vID Enrollment and Identity Proofing Practices Statement

IAL2 Remote Unattended (Unsupervised) Identity Proofing

Document ID: vID‑EIPPS‑IAL2‑RU‑001
Version: 1.0
Effective date: 2025-09-20
Owner: Cerebrum Trust & Security Team
Applies to: vID identity proofing services provided directly to Relying Parties (RPs) and via vID reseller/partner channels (including CRA-network partners).
Conformance statement: vID self-attests that the processes described in this document are implemented for offerings represented as NIST IAL2. Where an RP program is configured differently, vID documents the variance in an RP program addendum.

1. Service description and IAL2 process steps

vID provides remote unattended identity proofing at NIST IAL2. The service establishes a subscriber identity record for an applicant and returns an identity proofing result to an RP via API and/or partner integration.

vID’s IAL2 remote unattended process follows the same sequence reflected in the MITRE IAL2 Unsupervised Remote template: applicant notice/consent, core attribute collection, identity resolution, evidence collection, evidence validation, identity verification, and enrollment into a subscriber record.

Process steps (as implemented for IAL2):

Step 1 — Notice and consent. vID presents the applicant with an identity proofing notice (including biometrics notice) and captures the applicant’s explicit consent for data collection and biometric use.
Step 2 — Attribute collection. vID collects core attributes (see Section 8), including at least one government identifier.
Step 3 — Identity resolution. vID attempts to resolve the claimed identity within the RP context, including checks for duplicates and internal consistency of attributes and evidence.
Step 4 — Evidence collection. vID collects identity evidence sufficient to satisfy IAL2 evidence requirements (see Section 4).
Step 5 — Evidence validation. vID validates each presented piece of FAIR/STRONG evidence using approved validation techniques (automated document authentication and, when required, trained human review).
Step 6 — Identity verification (binding). For remote unattended IAL2, vID verifies the applicant’s ownership of all presented identity evidence using approved pathways (typically the biometric pathway).
Step 7 — Enrollment and notification of proofing. Upon success, vID creates/updates the subscriber identity record and sends a notification of proofing to a validated postal address or phone number as required for IAL2.

2. Applicant notice: available processes, required evidence, purpose of collection, biometrics use

vID provides applicants with clear notice before collecting evidence or biometrics. The notice describes:

the identity proofing type (remote unattended),
the evidence required for the RP’s IAL2 package,
the personal information collected and why it is collected,
how identity images and biometric information are used, retained, and deleted, and
how applicants can obtain support or dispute participation.

Purpose limitation (what vID uses data for): identity proofing, fraud prevention, redress/repudiation handling, auditability, customer support, and RP-required compliance obligations.

Biometrics notice and consent: vID obtains explicit informed consent for biometric collection/use, stores a record of that consent associated to the subscriber record, and provides a documented deletion process and default retention period for biometric information.

3. Timely conclusion of identity proofing

vID is designed to conclude IAL2 proofing in the same session when automated checks succeed. If a proofing attempt cannot be completed (e.g., capture quality, validation source unavailable, mismatch), vID closes the attempt under RP-defined SLAs and session timeouts and provides the applicant a retry path or an alternate evidence path (Section 7). vID does not keep identity proofing attempts open indefinitely once the applicant has either satisfied requirements or failed them.

4. Evidence accepted and strength justification (IAL2)

4.1 NIST IAL2 evidence combinations

For IAL2, vID requires evidence meeting NIST IAL2 evidence collection rules: (a) one FAIR + one STRONG, (b) two STRONG, or (c) one SUPERIOR.

4.2 Evidence strength mapping used by vID

vID aligns accepted evidence to NIST’s evidence strength examples and documents any RP-specific additions in an “Evidence Acceptance Register” maintained under change control (Section 9). NIST’s current example sets include (non-exhaustive): FAIR (e.g., Student ID Card), STRONG (e.g., Driver’s License/State ID), SUPERIOR (e.g., US Passport, International e‑Passport).

4.3 vID accepted documents (operational policy)

vID supports the following primary identity documents for name + birthdate collection and identity evidence capture:

vID category	Accepted documents	How they are used for NIST IAL2 evidence
Primary identity document(s)	State-issued driver’s license; State ID card (where state ID standards are comparable to DL); U.S. passport; U.S. passport card; Foreign passport with passport number; U.S. Coast Guard merchant mariner card; USCIS permanent resident card; USCIS employment authorization card	vID treats these as STRONG or SUPERIOR when the evidence meets NIST strength requirements and vID can perform required validation + verification steps for the evidence type. Driver’s licenses/state IDs are STRONG examples; US passport and international e‑passport are SUPERIOR examples.

vID supports the following secondary identity documents that are commonly collected to validate address and/or strengthen the proofing package when a step‑up is required by RP program policy:

vID category	Accepted documents	How used for NIST IAL2 evidence
Photo-bearing secondary identity evidence	Current school ID with photograph	May be used as NIST FAIR evidence when validated and verified via physical/biometric comparison to the ID portrait.
Government/official secondary documents (non-photo or variable formats)	Social Security card; state birth certificate; marriage certificate; court order for name/gender/adoption/divorce; draft record; Native American tribal document; consular report of birth abroad; tribal/BIA ID card; vehicle registration/title; voter registration card	Collected for attribute validation and fraud resistance per RP program policy. These are not relied upon to satisfy NIST FAIR evidence unless the document type and vID’s validation/verification method meet NIST FAIR requirements for the evidence class used (e.g., photo tribal ID that qualifies as STRONG in NIST examples).

vID supports the following “other secondary documents” for address corroboration and fraud deterrence (program-dependent requirements):

Bank/loan/financial statements (must show full account number, full name, current address);
cable/internet bill;
electric/gas/water bills;
medical bill;
phone bill;
pay stub (pay details may be redacted).

These documents must show a statement/due date within the last year, full name, current address, and account number (except pay stubs).

Important compliance note (how these are treated for NIST IAL2): in NIST SP 800‑63A‑4, FAIR evidence examples for “Financial Account” and “Phone Account” are tied to validated account possession methods (e.g., microtransaction, enrollment codes, or AAL2-authenticated assertions), not simply imaging a statement. vID therefore treats imaged statements/bills as attribute evidence and fraud signals unless the RP program enables an approved account-possession verification method consistent with the NIST FAIR evidence examples.

4.4 vID “non‑REAL ID / step‑up” evidence policy (your described operating model)

When the primary document is non‑REAL‑ID, when issuing-source validation is unavailable, or when the RP program requires additional confidence, vID applies a step‑up package that, at minimum, still satisfies the NIST IAL2 evidence rule above and then adds extra evidence as a risk control.

Operationally, this step‑up package commonly includes: a STRONG or SUPERIOR primary document; a photo-bearing FAIR evidence item (typically a school ID with photo) or a second STRONG identity document; collection of SSN as an additional government identifier; and collection of two additional secondary documents from the address-corroboration list for consistency checks and fraud deterrence. The additional documents do not replace the requirement to meet the NIST IAL2 evidence combination. ([NIST Publications][2])

5. Evidence validation and verification, including personnel training

5.1 Evidence validation

For each presented FAIR or STRONG evidence item, vID performs validation using approved methods such as automated scanning that detects physical security features, interrogation of digital security features where available, and/or trained personnel review in asynchronous workflows.

Where available, vID performs issuing-source verification of DL/ID data via AAMVA DLDV, which provides real-time matching of submitted DL/ID data elements against issuing-jurisdiction records.

5.2 Identity verification (applicant-to-evidence binding)

For remote unattended IAL2, vID verifies the applicant’s ownership of all presented identity evidence.

vID’s primary verification pathway is the IAL2 biometric pathway, using automated facial comparison between a live capture and the portrait on or associated with the presented evidence, with presentation attack detection (PAD) controls.

5.3 Personnel roles, training, and qualification

Remote unattended flows are automated by default. When vID uses human review (exception handling, image-quality remediation, suspected fraud review), reviewers are trained and periodically re-qualified on: document inspection and tamper indicators, visual facial comparison practices where applicable, and fraud/redress escalation procedures. Access to applicant evidence is restricted by least privilege and is audited.

6. Specific technologies employed

vID employs the following technology components as part of IAL2 proofing:

Document capture and authentication: image capture quality controls; document feature checks; tamper heuristics; structured data extraction (e.g., barcode/MRZ parsing where supported).

Issuing-source validation for U.S. DL/ID: AAMVA DLDV connector used in supported jurisdictions to validate data elements against the issuer record.

Biometric verification: one-to-one facial comparison between live capture and evidence portrait (and/or issuer-associated portrait when available), with PAD for remote capture. NIST requires PAD performance thresholds and conformance testing to ISO/IEC 30107‑3:2023 for remote biometric collection and comparison.

Optional credible-source integrations (program-dependent): CRA partner data used as a credible source for attribute validation (e.g., address/name consistency) and fraud checks, subject to RP permissible purpose and contractual controls.

7. Applicants lacking sufficient evidence; exceptions and error handling

If an applicant cannot satisfy the RP’s IAL2 evidence package (e.g., missing acceptable evidence, capture failure, mismatch), vID provides one or more of the following program-defined outcomes: retry within the same session window, alternate evidence path (e.g., second STRONG instead of FAIR), exception review, or fail with clear instructions for next steps and redress.

When upstream validation sources are unavailable (e.g., DLDV connectivity), vID either routes the applicant to a compliant step‑up package that does not depend on the unavailable source or stops the proofing attempt and offers a retry. vID logs the failure mode for audit and metrics.

8. Core attributes and authoritative/credible sources for validation

8.1 Core attributes

For IAL2, vID treats the following as core attributes for proofing within an RP program: legal name; date of birth; physical address (when the RP requires address as a core attribute); and at least one government identifier (e.g., DL/ID number, passport number, and/or SSN). NIST requires that the CSP collect all core attributes, including at least one government identifier.

8.2 Attribute validation sources

vID validates attributes using a mix of: attributes derived from validated evidence; authoritative sources where available; and credible sources (optional) for consistency and fraud checks.

Authoritative/issuer-adjacent validation used by vID includes AAMVA DLDV for DL/ID data element matching against issuer records in supported jurisdictions.

Credible source validation may include CRA partner data for address/name consistency when enabled by RP program configuration.

9. Managing and communicating service changes to RPs

vID maintains change control over identity proofing components that can materially affect assurance outcomes, including: evidence acceptance rules; validation sources (e.g., DLDV coverage); fraud signals; biometric/PAD algorithms or thresholds; retention schedules; and subprocessor/vendor changes.

Material changes are communicated to RPs (and partner-resellers where applicable) through release notes and contractual notice mechanisms. Emergency security changes may be implemented immediately with post-deployment notification.

10. Fraud management, remediation, and communications

vID maintains a fraud management program that includes prevention, detection, investigation, remediation, and redress. Fraud controls include document fraud indicators, biometric mismatch/PAD signals, velocity/anomaly monitoring, and optional credible-source fraud indicators.

When suspected or confirmed fraud is detected, vID may: fail or suspend the proofing attempt; require step‑up evidence; prevent enrollment; or flag the resulting subscriber record. vID communicates suspected/confirmed fraud events to the RP through the agreed integration channel and provides instructions for affected individuals to repudiate or dispute enrollment via the vID redress process.

Notifications of proofing support repudiation by providing clear dispute instructions and contact information.

11. Reverification triggers

vID requires IAL2 reverification when the binding to the subscriber’s identity is no longer sufficiently trustworthy under RP policy, including: account recovery that changes possession factors materially; suspected account takeover; substantial changes to core attributes; evidence re-use patterns suggesting compromise; regulatory recertification; or prolonged account dormancy where the RP requires re-proofing.

12. Privacy risk assessments

vID conducts privacy risk assessments for identity proofing, including review of data minimization, retention, biometric impacts, and disclosures to RPs/partners. Reviews occur on a periodic cadence and out-of-cycle upon material changes (new evidence types, new data sources, new biometric/PAD components, new retention rules, or significant scope expansion).

NIST specifies requirements for biometric consent, retention policies, and deletion processes that vID incorporates into these reviews.

13. Customer experience assessment

vID evaluates customer experience through funnel analytics (completion, failure by step, abandonment), support/redress themes, and usability testing methods appropriate to RP populations. Reviews occur periodically and out-of-cycle when completion rates materially degrade, when fraud pressure shifts, or when major UI/process changes are released.

14. Retention, protection, deletion, and treatment upon cessation/transfer

14.1 Protection

vID protects identity proofing data via encryption in transit and at rest, strict access control, audit logging, and least-privilege role design. Access to stored evidence is limited to operational necessity (support, dispute handling, compliance).

14.2 Retention and deletion

Biometric templates/vectors: vID deletes derived facial vectors/templates immediately after verification is complete.
Captured evidence images: vID retains government ID images for 3 years by default, or 7 years when the proofing outcome is used in a consumer reporting context requiring extended retention under RP program obligations.

Because NIST defines biometric information broadly to include live samples and facial images contained on identity evidence, retained ID images that contain a face portrait are treated as biometric information for purposes of retention/deletion policy transparency.

vID maintains a documented deletion process and default retention periods for biometric information and supports deletion requests where not restricted by law, regulation, or RP program requirements.

Restricted evidence types (example: certain military IDs): when images are not preserved due to operational or legal constraints, vID retains the minimal verification outcome metadata needed for auditability (e.g., evidence type, method, timestamps, and pass/fail).

14.3 Cessation, merger, or transfer

If vID ceases operations or transfers the identity proofing service, vID will either securely delete retained personal/evidence data under documented procedures or transfer it under contractual terms that preserve confidentiality, access controls, retention limits, and deletion commitments at least as protective as this statement, with RP notice consistent with contract.

15. Performance metrics: reporting and updates

vID operates a continuous evaluation program and maintains documented metrics, data sources, and processes for taking timely action based on outcomes, consistent with SP 800‑63’s continuous improvement approach.

At minimum, vID tracks metrics aligned to NIST-recommended categories, including proofing pass/fail/abandonment rates, step-level failure rates, completion times, fraud rates (suspected/reported/confirmed), and support/redress volumes and outcomes.

vID shares RP-facing metrics and material trend changes under the reporting cadence and format defined in RP agreements.

16. Access/removal upon subscriber death or incapacitation

Upon receipt of legally sufficient notice of death or incapacitation (e.g., verified death notice, court order, or authorized representative documentation), vID will follow RP program policy to restrict, suspend, or remove access to the subscriber record and associated authenticators, while minimizing disclosure and maintaining an audit trail of actions taken.