SSN CHECK TERMS
The terms in this Schedule 6 apply to Client’s access to and use of Onfido’s SSN Check service (“SSN Check”), in addition to the terms set forth in the Agreement. The terms in this Schedule 6 take precedence over any other conflicting or inconsistent terms in the Agreement, but only with respect to Client’s access to and use of SSN Check. Capitalized terms used in this Schedule 6 have the same meaning as in the Agreement, unless expressly defined otherwise.
1.1. Electronic Signature means an electronic sound, symbol, or process, attached to, or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record, as defined in section 106 of the Electronic Signatures in Global and National Commerce (E-SIGN) Act.
1.2. Fraud Protection Data means a combination of the SSN Holder’s name (including the first name and any family forename or surname of the individual), SSN, and date of birth including the month, day, and year.
1.3. SSA means Social Security Administration.
1.4. SSA Response(s) means the response SSA discloses to Onfido after conducting a verification of the SSN Holder’s Fraud Protection Data.
1.5. SSN means social security number.
1.6. SSN Holder means an individual who authorizes SSA to verify his or her SSN by providing Client with Written Consent.
1.7. SSN Verification(s) means the response Onfido discloses to Client in a Report after receiving an SSA Response.
1.8. Supporting Documentation means all records or information necessary for Onfido or SSA, or their designated representatives, to conduct audits as permitted hereunder, including but not limited to: all completed and signed Written Consents; evidence documenting the specific purpose for each Written Consent, if not referenced within the individual Written Consent; and SSN Verifications.
1.9. Written Consent means consent, whether written or electronic, by which the SSN Holder gives SSA permission to disclose SSA Responses to Onfido in connection with a credit transaction or any circumstance described in section 604 of the FCRA (15 U.S.C. § 1681b).
2. PRODUCT SPECIFIC TERMS FOR SSN CHECK. Client agrees to the following terms:
2.1. Financial Institution Acknowledgement. Client acknowledges and agrees that: (i) Client is a Financial Institution as defined by Section 509 of the Gramm-Leach-Bliley Act (GLBA).
2.2. Permitted Entity Certification. Client must submit a Permitted Entity Certification in the prescribed form found at https://www.ssa.gov/dataexchange/eCBSV/documents/ua/eCBSV%20User%20Agreement%20-%20Exhibit%20A.pdf to the SSA and receive SSA’s acceptance of such Permitted Entity Certification in order for Onfido to provide SSN Check to Client. Onfido reserves the right without further notice to Client to suspend provision of SSN Check if Client fails upon Onfido’s request to provide evidence of a valid Permitted Entity Certification that is satisfactory to Onfido at its sole discretion.
2.3. SSN Holder Consent
2.3.1. Client must submit requests for SSN Verifications only pursuant to the Written Consent received from the SSN Holder.
2.3.2 Client is solely responsible for obtaining valid Written Consent from each SSN Holder that meets all of the following requirements:
a. is in one of the two following forms: (i) SSA-89 “pdf fillable” form found at https://www.ssa.gov/forms/ssa-89.pdf with the SSN Holder’s Electronic Signature, or (ii) one of the two consent template options provided at https://www.ssa.gov/dataexchange/eCBSV/written_consent.html that is incorporated into Client’s existing electronic or paper-based business process;
b. clearly specifies: (i) to whom the information may be disclosed, (ii) that the SSN Holder wants SSA to disclose the SSN verification result, and (iii) where applicable, during which timeframe the SSN verification result may be disclosed (see 20 CFR Part 401.100);
c. has not been altered either before or after the SSN Holder completes the Written Consent, unless the SSN Holder annotated and initialed this alteration in the space provided on the Written Consent, including by a new Electronic Signature;
d. in the case of an SSN Holder aged 18 or older with an appointed legal guardian, (i) the legal guardian has signed the Written Consent, and (ii) the legal guardian has submitted documentation to Client that proves the legal guardian relationship;
e. in the case of an SSN Holder under the age of 18 years, (i) the SSN Holder’s parent or legal guardian has signed the Written Consent, and (ii) the SSN Holder’s parent or legal guardian has submitted documentation to Client that proves the parental or legal guardianship relationship;
f. in the case of an SSN Holder who has given a power of attorney to an agent to act on his or her behalf, (i) the agent has signed the Written Consent, and (ii) the agent has submitted documentation signed by the SSN Holder granting the power of attorney and stating that the SSN Response is within the definition of the information that SSA can disclose to Onfido;
g. the Written Consent: (i) specifies the time period for which it is valid and the date of the SSN Response request is within such time period, or (ii) where no validity period was specified, was signed by the SSN Holder within ninety (90) calendar days prior to the date of the SSN Response request.
Onfido reserves the right, in its sole discretion, to determine whether the Written Consent has met all of the above requirements, and any additional or different requirements that the SSA may impose from time to time.
2.4. FCRA Purpose. Client must submit requests for SSN Verifications only in connection with a credit transaction or any circumstance described in Section 604 of the FCRA.
2.5. Section 215 of the Banking Bill. Client must only submit SSN Response requests for SSN Response verifications in accordance with Section 215 of the Economic Growth, Regulatory Relief, and Consumer Protection Act, (Pub. L. No. 115-174, referred to as the "Banking Bill")
2.6. Fraud Protection Data. To request an SSN Verification, Client must specify to Onfido the full name (including the first and last name), date of birth, and SSN of each SSN Holder whose SSN the Client seeks to verify.
2.7.1. Client must retain all Supporting Documentation for a period of five (5) years from the date of the SSN Response request, either electronically or in paper form.
2.7.2. Client must protect all Supporting Documentation from loss or destruction.
2.7.3. Written Consent and SSA Responses must not be reused.
2.7.4. If Customer retains the Written Consent in paper format, Client must store the Written Consent in a manner that meets all regulatory requirements.
2.7.5. If Client obtains the Written Consent electronically, or obtains it on paper and later converts it to an electronic version, Client must: (i) password protect any electronic files used for storage; (ii) restrict access to the files to the only necessary personnel; and (iii) put in place and follow adequate disaster recovery procedures. SSN Verifications must also be protected in this manner. When storing a Written Consent electronically, Client must destroy any original Written Consent in paper form.
2.8. Marketing and Advertising. Client may not: (i) use the words “Social Security” or other program-related words, acronyms, emblems, and symbols in connection with an advertisement for “identity verification”; (ii) advertise that the SSA Response or SSN Verification provides or services as identity verification; and (iii) pursuant to Section 1140 of the Social Security Act, use the words “Social Security” or other program-related words, acronyms, emblems, and symbols in connection with an advertisement, solicitation, or other communication, “in a manner which such person knows or should know would convey, or in a manner which reasonably could be interpreted or construed as conveying, the false impression that such item is approved, endorsed, or authorized by the SSA.”
2.9. Audits. Client shall permit Onfido, SSA, or a designated third party of either of them, the right to review all Supporting Documentation and conduct on-site visits to review Client’s documentation and in-house procedures for protection of and security arrangements for the Written Consent and adherence to the terms of this Schedule 6.
2.10. Written Consents
2.10.1. Client shall maintain and follow its own policy and procedures to protect any information that can be used to distinguish or trace an individual’s identity and Written Consents, including the policies and procedures it has established for reporting lost or compromised, or potentially lost or compromised non-public information of its consumers. In addition, Client shall maintain and follow any and all policies and procedures to protect Written Consents that are required by the SSA from time to time.
2.10.2. Client shall: (i) safeguard Written Consents to which it has access; and (ii) take appropriate and necessary action to (1) educate its employees on the proper procedures designed to protect Written Consents, and (2) enforce compliance with the policy and procedures prescribed.
2.10.3. Client shall use commercially reasonable efforts to safeguard Written Consents to which it has access from loss, theft, or inadvertent disclosure. Client is responsible for safeguarding this information at all times.
2.10.4. When Client becomes aware or suspects that Written Consents have been lost, compromised, or potentially compromised, Client, in addition to its own reporting process, shall provide immediate notification of the incident to Onfido, which will promptly report such incident to Onfido’s primary SSA contact or its SSA alternate, if the primary SSA contact is not readily available and the name of the alternate has been provided to Onfido. Client shall provide Onfido with any updates on the status of such incident as they become available and will assist Onfido in providing such updates to the primary SSA contact or SSA alternate, as applicable.
2.10.5. Client shall process all Written Consents in a manner that will protect the confidentiality of the records; track the dissemination of the records; prevent the unauthorized use of Written Consents; and prevent access to the records by unauthorized persons.
2.11. Suspension of SSN Check
2.11.1 Client hereby acknowledges that SSA may suspend SSN Check if Client fails to comply with the terms of this Schedule 6. During such period of suspension, Client acknowledges and agrees that Onfido may be restricted from submitting SSN Response requests to SSA on behalf of Client.
2.11.2 Client waives any right to judicial review of SSA’s decision to cancel the provision of SSN Responses, or to suspend or terminate the agreement between Onfido and SSA.
2.12.1. Notwithstanding any other provision of the OSA, any applicable Order Form or this Schedule 6, Client shall defend, indemnify, and hold each of Onfido and SSA, and their respective officers, shareholders, directors, and personnel, (and keep such individuals indemnified on a full indemnity basis), harmless from all claims, actions, causes of action, suits, debts, dues, controversies, restitutions, damages, losses, costs, fees (including reasonable attorney’s fees), judgments, and any other liabilities caused by, arising out of, associated with, or resulting directly or indirectly from, any acts or omissions of Client, including but not limited to the disclosure or use of information provided by Client, or any errors in information provided by Client to Onfido.
2.13.1. Client hereby acknowledges and agrees SSA is not liable for any damages or loss resulting from errors in information provided to Client in SSN Check.
2.13.2. Client hereby acknowledges and agrees that and SSA is not responsible for any financial or other loss incurred by the Client, whether directly or indirectly, through the use of any data provided pursuant to SSN Check.
2.13.3. SSA is not responsible for reimbursing Client for any costs Client incurs pursuant to SSN Check.
3. Exceptions to the OSA.
3.1. For the purposes of this SSN Check only, the definition of “Fraud Database Service Provider” is hereby removed and replaced with the following definition:
“Fraud Database Service Provider” means a government body or other third party service provider, including the U.S. Social Security Administration, that (i) checks whether an identity document has been previously identified to them as lost, stolen, fraudulent, or otherwise compromised, or (ii) verifies a U.S. social security number.
3.2. Clause 4.9 of the OSA shall not apply to SSN Check; provided, however, Onfido is not a consumer reporting agency and none of the information provided through SSN Check constitutes a “consumer report” as such term is defined in the FCRA.
3.3. Clauses 4.11, 10.2.2, 10.2.3, 10.2.4, 10.2.6, 10.2.7, 10.2.8, 10.4.5, 10.5, 10.6, and 10.7 of the OSA shall not apply to SSN Check.
3.4. Clause 11.14 of the OSA shall not apply to SSN Check. For the purposes of Onfido’s provision to Client of SSN Check only, the United States Social Security Administration is named as a third-party beneficiary to the Agreement.
3.5. The Written Consent required in this Schedule 6 is in addition to Onfido’s notice and consent language contained in Schedule 4 of the OSA and shall not diminish or invalidate Client’s requirement to provide such notice and consent language in accordance with Clause 10.1 of the Agreement.