Email ID Verification FAQ
Below are answers to the most common questions we get about WireSecure’s email ID verification.
How is identity verified?
Information from four sources is used by WireSecure to verify sender identity; their email account, mobile phone, government ID, and facial scan. The system looks for indications of fraud (missing or improper data) and confirmation of alignment (consistency and accuracy from distinct sources).
How do 'Bad Actors' react?
Often when an attempt at impersonation or fraud is met with a challenge, like a request for ID verification, they simply disappear. They know that they cannot pass inspection across accounts and devices and identities so they simply disappear.
How can I request a verification?
There are three options; forward any email to firstname.lastname@example.org, add email@example.com to the /cc line when sending an email, or use our Gmail or Outlook add-ins. In all cases you must have a WireSecure account before your verification request will be processed. (more details)
Why verify people I communicate with regularly?
WireSecure is verifying that the account and person *right now*. Email account takeover is a huge problem, and even if you regularly receive email from an account, you have no way of knowing if someone else is sending email via that account today. WireSecure verifies the account owner is still the person using it.
How is Identity Information Protected?
One component of our ID verification is scans of government ID documents, and facial recognition scans. After this data is used, it is stored in a fully-encrypted format (SOC2-Compliant) for a default period of 7 days. The data is stored in order to facilitate re-verification without the need to re-scan.
Each user is offered the option to immediately wipe their scan data at the conclusion of their verification. If users choose to wipe their scan data they will have to re-scan if asked to verify again.
What if someone is asked to verify repeatedly?
After a person has verified with their ID and facial scan, they aren’t asked to rescan ID again for a period of 7 days. They can quickly confirm ID with just a quick facial unlock.
How are emails protected?
WireSecure does not require any ‘body copy’ data to initiate an ID verification, so users are free to delete all content from emails before forwarding them – in which case no personal or confidential data is received. But, even if you do forward emails to firstname.lastname@example.org our service collects only email addresses and meta data from those emails, and never reviews, analyzes, or stores any email contents. In fact, all emails are deleted within about 200ms of arriving at our servers.
What if there are multiple email recipients?
WireSecure can only request verification from a single email address. If we receive a request with multiple email addresses, we respond with a question asking which one of those addresses you want verified.