Stripe Identity: FAQ template

Explaining ID verification and Stripe Identity to your customers.

If you’re using Stripe Identity for ID verification, copy and customize this template to build FAQ (Frequently Asked Questions) content that explains how ID verification works through Stripe to your users.

Modify this FAQ template and provide it on your website.

Review the callouts that require information specific to your business.

Check frequently for the latest version of this document.

To obtain Stripe logos, badges, and buttons for your site, visit the Stripe resources page.

How does identity verification work?

works with Stripe to conduct identity verification online. Stripe builds technology that’s used by millions of companies around the world such as Amazon, Google, and Zoom. Stripe helps with everything from accepting payments to managing subscriptions to verifying identities.

Stripe helps confirm your identity by conducting the following checks:

Update below based on the verification methods that you choose to use.

Stripe will capture images of the front and back of your government-issued photo ID and review to ensure that the document is authentic. They’ve built an automated identity verification technology that looks for patterns to help determine if an ID document is real or fake. This process is like a bank teller checking your ID document to confirm that it’s real.
Stripe will capture photos of your face and review to confirm that the photo ID belongs to you. They’ve built automated identity verification technology that uses distinctive physiological characteristics of your face (known as biometric identifiers) to match the photos of your face with the photo on the ID document. This process is similar to a bank teller confirming that the photo on your ID document is you based on the shape of your nose or eyes—but it’s higher-tech and a more accurate way to identify you as a unique person.
Stripe will collect your name, date of birth, and government ID number, and validate that it is real. They will check this information against a global set of databases to confirm that it exists.

Stripe will ask for your consent before collecting and using your information. They will only use your verification data in accordance with the permissions you grant before starting the verification process, and based on their Privacy Policy.

Learn more about how Stripe is storing and handling your data.

Include your privacy policy here.

Be sure to transparently disclose to your users the information you’re receiving and how you’re using, storing, and sharing it, including the use of cookies if that is part of your integration. You should also disclose that you use Stripe as a service provider:

We use Stripe Identity for identity verification. Stripe collects identity document images, facial images, ID numbers and addresses as well as advanced fraud signals and information about the devices that connect to its services. Stripe shares this information with us and also uses this information to operate and improve the services it provides, including for fraud detection. You may also choose to allow Stripe to use your data to improve Stripe’s biometric verification technology. You can learn more about Stripe Identity and read their privacy policy.

Best practices for a successful verification

We recommend adding these best practices before a user starts the verification process so they know what to expect.

Before starting the verification process, here’s what you need:

A valid government-issued photo ID document. Not a photocopy or a picture of an ID document. Ensure that the ID document is not expired.
A device with a camera, if possible, use a mobile device. Cameras on mobile devices typically take higher-quality photos than a webcam.

The quality of the images captured affects success rates dramatically. Below are a few best practices to help ensure that your verification succeeds:

Capture a clear image. Make sure that the images are not too dark or bright, and don’t have a glare. Hold steady and allow your camera to focus to avoid blurry photos.
Do not block any part of your ID document in the image. Ideally you can lay it flat to take the photo.
Do not block any part of your face. Remove sunglasses, masks, or other accessories.
Find a location with ambient lighting. Avoid spaces with strong overhead lights that cast a shadow on your face or ID document. Avoid sitting directly in front of a bright light which can wash out your face and add a glare to your ID document.

Why am I asked to verify my identity?

Provide your preferred answer.

Some users may be hesitant to share their ID information, so it’s important to help them understand why you are asking for this information.

Why was I rejected?

A business might want to offer alternative methods for verification if a user disputes their results.

Can I get verified using a different method?

Provide your preferred answer.

Remember that privacy laws may require you to provide an alternative verification process that does not use biometric technology if the user does not consent to use of their biometric information. Please consult your legal counsel for regional requirements.

Who has access to my verification data?

A business can only use the following section if they aren’t storing additional copies of verification data on their own systems. Insert your own store and access control policies here.

Both and Stripe have access to the information that you submit through the verification flow. We rely on Stripe to help store your verification data. Stripe uses access controls and security standards that are at least as stringent as those used to handle their own KYC and payments compliance data.

Learn more about how Stripe handles and stores your data.

How can I access or delete my verification data?

Provide your data privacy process here.

Remember that the Identity API has a redaction endpoint which allows you to delete the verification data that Stripe Identity is storing on behalf of your business. For example, you can use this tool to meet your deletion requirements when an end-user from Europe or California asks you to delete their data, or when you collect an ID from a country such as Germany that requires you to delete an ID card upon completion of the verification even if there is no deletion request from the end user. If you’ve created additional copies of a users’ data, you may also need to delete these as well.

Stripe does not delete data on your behalf when we are storing the data as your processor, even if your end-user asks us to because we recognize you must conduct your own legal analysis on whether deletion is appropriate.

If your end-user reaches out to us requesting deletion, we will respond to the request with respect to any data that we hold as data controller, and also recommend the end-user reach out to you to request deletion.

Likewise, we suggest that if any of your end-users reach out to you with a deletion request, you should remind them to reach out to Stripe as well, since we are also holding verification data as an independent controller. They can get in touch with us at privacy@stripe.com.

Learn more about privacy considerations for handling ID verification data as a business