The verification experience shows your company name, logo, and color. Make sure to configure the branding settings for your account before going live.
To prevent fraudsters from abusing your verification flow and incurring charges on your account, we recommend that you limit the number of times a user can verify themselves.
As much as possible, store only references to the verification and use the API to retrieve the VerificationSession when you need access to sensitive information. This simplifies your integration and limits your exposure from a security perspective, and helps you comply with privacy laws (such as GDPR) that require you to minimize data retention.
We recommend that you authenticate your user before showing or sending them to Stripe Identity. This allows you to keep relevant internal references and adds a layer of security to prevent fraudsters from abusing your verification flow.
Stripe Identity may not be able to verify all of your users. For example, your user might decline to be verified using biometric technology, they might attempt to verify with an unsupported document type, or they might not be covered by Identity’s verification checks. We recommend that you provide alternative ways to verify your user, such as reaching out to your support team. In some jurisdictions, privacy laws (such as GDPR) might require you to offer a non-biometric verification option for users who decline to consent to using their biometric information.
Follow the Development checklist to ensure a smooth transition when taking your integration live.
Add information to your site answering common questions about identity verification and your use of Stripe Identity. See the FAQ template.
When your users request their data to be deleted, redact the VerificationSession and let your users know that they’ll need to contact Stripe support to remove their data from Stripe’s servers. You could add the following paragraph to your application:
We use Stripe for identity document verification. Stripe retains a copy of all the data provided as part of a verification. You may also have consented to allow Stripe to use your data to improve their technology. You can delete your information from Stripe’s servers or revoke your consent by visiting https://support.stripe.com.