1. The purpose of this Credentialing Practice Statement (CrPS) is to describe the operational framework, relevant policies, and identity proofing and management processes for CLEAR's High Assurance Enrollment and Verification (CLEAR Verified) service, in order to demonstrate that these services meet AAL2 and IAL2 requirements.
2. High Assurance Mobile Enrollment is an Unsupervisedenrollment. Enrollment in this service can be completed by using the CLEAR native mobile app on Android and iOS or the mobile web enrollment flow. The High Assurance Mobile Enrollment service is distinct from the CLEAR+ paid service that CLEAR offers in airports and elsewhere, as well as CLEAR’s other mobile identity proofing options, such as CLEAR's Health Pass COVID screening service.
3. CLEAR's High Assurance Mobile Enrollment provides CLEAR’s partners in the healthcare, travel, sports, and other industries confidence in user identity information to enable frictionless experiences for a variety of use cases.
1.2.1 CLEAR Member
CLEAR members at the High Assurance Mobile Enrollment level can participate in use cases that require an increased level of assurance, such as health care onboarding, aviation use cases as well as other CLEAR use cases at lower required assurance levels, such as car rental and digital onboarding.
1.2.2 CLEAR Partner
CLEAR’s partners are vendors, venues, and businesses that work with CLEAR to create frictionless identity verification experiences for CLEAR members. Partners rely on CLEAR’s High Assurance Mobile Enrollment identity proofing and verification processes so as to have increased confidence in the information they receive from users.
1.3 Service Administration
1.3.1 Organization administering the document
Secure Identity, LLC
85 10th Ave; 10th Floor
New York, NY 10011
1.3.2 CrPS approval
The CrPS is reviewed annually by CLEAR’s product team, information security, and Technology to confirm changes are adequately reflected. Once reviews and updates have been addressed, the CrPS is approved by the CLEAR Chief Technical Officer (CTO).
CLEAR operates in the United States, Canada, and Mexico. Our AL2 flows are only operable in the United States.
2. Publication and Repository Responsibilities
3. IdP Credential Enrollment and Issuance
1. CLEAR High Assurance Mobile Enrollment is a remote Unsupervised (unwitnessed) enrollment
2. Multi-factor authentication is needed to prove the CLEAR member’s identity for the purposes of a partner transaction, as outlined in section 3.3
3.2 CLEAR Member Enrollment
Users enroll for the CLEAR High Assurance Mobile Enrollment using a web flow via a mobile browser.
3.2.2 Account Creation
- After the user creates a profile by adding email, phone and accepting Member Terms, members can set a password for their CLEAR account, which allows the user to re-authenticate, make changes to the enrollment and access their account details to complete administration tasks. The member must select a password that is at least 8 characters long. There are no challenge questions set.
22.214.171.124 CLEAR Verified Availability
The CLEAR Verified service has a goal availability SLA of at least 99%.
3.2.3 Identity Proofing and Verification
CLEAR’s High Assurance Mobile Enrollment is available only to users that are 18+ years old, any other users will be blocked from enrolling via this service.
126.96.36.199 Minimum Collection of PII
Information collected in CLEAR’s identity proofing process is the minimum required to complete CLEAR’s identity checks for the High Assurance Mobile Enrollment service. This information may include:
- Date of birth
- Mobile phone number
- Email address
- Identity document details (ID type, ID number, expiry, epassport chip payload) and images
- Facial image for biometrics
Member information is retained until the member requests a purge of their data (or as required by applicable law), as are the results of the validation checks on the information described below.
188.8.131.52 Evidence Collected from User
CLEAR establishes user identity for the High Assurance Mobile Enrollment using the following pieces of evidence:
- Passport that is confirmed to be authentic and confirmed against the authoritative sources and/or issuing sources (SUPERIOR).
- Government issued ID that is confirmed to be authentic and confirmed against authoritative sources and/or issuing sources (STRONG)
- Validated phone number which is corroborated against carrier data and publicly available data (FAIR)
The government-issued ID is confirmed to be genuine by using third party vendor software to evaluate its authenticity, check for security features, review for signs of tampering, and confirm that it is unexpired.
Government-issued IDs that CLEAR accepts for High Assurance Enrollments are:
- US Passport
- US Passport Cards
- US State IDs (Includes drivers licenses)
- NYC Identification Card
- US Permanent Resident Card
- US Visa
- All International Passports (except for OFAC-sanctioned countries)
In the case of applicable ePassports, an additional check of the contactless chip via NFC may be performed further confirming document authenticity and corroborating the biographics.
A biometric check is performed to compare the user's image on the ID document with a high-quality biometric face capture the applicant provides using their mobile device. The mobile flow will permit 10 capture attempts of the face. If the 10th capture fails for any reason, the flow will impose a 30 second wait before the next attempt or will give the user the option to quit the enrollment and restart later when conditions improve.
The face comparison to the document is performed primarily by a face match algorithm that CLEAR hosts, and operates with an FMR better than 1 in 10,000.
A liveness check confirms that the applicant enrolling is physically present. The liveness check is certified to PAD level 2 attack protection in accordance with ISO/IEC 30107-3.
The applicant’s name, DOB and physical address are extracted from their ID document. In cases where the address is not available on the government-issued ID (e.g. passport), the applicant address will be requested of the user via a form for input and confirmation. The data from the document, plus the address, is validated using biographic data corroboration.
Document Corroboration by Type
Passports: Extracted biographic data is checked against consumer records databases as an authoritative source.
Drivers Licenses and State IDs: Extracted biographic data is checked against Department of Motor Vehicle (DMV) records as an issuing source or credit bureaus as an authoritative source.
Phone number corroboration is used to check the applicant’s information against customer records from mobile phone carriers and consumer reporting agencies to provide additional proof of validity of the information.
All of these checks must confirm the veracity of the information for the enrollment to be successfully completed.
CLEAR retains logs with unique identifiers for each of these pieces of evidence received back from the biographic data and phone number corroboration processes that include all details related to the attempted enrollment for the High Assurance Mobile Enrollment service.
184.108.40.206 Enrollment Code Address of Record
CLEAR uses the applicant's phone number as their address of record for submitting their enrollment code. First, applicants receive a text message with a 6 character alphanumeric enrollment code that they must present in the CLEAR app to continue their enrollment for the High Assurance Mobile Enrollment service. This enrollment code is valid for up to 10 minutes when sent to a telephone number of record via SMS. The enrollment codes are not reusable after the first use nor after expiry.
This phone number is confirmed to belong to the applicant using phone number corroboration, as described above. This validation assures that the applicant whose identity document has been supplied owns the phone number that was submitted to receive the code. This is done by matching against phone subscriber records and consumer reporting agency data. If discovered records do not match the information the applicant has submitted, this check will fail and they will be unable to successfully enroll at the High Assurance Mobile Enrollment level of assurance.
220.127.116.11 Additional security details
All PII collected as part of the enrollment process including information from validation and verification sources are protected with safeguards that comply with NIST 800-53 moderate and high baselines.
This is to ensure the integrity of the enrollment process for the High Assurance Mobile Enrollment service.
CLEAR communicates with the mobile devices being used for enrollment only via SSL/HTTPS. The mobile device utilizes certificate pinning when connecting to the verifier to eliminate any possible man-in-the-middle or spoofing attacks.
Member authentication details and member data are transmitted only to vendors or partners through secured, authenticated means (TLS), from CLEAR's back end systems to the partner’s backend systems.
18.104.22.168 Errors and redress
CLEAR provides a direct means to contact customer service in-line as part of the enrollment flow for applicants who have problems with identity proofing. When an applicant cannot successfully validate their identity at the High Assurance Mobile Enrollment level of assurance, they are given the option to contact CLEAR customer service for help directly via the text channel using their mobile device. The text channel has lowest average response times of all CLEAR support channels (nearly real-time).
CLEAR customer service agents can help applicants navigate the enrollment process upon their re-attempt, and offer tips on how to address common issues (e.g, how to take a suitable photo of their document, or take an acceptable "selfie").
Customer service records applicant feedback and pain points to be shared with CLEAR's product team for ongoing product quality improvements.
Applicants can also contact CLEAR customer service via a variety of other channels for assistance. CLEAR customer service support is available Monday - Sunday from 8:00 am - 9:00 pm ET. CLEAR aims to handle all requests in a timely manner through the different mediums that we support including phone and email. Our SLAs are:
- Phone (855-CLEARME): Average Wait Time at 2.5 mins or less; Average Handle Time at 10 mins or less
- Email: Email requests to be handled within 24 hours
Full information can be found by going to CLEAR Support & FAQs.
22.214.171.124 Quality Management
CLEAR's product team and customer service leadership meet monthly to review feedback received from applicants and members about the mobile identity proofing experience. This process is aimed at creating the smoothest experience for our users, while ensuring the integrity of the identity proofing process.
In addition, regular reporting on enrollment pass rates helps identify areas for improvement and underlying issues, which are monitored on a continuous basis.
CLEAR is working towards a long-term goal of minimizing applicants being incorrectly rejected in identity proofing, and numerous efforts are underway to support this effort, including continued evaluation of authoritative sources, face match algorithms and document validation providers.
126.96.36.199 Notification of proofing
Notification that the user has started the enrollment for a High Assurance Mobile Enrollment is delivered by email once a profile has been created.
188.8.131.52 Ceasing Identity Verification
In the event CLEAR ceases to conduct identity proofing and enrollment processes for the High Assurance Enrollment service, CLEAR will fully dispose of or destroy any sensitive data including PII, or protect such data from unauthorized access for the duration of retention.
3.2.4 Credential Activation
CLEAR’s High Assurance Enrollment services become available for use when:
- High Assurance Mobile Enrollment: The applicant has entered the flow by way of a CLEAR Partner. The credential is activated when the flow is successfully completed and the applicant has been verified.
- High Assurance In-Person Enrollment: The applicant has entered the flow by approaching the CLEAR Pod at a participating airport. These enrollments are always supervised by the SIDA-badged CLEAR employee. The credential is available for use once the applicant has successfully completed the enrollment process.
3.2.5 Credential ‘Step-up’
- CLEAR members at lower levels of enrollment assurance (i.e. enrollments that do not have all the required evidence/corroboration to qualify for the High Assurance Mobile Enrollment ) can opt to step up to a High Assurance Mobile Enrollment. Once the user has been authenticated, and a use case selected, the CLEAR enrollment service will detect the evidence/corroborations already available, identify what is needed, and then request the evidence from the CLEAR member and/or run the checks passively in the background to bring the user up to IAL-2 level of assurance.
- The High Assurance Mobile Enrollment service is currently CLEAR’s most secure unsupervised enrollment.
- Members that wish to use CLEAR’s airport service (High Assurance In-Person Enrollment) must re-enroll their identity with CLEAR at an airport location in a supervised enrollment flow.
3.2.6 Credential Re-issuance and Renewal
CLEAR members can change their password by logging into CLEAR’s account portal (my.clearme.com) selecting the password reset and then selecting a new password that meets the requirements outlined in 3.2.2.
Password resets can be requested by members following the methods described in 4.4.4
3.2.7 Registration Records
184.108.40.206 Successful enrollments
For successful enrollments, a copy of the member’s ID document may be retained, and the full responses from validation vendors are also retained unless a purge is requested by the member. Authorized stakeholders from business, customer service, and product management are able to review the outcome of each identity validation step and the final identity proofing result (i.e. assurance level achieved) in CLEAR's business intelligence tool.
220.127.116.11 Unsuccessful IAL-2 enrollment attempts
Users who successfully create a profile (provide basic contact info and accept Member Terms) but fail to pass all the checks to create an IAL-2 level of assurance are retained by the CLEAR system. These enrollments are not eligible for workflows that require IAL-2 assurance. However, these users can opt to use other CLEAR workflows, attempt to “step up” their enrollment (see 3.2.5 above) or request a purge.
3.3 Authentication Protocols
3.3.1 End User Authentication
For members who have enrolled on a mobile device that they are using to authenticate, the member will navigate the desired workflow and authenticate via password and SMS OTP. Additionally, a member must take a “selfie” biometric image of their face, which is submitted to CLEAR to be matched against the reference photo that the member provided at enrollment. The probe photo is also evaluated by “liveness” software to ensure the photo is of a person using the phone, and not an image of a screen, printout, or another type of presentation attack.
For the OTP step, members have up to 10 minutes to enter the active OTP code before it times out and the member has to request a new code. Issued OTP codes can only be used once by the user.
For members who authenticate on a handset different from that on which they enrolled, or who are authenticating after their authorization token has expired, the member will need to re-enroll.
3.3.2 Consent for data sharing in connection with specific transactions
Members are only asked to consent to sharing biographic or personal information with Partners after they have been successfully identity proofed. CLEAR does not exercise any additional logic to determine suitability for services or benefits once an identity proofing transaction has been performed.
Member authentication details and member data are transmitted to partners only through secured, authenticated means (TLS), from CLEAR’s backend systems to the partner’s backend systems.
CLEAR maintains administrative, technical and physical safeguards to protect personal information against accidental, unlawful or unauthorized: destruction, alteration, access, disclosure or use. To safeguard certain sensitive information (such as biometric data and government-issued identification information), CLEAR implements security measures such as encryption, firewalls, and intrusion detection and prevention systems. Our customer service call centers do not have access to biometric data.
Examples of our security measures we use to safeguard personal information include:
- Procedures for identifying and classifying personal information;
- Implementing safeguards appropriate to the sensitivity of the information;
- Access control procedures to verify business need before access to personal information is granted;
- Procedures for the periodic review of access permissions;
- Procedures for terminating access to personal information when there is no longer a business need for access;
- Personnel security controls designed to reduce the risk of human error, theft, fraud or misuse of facilities; and
- Physical and environmental security procedures designed to prevent unauthorized access, damage or interference to business premises and information.
Data is disposed of and destroyed using methods in accordance with the NIST-800-88 guidelines for data disposal. This includes ensuring secure deletion or destruction of PII including originals, copies, and archived records from all of CLEAR’s databases.
3.3.4 Authentication Request Lifetime
Authentication requests will fail if the user does not successfully authenticate within 30 minutes of the start of the transaction. Users who exceed this request lifetime will need to re-authenticate.
3.3.5 Single Use
Each authentication applies only to a specific transaction and is not reusable.
If there is a system failure in any part of CLEAR’s systems facilitating the High Assurance Mobile Enrollment service, CLEAR will not authenticate the user and will instead report an error to the partner requesting authentication.
Users are required to re-authenticate each time they complete a transaction with a partner to confirm their identity or transfer user data.
4. Credential Lifecycle
4.1 Credential Validity Period
CLEAR Members’ High Assurance In-Person Enrollments will have the following periods of validity:
- 5 years if they successfully enrolled using an ePassport with chip scan and validation after which such CLEAR members must re-enroll.
- 5 years if they successfully enrolled using Driver's License and State ID with an AAMVA check, after which such CLEAR members must re-enroll
- 1 year if they successfully enrolled using a Driver's License and State ID without an AAMVA check
CLEAR Members’ High Assurance Mobile Enrollments will have the following periods of validity:
- 5 years if they successfully enrolled using a STRONG document and issuing source corroboration (e.g. DMV), after which such CLEAR members must re-enroll
- 3 years if they successfully enrolled using a STRONG document and authoritative source corroboration, after which such CLEAR members must re-enroll
4.2 Authentication Process
CLEAR members are authenticated on behalf of partners for High Assurance use cases using the process described in 3.3.1
4.3 Credential Status Availability
If a CLEAR member’s account is no longer valid, it becomes unusable immediately for partner or CLEAR transactions.
4.4 Lifecycle Events
4.4.1 Credential Activation/Re-Activation
CLEAR High Assurance members are considered active unless they cancel their membership and request to purge their data from CLEAR systems, or their account is revoked by CLEAR, or suspended in anticipation of re-signing terms every 5 years.
4.4.2 Failed Authentication
Members who are unable to authenticate will receive an error message with a call to action to contact customer support.
4.4.3 Modify Account Information
18.104.22.168 Email or phone number
Members may modify the email or phone number associated with their account by logging into their CLEAR account portal online via my.clearme.com using their username and password. They may also do so by contacting CLEAR customer service, and confirming their identity with at least three pieces of their personal information.
22.214.171.124 Name, DOB or address
Members must provide a new identity document in order to update their name or address information. This can be done via CLEAR mobile via document collection process which is also used in the mobile enrollment itself. This can also be provided at CLEAR’s airport kiosks, where the document is validated using vendor software, and the process is overseen by a trained, SIDA-badged and background-checked CLEAR employee. Any changes to these document-sourced biographics will trigger new checks as these Members use workflows that require IAL-2 assurance.
CLEAR members can change their password by logging into CLEAR’s account portal (my.clearme.com) and resetting password before selecting a new password that meets the requirements outlined in 3.2.2.
4.4.4 Password Reset
- CLEAR account password reset emails can be requested via self-service on my.clearme.com by providing the email address associated with the member’s account, and the date of birth for the member.
- CLEAR’s customer service team can also initiate a password reset if the requesting member confirms ownership of the account by confirming personal information.
If a CLEAR member or a user who has applied for a CLEAR membership desires to terminate their membership or have CLEAR remove their information, they may request that we remove the personal information that CLEAR maintains about them.
126.96.36.199 Circumstances for Revocation
188.8.131.52.1 Revocation by Member
A CLEAR member can request a purge of their CLEAR account, including all PII and biometric data, by contacting CLEAR’s customer service team, who will verify ownership of the account by confirming their personal information. The user can take one of the following steps:
- Contact Us at: firstname.lastname@example.org
- Call 1-855-253-2763
- submit a request here (for access and deletion requests only); or
- write to us at:
Attention: Chief Privacy Officer
85 10th Avenue, 9th Floor
New York, New York 10011
Our Member Services team can delete member data individually or en masse from our data repositories with explicit approval from our Compliance and Privacy teams. Member data is purged from our accounts directory and all identity evidence is purged as well. Paying members of the CLEAR+ service will receive a refund for their services.
184.108.40.206.2 Revocation by CLEAR
CLEAR may revoke any credential in order to address instances of false representation, failure to comply with Member Terms, or for any other reason, at its sole discretion.
220.127.116.11 Revocation Response Time
Once a revocation request is received and executed by CLEAR’s team, the user will immediately lose their ability to authenticate their identity and complete CLEAR transactions via the High Assurance Mobile Enrollment service.
18.104.22.168 Revocation Notification
Members receive a reference number to confirm the revocation of their CLEAR account and the purging of their personal data. This confirmation is provided by CLEAR customer service upon processing a member purge request, or within 24 hours where an account is revoked by CLEAR.
5. CLEAR Verified Partners
Partners (Registered Parties) can leverage the CLEAR Verified service after contracting has been completed between the Partner’s legal teams and CLEAR’s legal teams. CLEAR Verified Partners are paired with a dedicated Solutions Engineer and Account Management team to assist with the technical and operational implementation of the CLEAR Verified product in their organization.
5.1 Implementation Support
To ensure early success for the Partner’s developers who are implementing the CLEAR Verified product, we have published our developer documentation that goes over fundamental set up and features of the product. The Developer Documentation can be found at: https://partner.clearme.com/docs.
5.1.1 Solutions Engineering
All CLEAR Verified partners have a dedicated Solutions Engineer to assist with the technical implementation of the CLEAR Verified SDK. Partner requests are logged in Salesforce to ensure implementation details are accurately recorded and transparent to the relevant CLEAR Verified internal team members.
6. Internal Audit
CLEAR conducts activities to validate continuous compliance with NIST 800-53 and will annually conduct an audit for the effective provision of the High Assurance Mobile Enrollment service and High Assurance In-Person Enrollment .
The third party technology that CLEAR utilizes for audit management retains audit records for greater than 36 months. The safeguards to protect the security of the audit records management system are evaluated as part of CLEAR’s third-party risk management process and validated that these safeguards are in conformance with CLEAR’s information security policies and standards. The safeguards are evaluated as part of CLEAR’s controls for risk management to ensure that they are consistent with CLEAR’s internal policies and standards for securing confidential information.
8. Comparable Alternative for FAIR Evidence
The Comparable Alternative or ‘CompAlt’ is CLEAR’s alternative to presenting a second piece of FAIR evidence in IAL2 flows. The CompAlt will achieve this by a) confirming that the phone line itself does not present fraud risk, b) ensure that the document is live and c) confirm that the identity being presented does not show signs of excessive use.
This alternative aligns with the 800-53 Moderate controls for Identity Evidence and Identity Evidence Validation and Verification (e.g. 800-53 IA-12 (2) and (3)).
Further details about the Comparable Alternative including its componentry, alignment to the 800-53 Moderate controls, and risk assessment will be provided to CLEAR Partners upon request.