a) The purpose of this Credential Policy Statement (CrP) is to describe the policies under which CLEAR Verified is operated and delivered. These policies will support NIST 800-63A IAL-2 and NIST 800-63-B AAL2 requirements.
b) CLEAR Verified is a mobile, self-directed, unsupervised enrollment flow that allows individuals to verify and validate themselves at IAL2 and AAL2. Enrollment in this service SHALL be completed remotely and unsupervised.
c) CLEAR Verified is a commercially-available product that organizations purchase to verify their downstream end-users at no cost to the individual. Individuals enroll in the IAL2 flow in a remote, unsupervised medium by way of their mobile device.
1.2.1 CLEAR Applicant
Applicants who have completed the CLEAR Verified verification MAY use their CLEAR identity in other use cases upon the applicant’s consent.
1.2.2 CLEAR Partner
CLEAR’s enrollment to the Registered Traveler Program falls under the purview of the Transportation Security Administration (TSA). The proofed identity at the NIST 800-63A IAL2 compliant workflow is reusable.
1.3.1 Organization Administering the Document
Secure Identity, LLC
85 10th Ave; 9th Floor
New York, NY 10011
1.3.2 Credentialing Practices Statement (CrPS) approval
The CrPS is reviewed annually by CLEAR’s Product, Information Security, and Technology teams to confirm changes are adequately reflected. Once reviews and updates have been addressed, the CrPS is approved by the Chief Information Security Officer (CISO).
1.3.3 Jurisdictions
CLEAR operates the CLEAR Verified product in the United States only.
CLEAR SHALL publish its Credentialing Policy (CrP) regarding the CLEAR Verified service on its website and applicable devices, along with other terms of service as may be required to fully advise all necessary and appropriate parties, including its Terms of Use, Member Terms and Privacy Policy. These publications SHALL be maintained such that they always reflect the service as it is operated at any given time.
CLEAR SHALL maintain an internal repository of information relating to individual credentials, their statuses and an applicant's characteristic attributes and eligibilities as necessary to provide the CLEAR Verified service and comply with applicable obligations, including legislative and policy obligations and obligations arising under CLEAR's Terms of Use, Member Terms and Privacy Policy.
CLEAR’s Member Terms and Privacy Policy SHALL govern the circumstances under which applicant data may be shared.
a) CLEAR Verified is a remote, un-supervised IAL-2 enrollment;
b) Biometric verification is needed to prove the applicant’s identity for the purposes of matching the applicant to the supplied document, as outlined in section 3.3.
CLEAR’s Privacy Policy and Member Terms are invoked by this document.
3.2.1 Enrollment
Applicants SHALL be able to enroll in CLEAR Verified based solely on the evidence provided. Applicants SHALL complete their CLEAR Verified enrollment workflow remotely on their own mobile device.
3.2.2.1 CLEAR Verified Scope of Responsibility
CLEAR Verified SHALL NOT be used to determine access to benefits or services. CLEAR Verified’s scope of responsibility is providing a result of the IAL2 enrollment.
3.2.2 Account Creation
a. Applicants SHALL be presented with CLEAR’s CrP, Member Terms, and Privacy Policy.
b. Applicants SHALL be required to accept CLEAR’s CrP and Member Terms before being permitted to proceed with CLEAR Verified’s Enrollment. Electronic records of the acceptance of the CrP, Member Terms, Terms and Conditions and Privacy Policy are made along with the version of each and date/time of the acceptance.
c. CLEAR Verified applicants SHALL be required to re-accept Member Terms every 5 years. CLEAR Verified’s applicants’ enrollment date SHALL be tracked by CLEAR’s enrollment system. A re-enrollment of Member Terms, Document and Face every 5 years.
3.2.2.1 CLEAR Verified Availability
The CLEAR Verified system has a goal availability SLA of at least 99%.
3.2.3 Identity Proofing and Verification
3.2.3.1 Minors
Minors SHALL not be permitted to enroll through the CLEAR Verified service. CLEAR Verified SHALL only be available to users that are 18+ years old.
3.2.3.2 Minimum Collection of PII
Information collected in CLEAR’s identity proofing process is the minimum required to complete CLEAR’s identity checks for the CLEAR Verified service. This information SHALL include:
If the applicant has utilized CLEAR’s NextGen Identity+ service, previously shared information will be reused to establish a user account at the IAL2 level.
Applicants’ information SHALL be retained until the applicant requests a purge of their data (or as required by applicable law or CLEAR policy), as are the results of the validation checks on the information described below.
3.2.3.3 Evidence Collected from User
A Mobile Phone Number is collected and used to determine whether the user has a previously established CLEAR+ account.
If the user does not have a previously established CLEAR+ account, CLEAR SHALL establish the user's identity for the CLEAR Verified service by collecting 2 pieces of identity evidence, validating the evidence as being genuine and verifying it as belonging to the applicant.
Users are obligated by the Member Terms to provide full and correct responses to requests for information.
Evidence collected includes the following with variance by document type:
3.2.3.3.1 Document Evidence
a) U.S. Passport (without chip scan) that is confirmed to be authentic and confirmed against issuing sources (STRONG form of evidence).
b) U.S. state issued Driver's License or State ID that is confirmed to be authentic and confirmed against authoritative sources and/or issuing sources (STRONG form of evidence)
c) Validated mobile phone number which is corroborated against carrier data and publicly available data (FAIR form of evidence)
The government-issued ID SHALL be confirmed to be genuine by using a third-party software to evaluate its authenticity, check for security features, review for signs of tampering, and confirm that it is unexpired.
If the user has a previously established CLEAR+ account, CLEAR Verified will reuse proofing completed by CLEAR’s NextGen Identity+ service. The user will be rejected if their Passport is not from the US or is not a foreign Passport from a US Visa Waiver country.
3.2.3.3.1.1 Document Evidence Collection Process
The applicant will take a photo of the front and back of their Drivers License / State ID or just the photo ID + barcode page of their US passport.
The face comparison to the document is performed by a face match algorithm that CLEAR hosts, and operates with a False Match Rate (FMR) of better than 1 in 10,000.
The applicant’s name, DOB and physical address are extracted from their ID document. The applicant is also prompted to enter their first name, last name, and address. The self attested information is corroborated with the extracted document biographics. The data from the document is validated using biographic data corroboration against an authoritative source.
3.2.3.3.2 Phone Evidence
A mobile phone number that is verified as being in control and owned by the applicant is accepted as a FAIR piece of evidence.
All of these checks must confirm the veracity of the information for the enrollment to be successfully completed. The information that is confirmed is:
CLEAR retains logs with unique identifiers for each of these pieces of evidence received back from the biographic data and phone number corroboration processes that include all details related to the attempted enrollment for the CLEAR Verified Service.
In its identity proofing flow, CLEAR employs a Comparable Alternative in lieu of one piece of FAIR evidence. Our Comparable Alternative is based on the guidelines set forth by NIST SP-800-63-3 Section 5.4.
The CompAlt will align with the 800-53 Moderate controls for Identity Evidence and Identity Evidence Validation and Verification (e.g. 800-53 IA-12 (2) and (3)).
3.2.3.4 Enrollment Code Address of Record
CLEAR uses the applicant's phone number as their address of record for submitting their enrollment code. First, applicants receive a text message with a 6 character alphanumeric enrollment code that they must enter in the CLEAR Verified application to continue their enrollment for the CLEAR Verified service. This enrollment code is valid for up to 10 minutes when sent to a telephone number of record via SMS. The enrollment codes are not reusable after the first use nor after expiry.
This phone number is confirmed to be in control of the applicant using phone number corroboration, as described above. This validation assures that the applicant whose identity document has been supplied owns the phone number that was submitted to receive the code. This is done by matching against phone subscriber records and consumer reporting agency data. If discovered records do not match the information the applicant has submitted, this check will fail and they will be unable to successfully enroll at the CLEAR Verified IAL2 level of assurance.
All PII collected as part of the enrollment process including information from validation and verification sources are protected with safeguards that comply with NIST 800-53 moderate and high baselines. This is to ensure the integrity of the enrollment process for the CLEAR Verified service.
3.2.3.5 Errors and Redress
CLEAR provides a direct means to contact customer service in-line as part of the enrollment flow for applicants who have problems with identity proofing. When an applicant cannot successfully validate their identity with CLEAR Verified’s level of IAL2 assurance they are given the option to contact CLEAR customer service for help directly via the text channel using their mobile device. The text channel has lowest average response times of all CLEAR support channels (nearly real-time).
CLEAR customer service agents MAY help applicants navigate the enrollment process upon their re-attempt, and offer tips on how to address common issues (e.g, how to take a suitable photo of their document, or take an acceptable "selfie").
Customer service records applicant feedback and pain points to be shared with CLEAR's product team for ongoing product quality improvements.
Applicants MAY also contact CLEAR customer service via a variety of channels for assistance. CLEAR customer service support is available Monday - Sunday from 8:00am - 9:00 pm ET. CLEAR aims to handle all requests in a timely manner through the different mediums that we support including phone and email. Our SLAs are:
Full information can be found by going to CLEAR Support & FAQs.
3.2.3.6 Quality Management
CLEAR's product team and customer service leadership meet monthly to review feedback received from applicants about the CLEAR Verified proofing experience. Quality issues are also posted on secure, internal CLEAR communication channels for better communication across teams and faster resolution. This process is aimed at creating the smoothest experience for our users, while ensuring the integrity of the identity proofing process.
In addition, regular reporting on enrollment pass rates and fail rates helps identify areas for improvement and underlying issues, which are monitored on a continuous basis.
3.2.3.7 Notification of Proofing
Notification that the applicant has enrolled in CLEAR Verified is delivered by email once proofing has been completed.
3.2.3.8 Ceasing Identity Verification
In the event CLEAR ceases to conduct identity proofing and enrollment processes for the CLEAR Verified service, while maintaining other CLEAR services, CLEAR SHALL retain data in accordance with its Privacy Policy and section 3.3.3.1 below.
Where applicable, data is disposed of and destroyed using methods in accordance with the NIST-800-88 guidelines for data disposal. This includes ensuring secure deletion or destruction of PII including originals, copies, and archived records from all of CLEAR’s databases.
3.2.3.9 Updating Existing Enrollment
If the applicant decides to update parts of their CLEAR Verified enrollment, they will be advised to call Member Care who will facilitate with purging the applicant’s current account and prompting them to re-enroll to create a new CLEAR Verified identity.
All PII collected as part of the enrollment process including information from validation and verification sources are protected with safeguards that comply with NIST 800-53 high baselines. CLEAR retains a user’s data including authentication data and the PII listed in Section 3.2.3.2 until the user has requested a purge of their data, CLEAR policy or applicable law requires that it be purged in part or in whole. Data purge requests follow applicable security guidelines, outlined in CLEAR’s System Security Plan, sectionPRIV-DM-2 PII Data Retention and Disposal. Purge of data will disable the account and prevent use of CLEAR services. An applicant can request a purge of their data at any time by one of the following methods:
Refer to the Privacy Policy for more details.
Data is disposed of and destroyed using methods in accordance with the NIST-800-88 guidelines for data disposal. This includes ensuring secure deletion or destruction of PII including originals, copies, and archived records from all of CLEAR’s databases.
3.3.1 Revocation by CLEAR
CLEAR may revoke any credential in order to address instances of false representation, failure to comply with Member Terms, or for any other reason, at its sole discretion.
3.3.2 Revocation by Other Means
In the event of a user’s passing (death) or other legal concern around a user’s account, CLEAR Customer Support and CLEAR’s Legal Team shall handle any and all actions with regards to closing down the account.
3.3.3 Revocation by User
Once a revocation request is received and executed by CLEAR’s team, the user will immediately lose their ability to authenticate their identity and complete CLEAR transactions via the High Assurance Mobile Enrollment service.
3.3.4 Revocation Notification
Members receive a reference number to confirm the revocation of their CLEAR account and the purging of their personal data. This confirmation is provided by CLEAR customer service upon processing a member purge request, or within 24 hours where an account is revoked by CLEAR.
3.3.5 Authentication Request Lifetime
Authentication requests will fail if the user does not successfully authenticate within 30 minutes of the start of the transaction. Users who exceed this request lifetime will need to re-authenticate.
3.3.6 Single Use
Each authentication applies only to a specific transaction and is not reusable. CLEAR does not place an expiration on authenticators.
If there is a system failure in any part of CLEAR’s systems facilitating the High Assurance Mobile Enrollment service, CLEAR will not authenticate the user and will instead report an error to the partner requesting authentication.
Users are required to re-authenticate each time they complete a transaction with a partner to confirm their identity or transfer user data.
To protect against the loss or theft of authenticators, users should take proactive security measures, including enabling device lock protections such as biometrics or strong passcodes on their mobile phones. If a device containing an authenticator (such as an SMS OTP or passkey) is lost or stolen, users should immediately report the incident and take steps to secure their account, such as remotely wiping the device if supported or transferring authentication methods to a new device. CLEAR continuously monitors for suspicious authentication activity and may prompt users to re-verify their
identity if unusual behavior is detected. Users are also encouraged to enable multi-factor authentication options where available to provide an additional layer of security.
If a User has lost or replaced any authenticators needed to access their account, the User may contact CLEAR’s support and request a purge of their account. The User will need to create a new account and re-verify themselves at the IAL2 level of assurance to establish a new identity with CLEAR.
The new CLEAR identity is considered as an independent identity and is not associated with the prior identity. Therefore CLEAR only has a list of authenticators for the active identity at a given time.
As per our Terms of Use, it is the responsibility of the user to inform CLEAR in the event that any authenticator including password and mobile device has been compromised, lost, or stolen.
3.7.1 End User Authentication
CLEAR SHALL only authenticate the user at AAL2.
For members who have enrolled on a mobile device that they are using to authenticate, the member will navigate the desired workflow and authenticate via OTP and CLEAR’s biometric selfie step before being required to set up their device passkey (multifactor cryptographic software). CLEAR does not consider the unlocking of the device as an authentication factor.
For the OTP step, members have up to 10 minutes to enter the active OTP code before it times out and the member has to request a new code. Issued OTP codes can only be used once by the user. CLEAR allows a maximum of 100 attempts to be authenticated before the user’s account is locked.
Members who authenticate on a handset different from that on which they enrolled, or who are authenticating after their authorization token has expired, will need to re-enroll.
With regards to Partner (Relying Party) configurations, CLEAR’s Solution Engineers record the following as part of the implementation process:
3.7.2 Authenticator Binding
CLEAR binds authenticators to a user’s account upon a successful proofing event. Authenticators are provided by the user and CLEAR does not issue any authenticators.
CLEAR supports passkeys, or multifactor cryptographic software, which satisfies (something you know or something you are) and (something you have) as the passkey is on the mobile device. In the event that a user has a new authenticator device after having been proofed at IAL2, the user will have to re-proof themselves at the level of IAL2 to add the new authenticator.
3.7.3 Consent for Data Sharing in Connection with Specific Transactions
Prior to authenticating and starting the CLEAR Verified IAL2 flows, applicants will be prompted to consent to sharing their PII. Applicants are given an option to not consent which will prevent them from moving forward with the IAL2 flows. Any such information sharing must comply with CLEAR’s Privacy Policy and Member Terms, and the member may be presented with an in-time consent related to the specific transaction prior to any data sharing. Member consents regarding data sharing are recorded in CLEAR’s systems in a manner that complies with applicable laws.
CLEAR does not exercise any additional logic to determine suitability for services or benefits once an identity proofing transaction has been performed.
3.7.4 Protection
Member authentication details and member data are transmitted to partners only through secured, authenticated means (TLS), from CLEAR’s backend systems to the partner’s backend systems.
CLEAR maintains administrative, technical and physical safeguards to protect personal information against accidental, unlawful or unauthorized: destruction, alteration, access, disclosure or use. To safeguard certain sensitive information (such as biometric data and government-issued identification information), CLEAR implements security measures such as encryption, firewalls, and intrusion detection and prevention systems. Our customer service call centers do not have access to biometric data.
Examples of our security measures we use to safeguard personal information include:
Data is disposed of and destroyed using methods in accordance with the NIST-800-88 guidelines for data disposal. This includes ensuring secure deletion or destruction of PII including originals, copies, and archived records from all of CLEAR’s databases.
CLEAR SHALL employ an Information Security Management System which SHALL be independently assessed and certified on annual basis. CLEAR conducts activities to validate ongoing compliance with applicable NIST 800-53 controls and will annually conduct an assessment for the effective provision of the CLEAR Verified service.
The third party technology that CLEAR utilizes for audit management retains audit records for greater than 36 months. The safeguards to protect the security of the audit records management system are evaluated as part of CLEAR’s third-party risk management process and validated that these safeguards are in conformance with CLEAR’s information security policies and standards. The safeguards are evaluated as part of CLEAR’s controls for risk management to ensure that they are consistent with CLEAR’s internal policies and standards for securing confidential information.
Stipulations relating to fees, insurances, warranties, disclaimers, limitations of liability, indemnities, terms of supply, termination, confidentiality, privacy, notices, amendments, dispute resolution, governing law and other representation and legal matters SHALL be communicated to Users CLEAR Terms of Use, Member Terms, Privacy Policy and other documents, all of which shall be brought explicitly to the member’s attention and relying party's attention. (see also §3.2.2). Notices from CLEAR are governed by Section 1.5 of the Member Terms. Modifications to our programs and terms services SHALL be governed by Section 3 and 7 of the Member Terms.
Stipulations relating to fees, insurances, warranties, disclaimers, limitations of liability, indemnities, terms of supply, termination, confidentiality, privacy, notices, amendments, dispute resolution, governing law and other representation and legal matters SHALL be communicated to the Relying Parties by way of a Privacy Policy and other contractual documents.
Applicable fees SHALL be presented to the Applicant prior to any charges. Up to date information relating to fees or charges SHALL be found on CLEAR.
.svg)
