When providing our Identity Services, we will frequently extract and compare numerical biometric data from facial images to understand whether two faces are likely to be a match. We do this on behalf of our clients for several reasons. Primarily, we will check whether a user owns their identity document by comparing an image of their face to the facial image contained in the identity document. We will also check whether those facial images show signs of fraud - for example, by comparing a person’s numerical biometric data to those of known masks. When we do this, we do not retain the extracted numerical biometric data for any length of time beyond this comparison.
In addition, we may also check whether we have previously verified a user on behalf of a specific client to help that client understand when a user may be generating multiple identities. To find out if the user is known to a specific client, we compare the facial image of the user to the facial images of other users previously verified on behalf of that specific client. To provide this check quickly, we store the numerical biometric data extracted from the previously collected facial images until the client deletes those original images.
Lastly, for our authentication service, we maintain a facial image for each of our client’s users. For each authentication attempt, we will capture a new facial image from the user and compare this to the one we hold for them. If the two images match, the authentication is confirmed. The facial image we retain for each user is in the form of numerical biometric data and we store this numerical biometric data for as long as our client directs.