FB pixel

Socure explains identity verification compliance to 2 state lawmakers

Socure explains identity verification compliance to 2 state lawmakers
 

A pair of lawmakers in different states are objecting to state digital identity verification contracts held by Socure. At issue appears to be an objection to the use of personally identifiable data to identify persons, and a claim that the company’s terms of service clash with a new data protection law.

New York State Senator Jeremy A Cooney claims in a letter addressed to State Chief Information Officer Dru Rai that Socure is a “data broker,” and asks how the company was vetted prior to being awarded the state contract. Cooney is chair of the Senate Procurement and Contracts Committee.

The letter states that digital identity verification is crucial for New Yorkers to access public services. He notes a February letter to Socure CEO Johnny Ayers from State Rep Ritchie Torres asking about discrimination concerns. The company told StateScoop that it met with Torres’ office after receiving the letter. Cooney also refers to a lawsuit by a former commercial customer which claims Socure cut its annual fraud loss by 31 percent, far less than an advertised rate of 95 percent.

“It collects, purchases and stores billions of data points, including sensitive personal identifiable information, on New Yorkers without their consent to confirm their identities,” he writes.

Cooney’s letter concludes with seven questions about whether Socure’s technology has been properly evaluated for performance and bias, whether it complies with state data privacy law, and human review practices.

Portions of the letter reflect a fundamental misunderstanding of what Socure does, VP of Public Strategy Jordan Burris told StateScoop.

“We do not sell data to third parties, we do not use it for marketing. We do not use it to run a marketplace, offering online discounts for e-commerce, like other companies in the space,” Burris says. “We are only focused on verifying identity and rooting out fraud, and ultimately, under looking at what is exactly New York State law today, we are not a data broker, and to suggest otherwise is simply false.”

Further, Burris says the company tests its technology for bias, involves humans throughout its identity verification process, and uses the data it collects only for the stated purpose.

Virginian delegate questions compliance with data protection law

In another letter to Ayers, Virginia Del. Cliff Hayes questioned whether Socure’s terms of use are compliant with state data protection law, The Virginian-Pilot reports.

Socure’s terms require users to seek redress for any problems through arbitration, rather than class action lawsuits. They also receive data requested from Socure under state law in zip file that discourages less tech-savvy users from getting full disclosure, he says.

But Socure says in a written response that it is abiding by all state laws, and the only requests for access come from Hayes and individuals hired by Socure competitors.

“We take seriously the rights granted by all privacy laws, including Virginia’s VCDPA, and have developed a careful process to respond to all requests in a timely and compliant manner,” the letter states. “Upon review, we are confident there is no disruption to Virginians’ ability to exercise any rights granted by the VCDPA, as a result of the processes we employ.”

Socure’s white paper on “Responsible Biometrics: A Guide to Ethical and Secure Identity Verification” explains how the company’s biometric identity verification works, and how it protects against fraud. It also sets out Socure’s approach to transparency and validation through testing.

Hayes has referred the matter to Attorney General Jason Miyares, who is responsible for enforcing Virginia’s Consumer Data Protection Act, which took effect in 2023.

Hayes has been fending off criticism of his own, with The Associated Press reporting last October that he may have violated state residency rules.

At the federal level, the GSA has turned to Socure and a number of its competitors for a face biometrics pilot to secure access to Login.gov, to prevent fraud with more robust identity verification.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Saudi Arabia’s Absher digital identity for financial inclusion and transactions

The Absher platform in the Kingdom of Saudi Arabia has emerged as the core pillar of the country’s efforts towards…

 

Malawi begins biometric voter registration pilot to test new system

A trial voter registration process will begin in Malawi tomorrow September 13 to put the country’s new Electoral Management Device…

 

Biometrics pilots, launches and investments foreshadow next areas for growth

Biometrics pilots, a patent, predictions and acquisitions paint a picture in the most popular news items of the week on…

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

 

Google announces beta test for digital IDs based on biometrics and US passports

A new type of digital ID based on U.S. passports in Google Wallet has been introduced ahead of beta testing….

 

Permira finalizes $1.3B majority stake acquisition of BioCatch

Permira Growth Opportunities has completed the acquisition of a majority position in behavioral biometrics and fraud prevention business BioCatch, four…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events