provided by that client. This helps our client not only verify identity but further protects them and their users by helping them understand when a user may be generating multiple identities.
To do all of this, we closely examine the information contained in the images, including the machine-readable data (such as an identity document’s barcode) and the image metadata (such as the name of the camera model used to take the image).
The Freedom ID Identity Lifecycle below shows the different sources of the information that we collect.
Agencies are organizations that have asked Freedom ID to verify an identity or carry out checks related to that identity. Once we have verified an identity or run a check, we share the results with the agencies in an Freedom ID Report. The agency then decides how they want to proceed with the user based on the results. In some cases, the client might ask for additional information before making a decision. Also, some agencies only ask us to carry out a check if an earlier check was passed or not passed. This ensures we only do the minimum number of checks needed.
Users are individuals whose identities we verify or otherwise check on behalf of our clients. We collect users’ information from clients or directly from the users themselves. This information might include an image or images of an identity document (e.g. a passport or a driver's license), photos (at times, taken in quick succession for anti-fraud purposes) or a video of the user, and the biometric facial identifiers extracted by Freedom ID from those images. This enables us to help the client verify that the user is the true owner of the identity document and that the document does not show signs of fraud. In some circumstances, we may also collect device identifiers to help us understand whether a device has previously been used in relation to suspected fraudulent activity. Similarly, we also collect information about compromised identities that have been leaked or otherwise made available on the internet to further combat fraud. Lastly, we will collect IP addresses to determine the city and country in which a user is located so that we may provide them with a localised service, where required to meet our legal obligations. We may also consider whether the IP address has been manipulated or shows unusual usage patterns.
Data providers are used to provide additional information when our clients require specific checks about users. For example, if we need to verify a user’s right to drive, we might ask for additional information from the appropriate governmental agency.
We also keep logs of how our clients, users, and data providers interact with our Identity Services. This might include timestamps of when the information was submitted to Freedom ID, and information about the device used to submit that information.
Sometimes, we receive information we don’t need to provide our Identity Services. For example, instead of a picture of their identity document, a user might upload a completely unrelated image. When this happens, we seek to delete this data.