Two points - 1. The Social Security Number Verification Service is another authoritative source. 2. Arguably, being subject to regulatory oversight isn't clear enough to mean anything substantial. All these entities are subject to numerous privacy-related regulations, and depending on the specific database, can be subject to regulations related to KYC/AML or FTC data security requirements to name a few. On Tue, Sep 17, 2024 at 12:17 PM Jimmy Jung <jimmy.jung@slandala.com> wrote:
.. but there was one I kind of wanted to get out there early.
CSPs SHOULD collect core attributes, but SHALL validate them with authoritative or credible sources, which seems to point to some perverse incentives.
But more critically, looking at the definitions of authoritative and credible sources; am I mistaken, but is AAMVA the ONLY accessible authoritative source? And does linking “regulatory oversight” to the credible sources severely limit it to the big 3 credit bureaus and maybe a few more? (did MNO aggregators just drop out?)
jimmy
2.4.2.4. Validation Sources
The CSP SHALL use authoritative or credible sources that meet the following criteria. 760
An authoritative source is the issuing source of identity evidence or attributes, or has 761
direct access to the information maintained by issuing sources, such as state DMVs for 762
driver’s license data and the Social Security Administration for Social Security Cards 763
and Social Security Numbers. An authoritative source may also be one that provides or 764
enables direct access to issuing sources of evidence or attributes, such as the American 765
Association of Motor Vehicle Administrators’ Driver’s License Data Verification (DLDV) 766
Service. 767
A credible source is an entity that can provide or validate the accuracy of identity 768
evidence and attribute information. In addition to being subject to regulatory oversight 769
(such as the Fair Credit Reporting Act (FCRA)), a credible source has access to attribute 770
information that can be traced to an authoritative source, or maintains identity attribute 771
information obtained from multiple sources that is correlated for accuracy, consistency, 772
and currency. Examples of credible sources are credit bureaus that are subject to the 773
FCRA. 774
13
_______________________________________________ A Community Group mailing list of KantaraInitiative.org WG-IDAssurance mailing list -- wg-idassurance@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/wg-idassurance@kantara... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/WG-IDAssurance
-- Yehoshua Silberstein | Senior Counsel, Product Compliance R&D yehoshua@proof.com (857) 577-8144 Notarize is now a Proof brand 🎉 We hope you love our new look and feel as much as we do! NOTICE: This email may contain proprietary, business-confidential, and/or privileged material. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited. This email does not constitute a signed writing for purposes of a binding contract.