[ Next | Previous | Contents ]

Part 3

Guidance Material

View printable pdf versions of this section:

EOI v2 Part 3 Section 7 (.pdf) 867k*

EOI v2 Part 3 Section 7-7.4 (.pdf) 285k*

EOI v2 Part 3 Section 7.5-7.6 (.pdf) 313k*

EOI v2 Part 3 Section 7.7-7.7.3 (.pdf) 281k*

EOI v2 Part 3 Section 7.7.4-7.8 (.pdf) 207k*

EOI v2 Part 3 Section 7.9-7.9.6 (.pdf) 2225k*

EOI v2 Part 3 Section 7.9.7 (.pdf) 2225k*

EOI v2 Part 3 Section 7.10-7.15 (.pdf) 260k*

EOI v2 Part 3 Section 7.16-7.28 (.pdf) 223k*

*These documents are in Adobe Acrobat (.pdf) format. You need to have the Adobe Acrobat Reader installed on your computer. You can download a free version from the Adobe site.


In this section:

7 Design and Operation Phase

7.1 General

7.2 No ‘one-size-fits-all’ EOI process

7.3 Factors to balance when designing EOI processes

7.4 Minimum process steps required

7.5 Establishing an individual’s identity

7.5.1 Establishing the identity of children

7.5.2 EOI objectives

7.6 Step 1 – Determine EOI Confidence Level

7.7 Step 2 – Design and implement EOI processes, including establishment and confirmation of identity requirements

7.7.1 EOI requirements associated with each EOI Confidence Level

7.7.2 Application of Table 8

7.7.3 Single document serving multiple Table 8 objectives

7.7.4 Objective A – The identity exists

7.7.5 Objective B – Identity is a ‘living’ identity

7.7.6 Objective C – Presenter ‘links’ to identity

7.7.7 Objective D – Presenter is sole claimant of identity

7.7.8 Objective E – Individual uses the identity in the community

7.8 Name changes

7.9 Confirmation of identity

7.9.1 Determining confirmation of identity requirements

7.9.2 Designing a confirmation of identity process

7.9.3 Service transaction considerations

7.9.4 Creation of a customer’s identity record

7.9.5 Maintenance of a customer’s identity record

7.9.6 Strengthening identity confidence

7.9.7 Channel considerations

7.10 Identity-related documentation

7.10.1 Types of identity-related documents

7.10.2 Protocols for acceptance of documentation

7.10.3 Training for staff – document recognition

7.10.4 Resources to assist with document recognition

7.10.5 Overseas-issued documents

7.10.6 New services

7.11 Verification of identity-related data against source data

7.11.1 Authorised information matching programmes

7.12 Biometrics

7.12.1 Considerations for agencies

7.13 Trusted referees

7.13.1 Criteria for trusted referees

7.13.2 Legislative implications for trusted referee processes

7.13.3 Privacy implications for trusted referee processes

7.13.4 Strengths and limitations of trusted referees

7.14 In-person verification processes

7.14.1 Strengths and limitations of in-person verification

7.15 Dealing with discrepancies

7.16 Investigative interviewing processes

7.17 Handling individual exceptions

7.18 Privacy requirements

7.18.1 Key considerations

7.18.2 Collection of identity-related information from individuals

7.19 Risk profiling

7.20 Data quality issues

7.21 Agents/persons acting on behalf of individuals

7.22 Step 3 – Ongoing operation of EOI processes

7.23 Internal controls

7.23.1 Establishing identity as part of an employment recruitment process

7.23.2 Operational considerations

7.23.3 Staff training

7.23.4 Physical control over vulnerable assets

7.23.5 Segregation of duties

7.23.6 Accurate and timely recording of services

7.23.7 Access restrictions and accountability for identity-related records

7.23.8 Appropriate documentation of service delivery and internal controls

7.23.9 Records management

7.24 Legal considerations

7.25 Transition of business processes

7.26 Complaints handling

7.27 Communication protocols between agencies

7.28 Checklist for Phase 2 — Design and Operation


7 Design and Operation Phase

Figure for Design and Operation Phase


7.1 General

This section provides guidance on:

NOTE – A Monitoring and Evaluation Plan MUST be completed before an EOI process becomes operational (see 9.3).

This section covers the specific core areas that agencies need to be familiar with when designing their EOI processes and making them operational. These include:

7.2 No ‘one-size-fits-all’ EOI process

There is no ‘one-size-fits-all’ EOI process that can be applied to all services requiring identity to be established. The reasons for this include:

EOI processes lie across a wide spectrum of needs, ranging from a situation where relatively little EOI is required (e.g. applying for a library card) to one where a significant amount of evidence is required (e.g. applying for New Zealand citizenship). Accordingly, this Standard defines ‘generic’ EOI processes to meet Confidence Levels – High, Moderate and Low – that are aligned to the assessed level of identity-related risk for a particular service.

7.3 Factors to balance when designing EOI processes

Agencies are expected to design EOI processes that are tailored to their own business requirements. Agencies SHOULD undertake cost/benefit analysis to determine the design features of the EOI processes required to meet the relevant EOI Confidence Level requirements. Examples of the types of factors that SHOULD be considered as part of this analysis are:

EOI processes are likely to be subject to ongoing amendment and modification to take account of environmental changes such as:

NOTE – See 9 for guidance on monitoring and evaluation of EOI processes.

7.4 Minimum process steps required

Figure 5 provides an overview of the steps that agencies MUST follow for design and operation of their EOI processes.

If an agency already has an EOI process in place for a particular service, it MUST assess that process against the requirements set out in this section. If the current process does not meet the design and operational requirements set out in this section, appropriate changes MUST be made.

Figure 5 – Overview of the Design and Operation Phase

Figure 5 Overview of the Design and Operation Phase






7.5 Establishing an individual’s identity

NOTE – See 7.7 and 7.20 for guidance on how identity can be established as a repeatable business process while not over-exposing the agency to excessive cost or risk.

7.5.1 Establishing the identity of children

Establishing the identity of children can be particularly challenging where there is a reliance on the provision of documentary evidence alone. Children are less able to establish an authoritatively documented social footprint than adults. Children, particularly babies, do not usually possess photographic identification, and the value of photographic identification at very young ages is more limited as children can change appearance relatively quickly.

Agencies SHOULD therefore consider the following approaches where establishment of a child’s identity is required:

NOTE – See 7.7.6 and 7.7.8 for guidance on establishing the identity of children.

7.5.2 EOI objectives

Verifying an individual’s identity involves a number of different components, each of which achieves a different purpose. Figure 6 illustrates each of the components that form the foundation for an agency to establish an individual’s identity.

Figure 6 – EOI objectives

Figure 6 EOI objectives



Not all of the objectives in Figure 6 will necessarily need to be satisfied to establish an individual’s identity. EOI requirements will depend on the level of confidence in the identity that is required for the particular service. While High risk services will need processes that satisfy each of the above objectives, a Low risk service may not need to meet all of these objectives. For example, meeting Objectives A, D, and E may provide enough confidence in a customer’s identity for a Low risk service. However, all objectives will need to be specifically met for a High risk service.

NOTE – See 7.7 for guidance on meeting the EOI objectives.

7.6 Step 1 – Determine EOI Confidence Level

As part of the identity-risk assessment process, an agency MUST determine which of the following Identity Service Risk Categories (see Table 5) each of its services belong to:

If the service fits within the Nil or Negligible risk category, no specific EOI process is required for that service. If the service fits within the Low, Moderate, or High risk category, the Identity Service Risk Category will correspond to the EOI Confidence Level required for that service.

Table 7 outlines the EOI Confidence Level required for services which have a Service Risk Category of Low, Moderate or High, and the corresponding EOI objectives that need to be met for each EOI Confidence Level.

Table 7 – Matching risk level to appropriate EOI Confidence Level process

Nil or Negligible Identity Risk Service No EOI Confidence Level
Low Identity Risk Service Low EOI Confidence Level

This service level contains a Low level of overall identity-related risk (service example – the issue of a library card).

The minimum required level of confidence in the individual’s identity is Low. The agency only requires evidence that the identity claimed by the individual is a genuine identity [Objective A], that the presenting individual is the sole claimant [Objective D], and that the individual claiming the identity uses that identity in the community [Objective E].

EOI provided is accepted by the agency at ‘face value’ without third-party verification unless the agency identifies discrepancies in EOI provided.

Moderate Identity Risk Service Moderate EOI Confidence Level

This service level contains a Moderate level of overall identity-related risk (service examples – enrolment at a university or the payment of a short-term or one-off financial benefit).

The minimum required level of confidence in the individual’s identity is Moderate. The agency requires evidence that the identity claimed by the individual is a genuine identity [Objective A], that the identity is a living identity [Objective B] that the presenting individual links to the identity [Objective C] and is the sole claimant of the identity [Objective D], and (if required) that the individual uses that identity in the community [Objective E].

EOI provided is accepted by the agency at ‘face value’ without third-party verification unless the agency identifies discrepancies in the EOI provided by the individual.

High Identity Risk Service High EOI Confidence Level

This service level contains a High level of overall identity-related risk (service examples – the issue of a passport, the issue of a firearms licence, or the issue of permanent residence status).

The minimum required level of confidence in the individual’s identity is High. The agency requires evidence that the identity claimed by the individual is a genuine identity [Objective A], that the identity is a living identity [Objective B], that the presenting individual links to the identity [Objective C] and is the sole claimant of the identity [Objective D], and that the individual uses that identity in the community [Objective E].

EOI provided by the individual is, where possible, verified with a third party to confirm its authenticity.


NOTE – See Table 8 for more detail on evidential requirements for each of the EOI Confidence Levels.

It is important to recognise that Identity Service Risk Categories and EOI Confidence Levels for services, as outlined in Table 7, are interdependent. In practice, each category and level sits on two continuums of ‘identity-related risk’ and ‘confidence in identity’ respectively. An agency’s placement of a service in one of the above categories provides a useful way of determining what level of confidence is required in customer identities. However, if an agency’s service does not fit neatly within one category, or if strict adherence to a particular EOI Confidence Level process is not possible (e.g. if a service’s customer base is made up of minors), the agency will need to take a more practical approach. This approach SHOULD be as functionally equivalent as possible to a service’s standard EOI processes. See 7.7.6 and 7.7.8 for guidance on establishing the identity of children.

NOTE – Where relevant, agencies will need to comply with any legislative requirements that prevent adoption of particular EOI processes (e.g. the EOI requirements for a particular service are outlined in legislation and cannot be altered without legislative amendment).

7.7 Step 2 – Design and implement EOI processes, including establishment and confirmation of identity requirements

7.7.1 EOI requirements associated with each EOI Confidence Level

Figure 7 provides an overview of the generic processes that an agency will undertake when establishing an individual’s identity. Each EOI Confidence Level requires identity-related objectives to be met to different degrees of assurance and with different levels of process complexity.


Figure 7 – Overview of generic business processes for establishing an individual’s identity


Figure 7 Overview of generic business processes for establishing an individuals identity



When designing and implementing EOI processes for meeting evidential requirements it is strongly recommended that agency business processes capture an individual’s ‘name at birth’ as an anchor. This allows records to be checked against both current and previous names associated with the identity. A New Zealand Birth Certificate will fulfil this purpose as it lists the first registered birth name and any subsequent name for New Zealand born individuals. A New Zealand Birth Certificate issued since 1998 will be the most compatible with DVS. If the agency does not have the provision to check against the source birth record, the agency should consider requesting an up-to-date birth certificate (i.e. up to the point of request). However, the capture of ‘name at birth’ and the use of a recent birth certificate, including validation against the relevant source agency’s registers, will not identify instances of name change as a result of adoption or witness protection.

Table 8 summarises the evidential requirements for meeting each of the EOI objectives to the appropriate EOI Confidence Levels for the service being provided. Evidential requirements from higher confidence levels can be used to satisfy requirements for lower confidence levels if this is convenient to both parties (e.g. IVS can satisfy Low EOI Confidence Level requirements). When using requirements from higher confidence levels to satisfy requirements for a lower confidence level the agency needs to take care to respect the principle that only the amount of evidence necessary to mitigate the level of identity-related risk identified should be required.

Individuals born in New Zealand will have less difficulty meeting the specific evidential requirements outlined in Table 8 than individuals born overseas. Verification with an overseas primary data source will not be possible in most cases. Additional information to assist agencies with application of Table 8 requirements or equivalences in respect of overseas-born people can be found at: https://psi.govt.nz/evidence/default.aspx. Overseas documents produced to satisfy a High EOI Confidence level will need to be authenticated by staff trained in document recognition. It is up to the agency to determine whether document recognition training should be provided in house or by an external provider such as the New Zealand Police.

See 7.7.2 to 7.7.6 and 7.8 to 7.25 for more details on the evidential requirements for each EOI objective and the associated EOI Confidence Level. Agencies SHOULD review these sections before determining the business processes required to satisfy the EOI Confidence Level identified for a particular service.

Table 8 – Evidential requirements for EOI Confidence Level processes

EOI objective Low EOI Confidence Level Moderate EOI Confidence Level High EOI Confidence Level

A – Identity exists

1 document/record

1-2 document(s)/record(s)

If possible, at least 1 document/record should include a photograph

If discrepancies are identified in the EOI documents provided by the individual, the documents should be verified against source records held by issuing agency

1-2 document(s) which, where possible, have been validated against source records held by issuing agency or authenticated by staff trained in document recognition

If possible, at least 1 document/record should include a photograph

or

Verification against 1-2 source records held by issuing agency. In some cases, the agency may not require the individual to provide a document. Instead, the individual might be able to provide the agency with relevant data about their identity which the agency then verifies against source records

B – Identity is a ‘living identity’

(No specific process)

Business processes for Objective C


Verification against the New Zealand Death Register

or

Business processes for Objective C

C – Presenter ‘links’ to identity

(No specific process)






Verification by trusted referee

or

In-person verification (agency office/on-site based) against photo document


Verification by trusted referee

or

In-person verification (agency office/on-site based) against photo document

or

Biometric recognition where the agency has authorised access to a trusted database containing the individual’s biometric information

and

Interview (only required in cases where the individual is unable to meet the specified evidential requirements, or if suspicion is raised over the individual’s identity)

D – Presenter is sole claimant of identity

Check against agency records

Check against agency records

Check against agency records

and

Where appropriate to an agency’s assessment of service risk:New Zealand born applicants: a New Zealand Birth Certificate (preferably issued since 1998) or a check against the birth register.

applicants not born in New Zealand: a recent citizenship certificate, name change certificate, or check against relevant registers may also satisfy this requirement.

If none of these documents are available, a statutory declaration concerning any name changes may satisfy this requirement to a limited degree.

or

Biometric recognition where the agency has authorised access to a trusted database containing the individual’s biometric information and the database is capable of linking multiple names to a single identity

E – Presenter uses identity in the community

At least 1 document/ record

At least 1 document/record

and/or

Business processes for Objective C

At least 2 documents/records

and/or

Business processes for Objective C (where in-person verification against a New Zealand Passport has occurred and the passport has been validated against records held by the issuing agency)

NOTE –

  1. References to a document/record can include an online check against a source record.

  2. Verification of identity-related data against source data includes authorised information matching programmes where the information matching takes place as part of a manual process, as opposed to an online, automated check against a source record.

  3. A New Zealand Birth Certificate issued since 1998 will be most compatible with the DVS.

7.7.2 Application of Table 8

Table 8 summarises a range of approaches, from minimum to stringent, for meeting the requirements for each objective and level of confidence. Combining the requirements set out in Table 8 with appropriate supporting business processes will give agencies a level of confidence in the identity of a customer that is consistent with the privacy principle of only requiring the amount of EOI necessary to mitigate the level of identity-related risk identified.

In some cases it will not be possible to meet the minimum standard. For example, in some instances an individual may not have sufficient documents or records. In such cases, the agency MUST consider whether:

There are a number of residual risks inherent in the minimum evidential requirements. Table 8 and 7.7.1 identify several of these residual risks (e.g. verification against the New Zealand Death Register will only show deaths registered in New Zealand). Agencies MUST pay attention to the residual risk that is inherent within the minimum requirements. Agencies will need to decide if additional processes will be required to cover off the residual risk. Agencies SHOULD revisit the risk appetite level they set during the initial Risk Assessment Phase, and use this as a guide to how they should approach treatment of residual risk.

If discrepancies are found in the identity information provided by an individual, an agency might have cause to suspect that claims of identity made by an individual are not genuine. In these situations, the agency may require additional supporting information (e.g. an additional document or an additional process such as an interview) or may wish to apply some of the requirements for a higher confidence level to the individual case to resolve those discrepancies. In such cases, agencies must be confident that the additional requirements are consistent with the privacy principle that agencies should only require the amount of information necessary for the purpose it is being collected. Additional information or processes should only be required to the extent necessary to mitigate the level of risk involved.

As a general rule, agencies SHOULD only use alternative documents/records or processes as a proxy for other documents/records or processes when they are confident that the process for establishing the alternative documents/records meet the same, or higher, standard as Table 8 requirements. This may not be always be feasible for overseas-issued documents (see 7.10.5).

7.7.3 Single document serving multiple Table 8 objectives

In some cases, a single document will address multiple EOI objectives. A single document is likely to be more acceptable in cases where validation of the data at source can be undertaken. For example, the presentation of a New Zealand Passport as part of an in-person verification process can satisfy Objectives A, B and C. The validation of the passport’s data with the issuing agency can then be used to satisfy the Objective E requirement for a High EOI Confidence Level service, meaning no additional Objective E documentation will be required.

If validation at source is not possible as part of an in-person verification process, and suitable evidence of use of the identity in the community cannot be gained by talking with the applicant or by a check of address information, an additional document or documents that satisfy Objective E SHOULD be required for Moderate or High EOI Confidence Level services. If a trusted referee process is used as part of a postal application, agencies SHOULD consider requiring applicants to submit additional Objective E documentation if the level of risk associated with their service warrants this requirement.

Scenarios to illustrate application of Table 8 can be found at: https://psi.govt.nz/evidence/default.aspx

Further information on meeting the evidential requirements for each EOI objective in Table 8 is set out in 7.7.4 to 7.7.8. The Public Sector Intranet’s EOI Standard subsite (see above) also provides information on each document/record referred to in meeting Objectives A to E including:

7.7.4 Objective A – The identity exists

7.7.4.1 For all Confidence Level Processes

Documents/records that can be used to satisfy Objective A include those set out in Table 9. The number and type of documents required will vary depending on the EOI Confidence Level required for the service.

Table 9 – Documents/records used to satisfy Objective A

Document/record Issuing agency

New Zealand Passport*

Department of Internal Affairs (Identity Services)

New Zealand Certificate of Identity (issued to non-New Zealand citizens who cannot obtain a passport from their country of origin)*

Department of Internal Affairs (Identity Services)

New Zealand Certificate of Identity (issued to people who have refugee status)*

Department of Labour (Immigration New Zealand)

New Zealand Refugee Travel Document (RTD)*

Department of Internal Affairs (Identity Services)

Emergency Travel Document (ETD)*

Department of Internal Affairs (Identity Services)

Firearms Licence*

New Zealand Police

Overseas passport (with New Zealand immigration visa/permit)*

Relevant Authority in country of issue (visa/permit to be issued by Department of Labour (Immigration New Zealand)).

New Zealand Full Birth Certificate

Department of Internal Affairs
(Identity Services)

New Zealand Citizenship Certificate

Department of Internal Affairs
(Identity Services)

* Document/record contains a photograph of the holder.

7.7.4.2 For High and Moderate EOI Confidence Level processes

Staff SHOULD be specifically trained in document recognition (see 7.10).

7.7.4.3 For High EOI Confidence Level process only

Verification (where possible) of identity information with the primary source of records will provide added confidence for Objective A. This involves confirming with the issuing agency that the identity data contained on the identity document(s) or details provided correspond to a valid record.

NOTE –

  1. Depending on the service, an agency may not require an individual to provide a document (i.e. it may be appropriate in some cases for an individual to provide the agency with relevant data about their identity, which the agency then verifies against source records – for example birth details). However, this verification MUST be subject to legislative authority and electronic verification will require resolution of any technical issues (see 7.11).

  2. Verification with an overseas primary data source will not be possible in most cases. Therefore, training in authentic document recognition is important for providing a High level of confidence (see 7.10.5).

7.7.5 Objective B – Identity is a ‘living’ identity

7.7.5.1 For Low EOI Confidence Level processes

No specific process is required for this objective.

7.7.5.2 For Moderate EOI Confidence Level processes

This objective will be satisfied by the business processes undertaken to meet Objectives A and C.

7.7.5.3 For High EOI Confidence Level process only

Where possible an agency SHOULD verify against the New Zealand Death Register (administered by Department of Internal Affairs) that no death record matches the claimed identity. Checking the New Zealand Death Register reduces the possibility of an individual using the identity of a deceased person.

However, agencies need to be aware that only deaths that occur within New Zealand are recorded on the New Zealand Death Register. New Zealanders who have died outside New Zealand will not necessarily be identified through a check against the New Zealand Death Register. A check against the New Zealand Death Register does not eliminate the possibility that another individual is using the identity of a New Zealand citizen who has died in another country.

Verification against the New Zealand Death Register MUST be subject to legislative authority and electronic verification will involve resolution of any technical and legislative issues (see 7.11).

7.7.6 Objective C – Presenter ‘links’ to identity

Determining that a presenter ‘links’ to an identity is particularly challenging, but is a vital aspect of identity verification processes.

In most cases involving children, the parent or caregiver makes an application on behalf of the child. An agency may therefore attach more importance to establishing the identity of a parent or caregiver, with sufficient confidence, and then establishing a linkage between the parent or caregiver and child. A link between the between the child and their parent(s) or caregiver(s) may be established through documentary evidence (e.g. a birth record or adoption record) or as part of an in-person verification process to establish eligibility to access a service.

In cases where a lack of documentary evidence is available in respect of the child or where uncertainty is raised over an individual’s identity, an interview may be carried out. In the case of an application for a service made by an adult on a child’s behalf, it may be appropriate to interview the adult with the child present. This approach is partly based on the assumption that the incentive to provide false information lies with the parent or caregiver rather than the child. When deciding whether it is appropriate to carry out an interview, agencies need to ensure their approach reflects the nature of the identity risk involved and the extent of the risk posed (e.g. will the parent or caregiver benefit from a potential fraud or will the process will establish a trusted identity document for the child).

Business processes used to satisfy Objective C include the following:

7.7.6.1 For Low EOI Confidence Level process

No specific process is required. For services where there is a Low level of identity-related risk, provision of documents/records that meet Objectives A and E will provide enough confidence in the individual’s identity and mean the individual is not being inconvenienced to a level unreasonable for the Low level of identity-related risk within the service being sought.

7.7.6.2 For High and Moderate EOI Confidence Level processes

One or both of the following processes may be used. For greater confidence both SHOULD be used.

Trusted referee corroboration (detailed in 7.13)

In-person verification (detailed in 7.14)

In-person processes for EOI may be desirable if a service requires individuals to physically present themselves to register for that service. Establishing an individual’s identity can be undertaken as part of the overall service delivery process.

Establishment of a person’s identity may be more efficiently carried out through other channels (e.g. phone, email, mail, online applications) in cases where an individual is not required to be physically present in order to determine their entitlement for that particular service. Most agencies do not have national networks of physical offices and do not have the infrastructure in place to carry out in-person verification processes. In these cases, agencies SHOULD use other options for satisfying Objective C.

NOTE – Biometric information may be used to assist with recognition processes, where the agency already has authorised access to trusted biometric information about the individual against which to match the presenting individual’s biometric information. This may be in the form of a match against a database, or can include an in-person verification process where the biometric is compared to the presenter using a credential such as facial recognition. This is referred to as a one-to-one match.

7.7.6.3 For High EOI Confidence Level process only

Interviewing (see 7.16 for more details)

7.7.7 Objective D – Presenter is sole claimant of identity

7.7.7.1 For all EOI Confidence Level processes

To fulfil this objective the agency SHOULD check the presenter’s biographical details (as opposed to biometric information) against their customer records, to ensure that no other individual has claimed the same identity for that service.

If a duplication of the claimed identity is discovered, the agency SHOULD refer the case for further investigation and, if necessary, amend its database records (see 7.23). It is important to be aware that duplication of identity records will not necessarily be the result of a fraudulent application. For example, it may occur through legitimately duplicated identity details or administrative error.

NOTE – A biometric recognition check against agency records can also be used to ensure that a person has not claimed any other identities for that service. This is referred to as a one-to-many match. For High EOI Confidence Level processes, a check against biometric information can give additional confidence that the individual is who they claim to be. However, a check of biometric information on its own cannot fulfil Objective D.

7.7.8 Objective E – Individual uses the identity in the community

7.7.8.1 For all EOI Confidence Level processes

The aim of Objective E is to provide further confidence about an individual’s claimed identity. In particular, Objective E is concerned with demonstrating the consistent use of the claimed identity. Documents/records that are used to satisfy Objective E are intended to be used for the corroboration of identity information provided to meet Objective A. As a guide, these documents/records SHOULD be from a trustworthy source, be dated, and include the name and, where appropriate, address of the person applying for the service.

Table 10 lists documents/records that SHOULD be used, where possible, to meet Objective E. The processes behind the issue of documents listed in Table 10 are outlined on the Public Sector Intranet’s EOI Standard subsite. Agencies SHOULD contact the Custodian of this Standard with any queries relating to the current issue status of any document listed in Table 10.

More information on handling identity-related documents is set out in 7.18.1.

Table 10 – Documents/records used to satisfy Objective E

Document/record Issuing agency/organisation

New Zealand Driver Licence*

New Zealand Transport Agency

18+ Card*

Hotel Association of New Zealand

Community Services Card

Ministry of Social Development

SuperGold Card

Ministry of Social Development

Veteran SuperGold Card

Ministry of Social Development

IR Number

Inland Revenue

Electoral Roll Record

Ministry of Justice

* Document/record contains a photograph of the holder.

Table 11 lists documents/records that can be used to fulfil requirements for Objective E, if documents/records listed in Table 10 cannot be provided. Some of these documents may also be used where address details are required. Further details about these documents/records are provided on the Public Sector Intranet’s EOI Standard subsite. Agencies SHOULD contact the Custodian of this Standard with any queries relating to the current issue status of any document listed in Table 11.

Table 11 – ‘Supporting’ documents/records used to satisfy Objective E

Document/record Issuing agency/organisation

Credit cards, bank cards and financial accounts

Banks

International Driving Permit*

Automobile Association of New Zealand

Confirmation of Permit Status

Department of Labour (Immigration New Zealand)

Steps to Freedom Form

Department of Corrections

Student identity cards* or employee identification cards*

Secondary schools and tertiary institutions, or employers

Utility accounts

Utility companies (e.g. telecommunication, electricity and gas power providers)

Qualifications and professional registration

Relevant education institutions and registration boards

* Document/record contains a photograph of the holder.

Tables 10 and 11 do not provide a complete list of documents/records that could be used to meet Objective E. Agencies may choose to accept other types of documents/records to meet Objective E. The issuing process behind documents/records accepted by an agency is analysed to ensure a particular document/record provides adequate confidence to the agency regarding Objective E.

In cases involving children, who are unlikely to possess the documents listed in Tables 10 and 11, agencies may choose to satisfy Objective E by adopting one of the following approaches:

Some of the documents listed in Tables 10 and 11 provide information about a person (e.g. their bank account or academic record) that is not core identity information (e.g. name, date of birth and place of birth). Agencies need to ensure that only information appropriate to establishing identity is accessed. In cases where the agency requires certain documentation to establish both identity and entitlement to the service, the individual MUST be made aware of that the documents provided will be used for both of these purposes.

Some services will require a person’s address in order to progress to service delivery. The total number of documents/records that individuals have to provide for such services will be reduced if the agency requires individuals to provide documents/records that satisfy Objective E and also contain address information. The documents/records provided will add confidence in the person’s identity and provide the address information needed for service delivery.

The Objective E requirements SHOULD also be flexible enough to ensure a reasonable amount of choice for the individual. For example, individuals SHOULD be able to choose to provide alternative information as EOI rather than provide sensitive personal information such as financial or health information.

Agencies SHOULD also assess whether it is more appropriate to:

Keeping copies of identity-related documents imposes a responsibility on the agency to protect the copies and the information they contain, while simply recording that the document has been sighted carries no additional responsibility.

7.8 Name changes

In many situations it is legitimate for individuals to use whatever name they choose. For Moderate to High risk services, agencies will need to balance this choice against their objective of ensuring that the presenting person is the legitimate claimant of a particular identity. If an individual is operating under a different name to that on a document they have provided to meet Objective A, the individual SHOULD also be asked to provide information that links their current name to the name used on the Objective A document. The documents/records listed in Table 12 are forms of evidence that will, in many cases, enable this linkage to be made.

Table 12 – Documents/records used to establish name usage

Document/record Issuing agency/organisation

Change of Name by Statutory Declaration

Department of Internal Affairs (Identity Services)

Change of Name by Deed Poll

Department of Internal Affairs (Identity Services)

New Zealand Name Change Certificate

Department of Internal Affairs (Identity Services)

New Zealand Marriage Certificate

Department of Internal Affairs (Identity Services)

New Zealand Civil Union Certificate

Department of Internal Affairs (Identity Services)

New Zealand Divorce Papers

Ministry of Justice

Certificate of Annulment

Ministry of Justice


While an agency may need to establish the linkage between the names originally and currently used by an individual, this should not prevent the individual from using their ‘preferred name’ during subsequent contact with the agency.

Further information regarding name change can be found on the Public Sector Intranet’s EOI Standard subsite.

7.9 Confirmation of identity

When designing business processes to confirm an individual’s identity, agencies need to take the following issues into account:

7.9.1 Determining confirmation of identity requirements

When determining a service’s confirmation of identity requirements, agencies SHOULD, where possible, make use of processes put in place for that service’s establishment of identity purposes and enrolment/registration purposes. See 7.7.1 and Figure 7 for customer record creation and application form checks steps.

The confirmation of identity requirements for a service should generally reflect the EOI Confidence Level established as a result of the identity-related risk assessment. Confirmation of identity processes will usually involve using a subset of the establishment of identity evidential requirements for each of the Objectives (see Table 8).

The minimum requirement for a confirmation of identity process is to establish a link between the person presenting and the identity record held by the agency (i.e. Objective C). For services that require a High level of EOI confidence, for example, the use of biometric information provides the ability to establish, to a degree of confidence, a record that a single person links to a single identity5 (see 7.12). Agencies, however, need to assess how a link is best determined in their context relative to the level of identity-related risk present.

Agencies may also wish to undertake verification of other EOI Objectives (e.g. Objectives A and B) with sources of authoritative information for the following purposes:

Agencies may also wish to maintain ongoing data quality by re-establishing that the presenter is the sole claimant of the identity in their agency records (Objective D) (see 7.9.5).

A generic business process for confirmation of identity is outlined in Figure 8.

Figure 8 – Generic business processes for confirmation of identity



Formal confirmation of identity will not necessarily be required in every instance of ongoing customer interaction. Agencies MUST identify anonymous or pseudonymous services so that unnecessary identity confirmation processes do not take place. For example, an individual with an existing customer record may call an agency about a service to request some forms that do not have any risk associated with them.

7.9.2 Designing a confirmation of identity process

When designing confirmation of identity processes that are tailored to their own business requirements, agencies should undertake cost/benefit analysis (see 7.3) which considers factors including:

Agencies SHOULD consider ongoing confirmation of identity requirements when designing service delivery processes.

If good practice is not followed in business process design and implementation, the confirmation of identity solutions put in place may be insufficient. Appropriate audit and fraud prevention controls SHOULD be put in place, as well as training for staff. All solutions that are designed should be examined for weak points in the processes that surround them. For example, the issuance of tokens, the storage of information and confirmation of PIN and password, are all points at which the system can be infiltrated.

Processes for dealing with discrepancies and handling individual exceptions are also required. Agencies need to have plans of action in place to deal with situations where there is doubt over the individual’s claims or the individual is unable to satisfy confirmation requirements (e.g. unable to remember password, PIN, or secret/challenge questions). Any discrepancies MUST be resolved before continuing with a service, and before releasing or allowing the amendment of any personal information.

The good practice guidance on business process design for establishment of identity should be applied in respect of confirmation of identity business process design (see 7.15 to 7.27).

7.9.3 Service transaction considerations

The characteristics of the specific service will have implications for the ongoing confirmation of identity approach developed. Some service-type examples include:


7.9.4 Creation of a customer’s identity record

Agencies SHOULD incorporate confirmation of identity considerations when designing business processes for service enrolment/registration. For example, core identity data and other identity attributes can be collected on an application form for service registration or enrolment used by agencies as part of the service eligibility assessment process. This information can then be used to create an agency identifier or customer record for that individual which can later be used for confirmation of identity purposes.

The enrolment/registration process may need to cater for confirmation of identity processes such as:

Agencies will need to consider what personal information they need to collect to register or enrol a customer and create a customer identity record, and what information they need to retain to ensure ongoing access to services.

At a minimum, agencies SHOULD consider collecting all or some of the following core identity attributes for service registration/enrolment purposes:

In the Department of Internal Affairs’ experience in evidenced-based processes, when combined with mother’s maiden names, these identity-related attributes are nearly always unique.

Agencies may wish to validate some or all of the collected core identity attributes with the relevant source of authoritative information for data quality purposes or if the associated level of identity-related risk warrants such action.

Additional information for collection should include contact details, including residential address, and contact details for any third persons where a trusted referee is used as part of the process. Privacy Act considerations require that agencies using information for more than one purpose must ensure that each purpose is clearly explained to the individual. In this context, residential address is likely to be used by an agency to verify the customer’s identity and to ensure they can contact the individual in the future.

Agencies should consider the capture of biometrics where the level of identity-related risk in the service may warrant this approach and where this is compatible with the preferred channel(s) for ongoing confirmation of identity (see 7.12).

7.9.5 Maintenance of a customer’s identity record

Agencies SHOULD make use of the initial establishment of identity process and information obtained through service registration/enrolment to confirm an individual’s identity rather than repeating the establishment process. This can, in part, be achieved by a business system and process that records the date of establishment of an identity. Ideally, an agency should be able to identify, for any given identity, the date of any establishment or strengthening of identity information.

Having a customer identity record means that over time a reviewable and auditable ‘transaction history’ is built up. A transaction record of the individual’s interactions can be used as part of a confirmation of identity process as this information may be referenced to confirm or ‘renew’ the customer’s identity at a later point in time.

An individual’s details may change over time. Agencies SHOULD consider options for regular renewal or validation of an individual’s customer identity record. This may include updating name changes and ensuring that the identity is still living7(i.e. that an impostor is not claiming the identity of a deceased person). A renewal process can also assist agencies in ensuring that eligibility for the service has not changed (e.g. the income of the individual may have increased meaning they are no longer eligible for a Community Services Card).

Agencies SHOULD also consider how they will update identity records. Possible options include:

7.9.6 Strengthening identity confidence

Where an existing customer of an agency applies for a subsequent service with a higher level of identity-related risk, the agency SHOULD re-perform an EOI process to a higher level of EOI confidence. This provides the opportunity to strengthen the customer’s existing identity. This may involve re-verifying or re-validating individual identity attributes, or meeting a higher level of confidence against Objectives A to E (see 7.7.4 to 7.7.8).

7.9.7 Channel considerations

There are a range of online and offline channels that can be used for confirmation of identity, including:

Not all of these channels are appropriate for use where a High level of identity-related risk exists. When determining which channels are appropriate for a particular service, the feasibility, practicality and cost of each channel needs to be balanced against customer convenience.

In cases where the agency can be contacted via multiple channels it can be useful to utilise solutions that are adaptable to other channels. For example, if customers need a username, password, and one time password generator for online transactions, those elements may be re-used in automated verification for confirmation of identity over the phone.

7.9.7.1 In-person

An in-person requirement for confirmation of identity can potentially provide agencies with a relatively high level of confidence that the person presenting is the same person who had their identity established by the agency in the first instance. This is particularly so where the agency has captured and stored a photo biometric on their system that can be used for subsequent comparison purposes. In addition, different options are available to agencies for confirming identity with the person present (e.g. confirming current details and signature comparison, information held by the agency, or eliciting additional information) and as such can be undertaken in this context with greater ease than in the case of some other channels.

However, unless an agency has a large network of offices, in-person confirmation of identity can be inconvenient for customers. If an agency uses a third party agent to extend the network of offices and coverage available to customers, the agency should ensure that the third party agent has access to the agency’s systems for identity assurance purposes. An in-person confirmation of identity process will be less effective if the third party agent does not, for example, have access to stored biometric photos of customers held by the primary agency.

An in-person confirmation of identity requirement may be appropriate for services that require in-person verification for the establishment of identity, and where agencies have ongoing repeat contact with a customer because of renewal requirements for credentials, natural transition points, or touch points within a service process. In-person confirmation of identity is generally considered appropriate only for those services with a Moderate or High level of identity-related risk.

Table 13 – In-person confirmation of identity: Evidential requirements for EOI Confidence levels

EOI Objective *Low EOI Confidence Level Moderate EOI Confidence Level High EOI Confidence Level

A – Identity exists

n/a

n/a

If appropriate, validate with authoritative source identity attributes collected at establishment of identity (e.g. full name, date of birth)

B – Identity is a ‘living identity’

n/a

n/a

If appropriate, data match against the New Zealand Death Register to determine if the identity is still living

C – Presenter ‘links’ to identity

Confirmation of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number, ‘shared secret,’ challenge questions)

or

Pre-established PIN/password

or

Agency-issued credential following initial establishment of identity

Confirmation of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number, ‘shared secret,’ challenge questions)

and

Presentation of photo ID document

or

Pre-established PIN/password

or

Agency-issued credential following initial establishment of identity

Confirmation of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number, ‘shared secret,’ challenge questions)

and

Presentation of photo ID document

or

Pre-established PIN/password

or

Agency-issued credential following initial establishment of identity

or

Biometric recognition where the agency has authorised access to a database containing the individual’s biometric information

D – Presenter is sole claimant of identity

n/a

n/a

If appropriate, check of agency records (e.g. for duplicate customer names and record numbers)

E – Presenter uses identity in the community

n/a

n/a

n/a

* It is not recommended that an in-person process be required for services which have a Low EOI Confidence Level. However, the requirements outlined above for a Low EOI Confidence Level process should be applied if an in-person option is one of the existing channels.

7.9.7.2 Phone

Phone has become one of the most common channels individuals use to access services. Agencies may wish to consider making use of this channel for confirmation of identity purposes.

Current technology allows agencies to speak to customers and then refer them to automated processes for verifying information. This means agency employees do not have to handle or have access to sensitive information (e.g. personal identifiers or PINs and passwords). Other methods include call back to a pre-agreed phone number (e.g. the agency sends a text message containing a confirmation number to a client’s cell phone for response). Biometric technology in terms of voice recognition can enhance the reliability of this channel and should be used when increased confidence is required. As telecommunications technology evolves devices such as video phones are becoming more widely available, which may open up other options for using the phone in confirmation of identity processes.

Agencies should, however, carefully consider the level of service access and customer authorisations in respect of this channel, particularly concerning the release or amendment of personal information and the ability to undertake large scale transactions.

A call centre-based approach is likely to suit situations where an agency has a significant customer base and a relatively wide range of services. The phone channel is generally considered suitable for confirmation of identity in respect of services that have a Low or Moderate level of identity-related risk. It is not generally considered suitable as the primary basis for service delivery decisions for services that have a High level of identity-related risk unless the inquiry is of a general nature.

Table 14 – Phone confirmation of identity: Evidential requirements for EOI Confidence Levels

EOI Objective Low EOI Confidence Level Moderate EOI Confidence Level High EOI Confidence Level

A – Identity exists

n/a

n/a

n/a

B – Identity is a ‘living identity’

n/a

n/a

n/a

C – Presenter ‘links’ to identity

Confirmation of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number, ‘shared secret,’ challenge questions)

or

Pre-established PIN/password

Confirmation of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number, ‘shared secret’, challenge questions)

and

Pre-established PIN/password






Confirmation of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number, ‘shared secret,’ challenge questions)

and

Pre-established PIN/password

or

Biometric recognition where the agency has authorised access to a database containing the individual’s biometric information (e.g. voice recognition)

D – Presenter is sole claimant of identity

n/a

n/a

Where appropriate, check of agency records. for duplicate customer names and record numbers

E – Presenter uses identity in the community

n/a

n/a

n/a

7.9.7.3 Postal mail

Postal mail8 has traditionally been a useful channel for renewal of documents where the old document must be presented for destruction. It is a useful alternative when a large network of in-person verification points is not available. Postal mail can provide convenience benefits to customers and agencies when used in conjunction with a trusted referee approach for initial establishment of identity purposes.

The mail channel has a number of limitations including:

Agencies SHOULD consider developing a mail policy as part of their internal controls to ensure that personal information, including documents or tokens, are physically delivered to the correct individual. The delivery process for material of this nature should include track and trace capability.

The postal mail channel is considered suitable for confirmation of identity in respect of services that have a Low, Moderate or High level of identity-related risk. For services using this channel that have a Moderate or High level of identity-related risk, the evidential requirements should be supplemented by a trusted referee process. Validation of information with issuing agencies should also be undertaken where appropriate.

Table 15 – Postal mail confirmation of identity: Evidential requirements for EOI Confidence Levels

EOI Objective Low EOI Confidence Level Moderate EOI Confidence Level High EOI Confidence Level

A – Identity exists

n/a

n/a

If appropriate, validate with authoritative source identity attributes collected at establishment of identity (e.g. full name, date of birth).

B – Identity is a ‘living identity’

n/a

n/a

If appropriate, data match against the New Zealand Death Register to determine if the identity is still living

C – Presenter ‘links’ to identity

Provision of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number)*




Provision of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number)*

and

Verification by trusted referee of photo ID document

or

Provision of agency-issued credential following initial establishment of identity (e.g. if the agency requires the document for destruction, cancellation, or renewal purposes)






Provision of specific information supplied at establishment (e.g. full name, date of birth, contact details, customer number)*

and

Verification by trusted referee of photo ID document

or

Provision of agency-issued credential following initial establishment of identity (e.g. if the agency requires the document for destruction, cancellation, or renewal purposes)

or

Biometric recognition if the agency has authorised access to a database containing the individual’s biometric information

D – Presenter is sole claimant of identity

n/a

n/a

If appropriate, check of agency records (e.g. for duplicate customer names and record numbers)

E – Presenter use identity in the community

n/a

n/a

n/a

* It is not recommended that customers be asked to provide PIN, passwords, ‘shared secrets’ or responses to ‘challenge questions’ through the mail.

NOTE – Agencies should follow-up with the customer by phone to verify any information that they have concerns about if the EOI Confidence Level required for the service is Moderate or High.

7.9.7.4 Internet

As noted previously (see 1.5), ongoing confirmation of identity for online services is covered by the online authentication standards, specifically the Authentication Key Strengths Standard, the Password Standard, and including the Guidance on Multi-factor Authentication.

7.9.7.5 Email

Email addresses are easy to create, change and remove. Therefore, email is an online channel mainly used for generic queries that do not require confirmation of identity. However, more robust processes for establishing email contact details are being developed as agencies increase their use of email notifications. Rules concerning the ability to change email address are being established to enable them to be trusted for this purpose. Other back-end auditing, such as IP address tracking, is also available. Agencies should take this into account when designing service and channel solutions.

7.9.7.6 Further information

Additional guidance on confirmation of identity in terms of the three factors of authentication (i.e. something you have; something you are; and something you know) is available on the Public Sector Intranet’s EOI Standard subsite.

7.10 Identity-related documentation

Technological advancements such as digital colour printers facilitate the alteration or forging of identity documents. As a single document does not usually meet all of the objectives required to establish identity to any level of confidence, agencies often require more than one identity-related document to establish an individual’s identity. For example, a New Zealand Citizenship Certificate does not provide evidence that an individual uses their claimed identity within the community, just as a birth record does not link an individual to the particular identity listed in a record.

7.10.1 Types of identity-related documents

For convenience, identity-related documents can be categorised into two types:

Identity-related documents are official documents that record a person’s attributed identity (e.g. a birth certificate), or which contain an individual’s signature and/or photograph which has been verified in some way (e.g. a passport). Documents/records that provide evidence that the person uses the claimed identity in the community are required to provide further corroboration of the individual’s identity.

NOTE – Agencies will need to set their own policies on the specific document/record combinations required to meet Objectives A and E. It is important that agencies develop processes for exceptions, such as where the documents required to meet Objectives A and E cannot be provided by certain individuals or groups of individuals. Agencies SHOULD also design their documentation requirements in line with other documentation requirements for determining eligibility for the particular service (i.e. wherever possible, agencies SHOULD choose identity-related documentation requirements that can also be used to satisfy eligibility requirements).

7.10.2 Protocols for acceptance of documentation

For services with Moderate to High levels of identity-related risk, adherence to the following protocols will provide a higher level of confidence in a presenting individual’s identity, as these protocols make it more difficult for forged or altered documents to be accepted as genuine by agency staff:


7.10.3 Training for staff – document recognition

Agencies that provide services with Moderate to High identity-related risk SHOULD provide their staff with document examination training. Agencies will have to determine for themselves how in-depth this training should be and whether it should be provided by internal staff or by a specialist agency such as the New Zealand Police.

Verification of overseas documents at source is not always viable, for a range of reasons. This increases the need for staff to be appropriately trained in document recognition techniques, recognition of fraudulently prepared or altered documents, and determining when to refer documents to others for more expert advice. As a minimum, new frontline staff SHOULD be trained to recognise the types of documents that they will most frequently be presented with and shown what features to look for when examining them.

Training options are discussed in more detail at 7.10.4.

7.10.4 Resources to assist with document recognition

The following resources are available to assist agencies with the verification of identity-related documents:

NOTE – The Keesing products identified in this section require registration and payment for use.


7.10.5 Overseas-issued documents

Documentation from other countries can vary widely with respect to the issuance processes and security features associated with them. For example, a birth certificate from Country A might be computer printed on special paper and contain a watermark and an embossed seal, while a birth certificate from Country B might be handwritten on regular paper with a stamp. Such variations can be problematic for government agencies that have to determine an individual’s identity without discriminating against them because of their country of origin.

When an individual provides overseas-issued documents, the agency SHOULD ensure that up-to-date advice is available to front-line staff on how to recognise authentic documentation. The following business guidelines should be adopted for Moderate and High EOI Confidence Level processes:


7.10.6 New services

Agencies SHOULD consider the contribution that new services and improved access to authoritative identity data sources and processes can make towards enhancing the efficiency and accuracy of their establishment of identity processes. Smarter use of the Government’s authoritative identity data sources has significant potential to:

Two particularly relevant examples of new services under development are the Identity Verification Service (IVS) and the Data Validation Service (DVS). Agencies SHOULD consider the use of these new services where the EOI Confidence Level to be satisfied is Moderate or High.

Scenarios illustrating future services and application of the EOI Standard can be found at https://psi.govt.nz/evidence/default.aspx

7.10.6.1 Identity Verification Service (IVS)

The IVS is a mechanism for people to use online channels to verify their identity in real-time to a high level of confidence. It is designed to improve access to services with identity-related risk by providing an online approximation of a person presenting a passport. The IVS meets all of the EOI objectives except for establishing that the applicant is the sole user of the identity (Objective D). As Objective D can be satisfied by a check against agency records, the confirmation of an Identity Verification Credential (IVC) based on IVS data would normally be the only EOI an applicant using an online channel would need to provide.

7.10.6.2 Data Validation Service (DVS)

The DVS is a secure Web browser-based service that enables information on documents issued by the Department of Internal Affairs (e.g. a birth certificate, passport or citizenship certificate) to be validated against the source data in the Department’s systems. It is designed to support government agencies that require customers to present such documents as part of a process to establish their identity or entitlement to a service (e.g. to fulfil Objective A and support Objectives B and C). The DVS can also assist agencies to establish that the presenter is the sole claimant of the identity (Objective D), for example, in part through the validation of change of name on a birth certificate, although the validation of a recent birth certificate will not identify instances of name change as a result of adoption or witness protection. The use of the DVS, in conjunction with other good practices, will reduce the opportunities for certain kinds of identity fraud to occur.

NOTE –

  1. Government agencies can use the DVS to compare data presented on certain Department of Internal Affairs' documents against authoritative source data held by DIA. The DVS will produce an ‘exception’ response if a document being checked presents an abnormal status. For example, if a passport has been reported stolen, and this is then submitted as evidence of identity, a DVS check will generate an exception response from which a manual referral process may be initiated.

  2. There is no biometric database check available in the DVS – it will not check photos on documents against photos stored on a Department of Internal Affairs database.

  3. Although the DVS provides an assurance that an identity exists, it is unable to determine whether this is a living identity. That is, no death check is undertaken on the identity presented to the DVS, unless the information provided relates to a New Zealand birth record that has been flagged as deceased.

Other options for making better use of the Government’s authoritative identity data sources include smarter use of authorised information matching agreements, or the ability to use of a single document to satisfy multiple EOI objectives. For example, the presentation of a New Zealand Passport as part of an in-person verification process can satisfy Objectives A, B and C, and validation of the passport’s data with the issuing agency can then be used to satisfy Objective E, thus removing the need for additional Objective E documentation.

7.11 Verification of identity-related data against source data

Verifying information with the primary data source (i.e. source of issue) reduces the likelihood of individuals successfully presenting counterfeit or altered documents as genuine. This method provides the greatest amount of confidence for High Confidence Level processes, although there is still potential for data entry error and internal misconduct. Verification of details with the issuing source provides evidence that:

Information collected from an individual may only be verified with a third party if such verification complies with the provisions of the Privacy Act 1993. For example, agencies might verify birth information with the Registrar-General, Births, Deaths and Marriages (BDM) to avoid the need for the individual to obtain a birth certificate or if there is concern that the individual may have provided a false birth certificate. Agencies SHOULD consult with their privacy officer or legal advisers to ensure that any business processes involving verification of information with a third party comply with the Privacy Act 1993.

7.11.1 Authorised information matching programmes

Part 10 of the Privacy Act 1993 provides a regulatory regime that permits information matching in circumstances where it would otherwise constitute a breach of the Information Privacy Principles. Each authorised information matching programme is established by statute. For example, an amendment to the Births, Deaths, Marriages, and Relationships Registration Act 1995 is required if an agency wishes to establish an information matching programme to match against registered birth information.

As legislation is required for authorised information matching programmes, agencies are advised to involve their legal advisers and privacy officers early in the process. Early consultation with the Office of the Privacy Commissioner is also strongly recommended as the Commissioner’s functions include examination of any proposed legislation where ‘the information might be used for the purposes of an information matching programme…’ Agencies can find information about these issues on the Privacy Commissioner’s website (www.privacy.org.nz). The website provides a range of resources for government agencies including a Guidance Note for Departments Seeking Legislative Provision for Information Matching: Information Matching Privacy Impact Assessments.

7.12 Biometrics

Biometric information refers to the measurable physiological and behavioural characteristics of a person. Physiological characteristics are those that are fixed or stable (e.g. face (facial thermograph), fingerprint, hand (veins and geometry), iris (retinal scan) and DNA). Behavioural characteristics are skills or functions performed by an individual at a specific time for a specific reason (e.g. voice, signature, gait and keystroke).

Biometric information can be used in EOI processes as part of the initial establishment of a person’s identity, and for the ongoing authentication of identity. Biometric information will usually be collected as part of an initial establishment of identity process and then stored as a template for future comparisons. Biometric information can be utilised in an EOI process in the following ways:

The main value of biometric information in an EOI process is its ability to establish, to a degree of probability, a record that a single person links to a single identity (Objectives C and D) for Moderate and High EOI Confidence Level process.

7.12.1 Considerations for agencies

Agencies SHOULD consider whether the use of biometric information is the most appropriate way to manage the risk identified during the Risk Assessment Phase before deciding whether to introduce a biometric solution into an identity-related business process. The Cross Government Biometrics Group has developed guidance for the use of biometric technologies. It is recommended agencies follow the Guiding Principles for the Use of Biometric Technologies.

The Guiding Principles for the Use of Biometric Technologies from the above publication are outlined below:

GP1

There is a justified use of biometric technologies for identity-related processes.

GP2

The use of biometric technologies for identity-related processes must be lawful and appropriately authorised.

GP3

Consideration should be given to identify opportunities to collaborate with other agencies and stakeholders.

GP4

Consideration must be given to the end users9 of any business processes that will include biometric technologies.

GP5

The biometric technology used must be appropriate and meet the purposes for which it is designed.

GP6

Relevant domestic and international obligations must be met.

GP7

Stewardship of biometric information must be robust with supporting systems and processes established and maintained.

Updates on the Guiding Principles for the Use of Biometric Technologies and further guidance can be found at the Biometrics site https://psi.govt.nz/biometrics/default.aspx on the Public Sector Intranet (PSI).

NOTE – Agencies that cannot access the PSI can contact the EOI Standard Programme team at eoistandard@dia.govt.nz for further information on work undertaken by the Cross Government Biometrics Group.

When determining the most appropriate biometric for use, criteria to consider include:

Different biometric characteristics will vary in performance against the criteria outlined above. For example, some biometrics characteristics are more reliable than others, some are more widely used, and some are less intrusive than others. Some biometric characteristics cannot be as readily duplicated, lost or stolen as other biographical details.

It is also important that agencies implement appropriate business processes around the storage and protection of biometric information. Biometric information itself, and the confidence in it, can be made vulnerable by weak storage and protection of the information on agencies’ databases or by the carelessness of individuals.

Agencies SHOULD consider the cost and lifetime of the supporting system (e.g. initial system set-up and ongoing licensing costs) when considering the requirements for the collection and storage of biometric information. The biometric information that the agency selects for use will influence the cost of the biometric system.

7.13 Trusted referees

Trusted referees are a vital component of the EOI process. In particular, trusted referees can assist an agency with determining whether the presenting person links to the claimed identity.

For the purpose of the EOI Standard, a trusted referee is a person who:

The two key elements that should exist for a trusted referee process to be effective are that the referee:

7.13.1 Criteria for trusted referees

Agencies will need to determine who qualifies as trusted referees for a particular service. It is preferable that the trusted referee has previously had their identity established by the agency, thereby creating a level of trust between the agency and the referee.

Agencies will need to set further criteria around who qualifies as a trusted referee for specific services. The criteria chosen SHOULD be widely enough defined so that individuals can reasonably be expected to find referees that meet the criteria while at the same time stringent enough to ensure the strength of the process is not compromised.

Criteria for qualification as a trusted referee could include requirements that the trusted referee:

If an applicant is unable to locate a trusted referee known to the agency, then the use of a trusted referee that holds a particular position of standing in the community (e.g. registered professional, kaumātua or religious or community group leader) may be considered. These individuals should also meet any other criteria set for trusted referees (e.g. not related to the applicant, has known applicant for at least 12 months).

NOTE –

  1. Criteria for who is recognised as a kaumātua are determined at the individual agency level.

  2. To meet the High EOI Confidence Level process, there SHOULD be a process allowing the agency to contact the trusted referee directly to confirm their details. At a minimum, trusted referees SHOULD be contacted if any discrepancy is identified as part of EOI checking processes.

7.13.2 Legislative implications for trusted referee processes

The practice of using trusted referees does not necessarily need to be enshrined in legislation. Current passport administration in New Zealand provides a precedent for the use of trusted referees being introduced without legislation.

Agencies SHOULD liaise with their legal advisors when considering implementing a trusted referee process, to ensure that the process is legitimate in regard to the particular legislation that the agency operates within.

7.13.3 Privacy implications for trusted referee processes

The use of trusted referees may require the individual to disclose to a trusted referee the service that he/she wishes to access (e.g. an individual may have to let a third party know that he/she is applying for an unemployment or sickness benefit in order to meet the agency’s trusted referee requirements). This gives rise to a potential privacy issue.

This issue can be addressed by designing service application forms in a manner that does not associate the core application data with the trusted referee’s input to the application. It is advisable for agencies to consider this option if an individual is likely to be exposed to personal costs or risks of any nature by disclosing the nature of the service they are applying for to a third party.

7.13.4 Strengths and limitations of trusted referees

Use of trusted referees can be a cost-effective way to provide confidence that an individual ‘links’ to the identity they have claimed as their own (Objective C).

However, a trusted referee process may have potential limitations. For instance, a trusted referee process may lack the structured environment and systematic business processes used in an in-person verification. Under the in-person verification approach the interests of the individual and agency may be protected by agency business processes such as:

NOTE – the witnessing of a photograph and/or an assessment by a trusted referee that the content of a photocopied document accurately reflects that of the original document when the two are compared is not the same as a document verification process (see 7.10.4) undertaken by an agency staff member formally trained in document verification.

For a High EOI Confidence Level process where an agency cannot justify contacting each referee, the agency SHOULD, as a minimum, contact a percentage of trusted referees for validation of the information that the applicant, and possibly the trusted referee, has provided. Agencies SHOULD also consider using a profiling approach to identify applicants that may need to be subjected to more rigorous verification than others. Agencies SHOULD contact trusted referees if discrepancies in individual applications are detected and on the basis of other risk indicators. Any trusted referee who verified the identity of an allegedly fraudulent customer SHOULD also be investigated.

Specific risk indicators will need to be determined by the individual agency in relation to the nature of particular services. If there is an unacceptable level of doubt in the validity of either the individual’s claimed identity or that of the trusted referee, the agency SHOULD subject the case to more thorough investigation.

7.14 In-person verification processes

In-person verification involves the individual appearing in person at a public counter with either a photograph verified by a trusted referee, or a trusted document that contains a photograph (e.g. a passport). Staff members then assess whether the person in front of them matches the person in the photograph, and/or whether the person appears to correspond with the biographical data on the document (e.g. whether they appear to be the correct age and gender).

For an in-person verification process to be effective it should be of the highest integrity. For example, staff SHOULD be trained in person recognition. The costs involved in carrying out a high integrity in-person verification process for all customers are high. Costs include financial cost to the agency and compliance costs for customers (e.g. inconvenience and accessibility issues). When deciding whether in-person verification should be adopted, the agency SHOULD consider whether the agency requires the individual to appear in-person for other reasons (e.g. to determine the individual’s entitlement to the particular service).

Agencies need to assess the benefits of seeing an individual in person. Factors for consideration include:

costs and benefits (e.g. whether the compliance costs such as agency infrastructure and travel for the individual is unreasonably high in relation to the benefits gained)

whether an alternative process will achieve the same result, such as having a trusted referee verify the individual’s identity by signing the back of their photo

whether in-person contact can fulfil objectives additional to meeting EOI requirements (a number of services already require face-to-face contact with individuals).

7.14.1 Strengths and limitations of in-person verification

In-person verification provides potential ‘barriers’ for a person attempting to misuse or abuse identity (e.g. if an individual is attempting to use a stolen identity).

However, there are also limitations to the effectiveness of in-person verification. While photographic facial recognition is not 100% accurate, research has found that its success rate is high enough to add a significant degree of confidence to the EOI process, provided it is used in combination with other forms of EOI. However, it is unclear whether in-person verification is any more successful in meeting Objective C (presenting person links to identity) than using other processes, such as using trusted referees.

7.15 Dealing with discrepancies

This section outlines secondary EOI processes that SHOULD be used where a discrepancy is detected in the EOI documentation provided by an individual or trusted referee.

If a discrepancy is detected in the EOI documentation provided by an individual or trusted referee, the following actions SHOULD be taken:

7.16 Investigative interviewing processes

Investigative interviewing offers a higher degree of confidence than the in-person verification process outlined in section 7.14. An investigative interview involves the interviewer collecting identity-related information about an individual before the interview and preparing questions that the person claiming that particular identity should reasonably be expected to answer correctly.

Because of the cost to the agency and the individual, and the level of agency staff training involved, investigative interviews SHOULD only be used where other EOI processes have not achieved the required level of confidence in an individual’s identity.

7.17 Handling individual exceptions

Agencies need to have exception-handling protocols in place to deal with cases where individuals are unable to meet the requirements of EOI processes. The nature of these protocols will be determined by the agency in relation to the particular service and customer base.

Where possible, exception processes SHOULD be as functionally equivalent as possible to a service’s standard EOI processes. If a service requires a Moderate EOI Confidence Level process, the agency SHOULD attempt to meet the objectives for the Moderate EOI Confidence Level process by requiring alternative forms of EOI from the individual. For example, if an individual is unable to provide the required documentation to meet Objective A (i.e. evidence that the claimed identity exists) due to accidental destruction of all documentation, the agency SHOULD get the individual’s consent to contact the issuing agency to verify the existence of the claimed identity.

7.18 Privacy requirements

The Privacy Act 1993 covers the collection, disclosure and use of personal information. When designing and implementing an EOI process, agencies MUST ensure that the process implemented is consistent with the Privacy Act 1993. Agencies need to seek specific legal and privacy advice when considering privacy requirements (see 7.18 and 7.24). The information that follows is not intended to substitute for that professional advice but is included to provide agencies with some preliminary guidance on the issues that may need to be considered. The Office of the Privacy Commissioner has developed the Privacy Impact Assessment Handbook to assist agencies in examining proposals that involve the collection, use, or disclosure of personal information (available from: www.privacy.org.nz).

7.18.1 Key considerations

Privacy issues are integral to the design and implementation of any EOI process. Key responsibilities that agencies SHOULD build into their EOI business processes include ensuring that:

Some of the information collected from individuals during the EOI process will be necessary for agency records (e.g. name and address) and other information may be provided to confirm a person’s identity but does not need to be retained by the agency after the EOI process has been completed. Agencies are responsible for ensuring that they do not keep information that is irrelevant or for that they have no legitimate reason to retain. Agencies need to consider whether there is a legitimate business reason for retaining identity-related information collected from individuals or whether it is sufficient to simply record that the information was sighted.

Agency staff needing information on privacy considerations should always refer the agency’s privacy officers or legal advisers. Agencies may also wish to consult the Privacy Commissioner’s website (www.privacy.org.nz).

The Privacy Act 1993 is available from www.legislation.govt.nz.

7.18.2 Collection of identity-related information from individuals

At the heart of the Privacy Act 1993 are the notions of transparency and autonomy. Individuals cannot exert any control over the accuracy or use of data held about them until they know when data is being collected, who will have access to it and how it will be used. Transparency is central to building customer trust.

The Privacy Act requires agencies to advise individuals about the following:

The rationale for meeting objectives within an EOI process, and the documents/records that meet particular EOI objectives, SHOULD be provided to the public to aid transparency of the process. For example, utility bills provide confirmation that the person uses that identity in their daily life, and may be used to confirm the person’s current address. Agencies that request these documents SHOULD advise their customers that this is why these documents have been requested.

7.19 Risk profiling

If appropriate, agencies may use risk profiling as a tool to reduce identity-related risk in addition to the EOI process requirements specified in this Standard. Any risk profiling tool considered for adoption by the agency SHOULD be considered from a human rights perspective. The agency SHOULD seek legal advice before adopting a risk profiling tool, particularly in regard to any human rights issues that may arise from use of a particular profiling tool.

Risk profiling involves using information collected by the agency or other sources (e.g. other government agencies, overseas counterparts and other intelligence sources) about previous cases where misuses or abuses of identity (or other types of crime) were detected. The information collected is then used to highlight characteristics of cases that are more likely to involve false identities.

Agencies that use risk profiling may need to develop risk profiles as part of the process for establishing an individual’s identity. A risk profile highlights aspects about an individual that may indicate an increased risk of their perpetrating an identity crime. If an individual application or the particular service fits within a risk profile, an agency may undertake additional processes to further verify the individual’s identity. These additional processes could include contacting trusted referees directly to validate information supplied by that referee, or requiring the customer to attend an investigative interview. The type of additional processes an agency chooses to undertake will need to be established as part of the overall EOI process design.

Risk profiles SHOULD be updated to ensure their ongoing currency. It is particularly important to update risk profiles to include details of relevant incident and/or intelligence information that contribute to the refinement of agency risk profiles. Accountability mechanisms within agencies will be required to ensure updating happens in a timely manner.

7.20 Data quality issues

Accuracy of identity data is of key importance for any EOI process that an agency operates. Once implemented, EOI processes SHOULD be periodically audited for accuracy of identity information produced. This will also help to ensure that agency practices comply with Information Privacy Principle 8 of the Privacy Act 1993.

If unacceptable inaccuracies are found, the cause of the inaccuracies SHOULD be identified and resolved wherever possible. As a general rule, the greater the risk associated with inaccuracies in the identity data, the greater the effort that should be made to correct the inaccuracy.

7.21 Agents/persons acting on behalf of individuals

EOI processes SHOULD be designed on the basis that personal information will be collected from the individual concerned when that individual applies for a government service. Agencies that receive service applications from agents or caregivers who are acting on behalf of an individual need to have processes in place to ensure that the agency/caregiver has authority to act for the recipient and that any personal information is provided with the individual’s consent or some lawful authority (e.g. power of attorney or an order issued by the Family Court under the Protection of Personal and Property Rights Act 1988).

If an agent is a named individual, agencies SHOULD consider whether they SHOULD verify that the agent is the named agent of the customer. This is recommended for services with Moderate to High levels of identity-related risk.

7.22 Step 3 – Ongoing operation of EOI processes

See 7.23 to 7.27 for guidance on areas that agencies MUST consider before EOI processes become operational.

7.23 Internal controls

Internal controls are an agency’s first line of defence in safeguarding assets and preventing and detecting errors and fraud. Poor internal controls can jeopardise the effectiveness of any EOI process.

Agencies SHOULD analyse their EOI process to determine the points at which internal controls need to be implemented to prevent process failure. EOI internal control activities are any policies, procedures, techniques, and mechanisms that minimise the risk that EOI processes will not meet their objectives. They include a diverse range of activities, such as:

There are a range and variety of EOI control activities that SHOULD be adopted by agencies that carry out EOI processes. The specific control activities used by one agency may be different from those used by other agencies. An agency’s internal controls SHOULD be flexible enough to allow control activities to be tailored to fit particular contexts. Factors to consider when determining which control activities a particular agency needs to adopt may include:

7.23.1 Establishing identity as part of an employment recruitment process

EOI processes to establish an applicant’s identity and quantify the amount of risk the agency will be exposed to if the applicant’s identity is incorrectly attributed SHOULD be undertaken as part of an agency’s employment recruitment process.

NOTE – This does not include process requirements applicable to people applying for professional registration.

Before any background checking or verification takes place, an agency should establish the identity of the applicant. If the applicant is overseas, an overseas recruitment agency may need to establish the applicant’s identity. The applicant’s identity will then need to be confirmed once the applicant arrives in New Zealand. Agencies will need to consider the impact of any incomplete or insufficient tests before making a job offer.

Once the applicant’s identity has been established, the established identity is then used to link the individual to previous employment and job specific checks. The agency MUST get the applicant’s consent and make the applicant aware of any impact the results of these checks will have on their eligibility for employment before proceeding with this process. The reason and nature of all checks must be communicated to candidates during the application process, so they can determine their ‘fit’ for the role.

As a minimum, agencies should establish the identity of job applicants to a Moderate EOI Confidence Level. If the role is perceived to have a higher level of risk associated it, the identity of the applicants SHOULD be established to a High EOI Confidence Level. Higher risk roles may include:

Further information on establishing identity as part of an employment recruitment process can be found at: https://psi.govt.nz/evidence/default.aspx.

7.23.2 Operational considerations

An agency’s human resource planning SHOULD allow for adequate EOI checking to be undertaken by staff. Agencies need to ensure that staff workloads are manageable. If staff members are unduly pressured for time or to meet targets there is a risk that their vigilance in identifying discrepancy cases may diminish. Complaints and errors SHOULD be analysed to determine their cause so that appropriate remedies can be applied in a timely manner (see 7.26).

Agencies SHOULD also ensure that they have adequate controls in place to prevent staff members perpetrating internal fraud, which can undermine the integrity of an agency’s EOI processes.

7.23.3 Staff training

Staff training SHOULD ensure that staff have an adequate understanding of a service’s EOI requirements and the potential consequences of failing to follow proper procedures. Areas where training is likely to be required include:

7.23.4 Physical control over vulnerable assets

An agency SHOULD establish physical control to secure, limit access to, and safeguard vulnerable assets such as documents or records that might be vulnerable to risk of loss or unauthorised use. Physical files and records SHOULD be tracked in such a way that an audit trail clearly indicates where and with whom the files are located. Audit trails in computer systems SHOULD show records of all users, access information, the time and date of access, and before and after images of any changes.

7.23.5 Segregation of duties

Key duties and responsibilities SHOULD be divided or segregated among different people to reduce the risks of error and internal fraud. This SHOULD include separating the responsibilities for each of the following responsibilities:

No one individual should control all key aspects of a service’s delivery. This is especially important when issuing any record that may potentially be used as EOI for subsequent services.

7.23.6 Accurate and timely recording of services

Service delivery SHOULD be promptly recorded and processed to maintain its relevance and value to the control of operations and for later evaluations. This applies to the entire process or life cycle of a service from the initiation and authorisation through to its final classification in summary records.

7.23.7 Access restrictions and accountability for identity-related records

Access to identity-related resources and records SHOULD be limited to authorised individuals. Accountability for the custody and use of identity-related resources and records SHOULD be assigned and maintained. Periodic reviews and monitoring of data are necessary to help reduce the risk of errors, fraud, misuse, or unauthorised alteration.

7.23.8 Appropriate documentation of service delivery and internal controls

Internal controls for all services need to be clearly documented and the documentation SHOULD be readily available for examination. All documentation and records SHOULD be properly managed and maintained. Internal control monitoring SHOULD assess the quality of performance over time and ensure that any deficiencies identified by audits and other reviews are promptly resolved.

7.23.9 Records management

Records of EOI processes SHOULD be captured in a corporate records system, maintained for as long they are required, then disposed of legally and in accordance with the Public Records Act 2005.

7.24 Legal considerations

When identifying and implementing any changes to business processes to meet the requirements of this Standard, agencies SHOULD identify any legal issues that might need to be addressed and ensure that they are dealt with appropriately. Examples of such issues include:

the need to make amendments to any Act or Regulation concerning the information to be collected from the applicant or the processes that applicants undergo in order to receive a particular service from the agency

the need to obtain and act on legal advice associated with any changes in business processes (e.g. the introduction of more stringent identity verification checks that require the collection and sharing of greater amounts of personal information, and the implications of the Privacy Act 1993 on the range of strategies that the agency might consider to enable the carrying out of these verification checks).

7.25 Transition of business processes

The extent to which agencies will need to alter their current EOI processes to comply with this Standard will vary widely between agencies and, in some cases, between different business groups within agencies.

Agencies SHOULD identify the optimum transition strategy for the particular type and extent of changes that their organisation needs to implement. The agency’s transition plan will need to address issues such as:

These issues need to be investigated and addressed before the agency finalises its transition plan so that implementation of the changes can occur effectively.

7.26 Complaints handling

Changes to EOI processes to ensure compliance with the EOI Standard may result in changes to the number and/or type of complaints from individuals transacting with the agency (e.g. individuals may consider the revised EOI requirements to be unnecessary or overly intrusive). Each agency SHOULD make appropriate resource provision for this possibility when designing and testing these new EOI processes.

Most agencies are likely to already have appropriate mechanisms in place for handling complaints from customers, but the need for expertise to process/investigate some types of complaints (e.g. complaints about potential breaches of the Privacy Act 1993) may be greater during the introduction of revised EOI processes.

Agencies SHOULD also have procedures in place for dealing with complaints about incorrectly recorded identity-related information about an individual. Under the Privacy Act 1993 agencies SHOULD either correct any personal information they hold about the individual or provide a statement of the reasons why it is not appropriate for the agency to make the requested changes.

If an agency fails to put appropriate administrative procedures in place for dealing with errors in identity details, or does not deal with any such complaints according to its procedures, this may result in an investigation by an Ombudsman under the Ombudsmen Act 1975.

7.27 Communication protocols between agencies

Agencies SHOULD ensure that they monitor and evaluate the performance of their EOI processes and act in a timely manner if issues arise that need to be communicated to other agencies. Examples of such situations include the discovery of:

Agencies SHOULD ensure that any communications with other agencies comply with the Privacy Act 1993.

7.28 Checklist for Phase 2 — Design and Operation

Checklist for . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (service name)
Step
Date when completed

1

EOI Confidence Level determined (based on Identity Service Risk Category)


2

Design an EOI process, or modify existing EOI process, appropriate to EOI Confidence Level:



  • ‘gap’ analysis completed (where there are existing EOI processes)



  • minimum evidential requirements for EOI Confidence Level met (for both initial establishment and ongoing confirmation of identity)


3

Implementation of EOI process (either new or modified process)



  • internal controls implemented



  • legal aspects (including privacy) signed off



  • complaints handling implemented



  • transition of business processes planned



  • communication protocols with other agencies implemented


4

Monitor, evaluate and review on . . . . . . . . . . . . . . . . . . . . . . .



5 The use of biometrics technologies is therefore likely to provide the most reliable recognition processes to link the person to the identity for a High risk service (i.e. where the agency already has authorised access to trusted biometric information about the person which can be matched to the person through the use of biometric recognition software).

6 The full name should be the first registered full name following birth. This approach will assist agencies to identify any subsequent name changes and link them back to the original name. Agencies should also capture and allow the use of the name that the person prefers to be known as. This should be linked in agency systems back to the first registered full name following birth.

7 Agencies could consider periodic data matching or data cleansing against the DIA death register to update their records for instance.

8 The term postal mail refers to all types of mail products (e.g. letters, parcels, packages) that are not transacted or delivered online. It includes a standard postal mail system using stamps or franks and also includes mail delivered by courier.

9 ‘End User - the individual who will interact with the system to enrol, to verify or to identify.’ Source: Biometrics Glossary, National Science and Technology Council (NSTC), 14 September 2006.

[ Next | Previous | Contents ]