Preventing Identity Theft
ORGiD enables its Customers to comply with any regulatory requirements to identify, prevent, and mitigate identity theft and provides a means by which Users can report identity theft to us in a safe and secure manner.
Definitions
"Account" means a unique value that identifies and associates a person or an organisation on the ORGiD platform.
"Administrator" means a person authorised by a Customer organisation to operate the Account on behalf of the Customer.
"Customer" means the Party subscribing to an ORGiD license under an ORGiD Agreement.
"Device" means a computer (desktops, laptops, telephones and tablets) or another electronic machine to access an ORGiD Account.
"Identifying Information" means any name or number that may be used alone or in conjunction with any other information to identify a specific person, including name, address, telephone number, social security number, date of birth, driver's license or identification number, alien registration number, passport number, employer or taxpayer identification number.
"Identity Theft" means a fraud committed or attempted using the identifying information of another person without authority.
"Protected User Account" means a User account subject to a reasonably foreseeable identity theft risk.
"User" means any person authorised by the Customer to access and use an ORGiD Digital Identity Card.
Goals
We strive to prevent:
Fraudulent Customer accounts from being created
Fraudulent Customer Administrators accessing an ORGiD Customer account
Fraudulent Users or Devices accessing another User account
Fraudulent creation or modification of Digital ID cards by Customers or their Users
Fraudulent use, duplication or sharing of ID cards by Users
Exchanging data from the ORGiD app to fraudulent third parties
METHODS
App User Notifications & Safeguards
We automatically notify each User to their email address of any new Device logging into their Account and having access to their digital ID cards. We also notify Users of any change requested to their Account's registered email address and phone number. We require any change in the email address or phone number to go through a double confirmation process with both the old and new email addresses to confirm the change.
Customer Notices
When adding an Identity Card to a User Account, Users are notified that we may submit their identity and Device data to the Customer, who will issue the card to verify their identity and to prevent identity theft. We provide options for Customers to receive notifications of changes to their related User accounts. This notification will let them know when cards are duplicated, new Devices are added, or specific information has changed. The Customer can then determine their obligations to investigate.
ORGiD Customer Admin Portal Administrator Safeguards
Customers manage their ORGiD Customer Admin Portal and are solely responsible for the account administrators they invite to manage their Customer account and the accuracy of the data they add, edit, modify or delete from their Customer account. The invitation process uses a two-factor activation to confirm the invitee's email address. Customers can instantly revoke any administrator's access to the ORGiD Customer Admin Portal from within the ORGiD Customer Admin Portal. Roles are given to each administrator so that access can be configured only by those with more privilege. ORGiD will keep a log of most of the actions taken by each administrator. An email notification is sent to ORGiD Customer Admin Portal administrators when a new administrator is added, or an existing administrator is removed from the system.
TRIGGERS
Suspicious Documents:
Presentation of suspicious documents that appear to be altered, forged, or inauthentic, including an inconsistent appearance of photographs or physical description of a document by the person presenting it.
Suspicious Personal Identifying Information:
Presentation of inconsistent personal identifying information such as:
Inconsistent identity data submitted for an Account
A telephone number or email address that is used by another Account
Repeated failure to provide complete identifying information
Multiple failed access attempts to an Account
Suspicious use of the ORGiD app
Including but not limited to:
Non-customer email is used, unless the Customer has approved this
Material number of changes to a Customer Account or a Customer User Account
The number of Devices a User ID card is associated with.
Country differences between the Device and the Customers' cards
RESPONSE
Reporting:
We investigate and report suspected identity theft to the Customer issuing Digital Identity Cards so that they can investigate and respond appropriately according to their policies. We provide Customers with the ability to suspend or remove Digital Identity Cards instantly from Accounts or Devices where identity theft is suspected, and we provide the contact information of the authenticated User.
There are various types of identity theft we report, including but not limited to the following:
Suspected unauthorised creation of an ID Card linked to someone else's identity.
Suspected unauthorised use of an ID Card linked to someone else's identity.
Suspected tampering with an ID Card cryptography.
Suspected use of another person's photo for a person's own identity.
Suspected use of another person's information for a person's own identity.
Suspected unauthorised claim of authority to a User account or a Customer account.
Suspected creation of a false identity with the intent to use it fraudulently