Biometric Transaction Rationale

While performing a Verified biometric authentication, it is required to provide a rationale for the acquisition of biometric data by citing the specific objective sought to be completed by the user. This reference must be succinct and appear contemporaneously with the biometric consent on the same screen.

When collecting data, it is important to state the purpose of the collection, both to comply with data privacy regulations and to establish an audit trail in case of disputes. Customers can choose to keep the approval rationale within their system or transmit it to authID through an API during the creation of the biometric transaction. In the latter case, it is important to ensure that the message given to the user matches the information sent to authID through the API. This message is then stored in an audit log, which can be accessed as needed.

📘

Go-live Certfication Requirement

Customers implementing the authID Essential UI must demonstrate adherence to transaction rational guidance in order to attain certification for go-live.

Developers can provide key-value pairs to the POST body of an API call to expand transaction data when starting a transaction as outlined in the section of development documentation titled "The User Verification / Transaction Authorization." The distinction is indicated below:

"timeout": 72000,

"confirmationPolicy": {  

    "transportType": 0,  

    "credentialType": 1  

},  

"accountNumber": "[email protected]",  

"name": "Verify_Identity",  

"customData": [  

    {  

        "key": "Purpose",  

        "value": "Authorize Funds Transfer Amount $10000 from John Doe to Jane Doe"  

    }  

]

If required, the developer can provide several key-value pairs.

Find the below sample messages which represent the best practices for communicating with end users (see Figure 1):

• Authorize a $10,000 fund transfer.
• Accept the addition of a new account beneficiary.