Biometric Transaction Rationale

While performing a Verified biometric authentication, it is required to provide a rationale for the acquisition of biometric data by citing the specific objective sought to be completed by the user. This reference must be succinct and appear contemporaneously with the biometric consent on the same screen.

Clearly stating the purpose of data collection is critical for both compliance with data privacy regulations and establishing an audit trail for potential disputes. Customers may choose to retain the approval rationale within their systems or transmit it to authID through an API during the creation of the biometric transaction. In cases where the rationale is sent to authID, it is vital to ensure that the user-facing message aligns with the information transmitted through the API. This message is then stored in an audit log, which can be accessed as needed.

📘

Go-live Certfication Requirement

Customers implementing the authID Essential UI must demonstrate adherence to transaction rational guidance in order to attain certification for go-live.

Developers can include key-value pairs in the POST body of an API call to enrich transaction data when initiating a transaction. This process is outlined in the development documentation section titled "The User Verification / Transaction Authorization." Below is an example:

"timeout": 72000,

"confirmationPolicy": {  

    "transportType": 0,  

    "credentialType": 1  

},  

"accountNumber": "[email protected]",  

"name": "Verify_Identity",  

"customData": [  

    {  

        "key": "Purpose",  

        "value": "Authorize Funds Transfer Amount $10000 from John Doe to Jane Doe"  

    }  

]

If required, the developer can provide several key-value pairs.

Below are examples of best practices for user communication (see Figure 1):

• Authorize a $10,000 fund transfer.
• Approve the addition of a new account beneficiary.