Section 1360-07-03-.05 - STANDARDS FOR ONLINE NOTARIZATION(1) Identity proofing and credential analysis must be performed by a third party who has provided evidence to the online notary public of the ability to satisfy the requirements of this chapter.(2) Requirements for Credential Analysis. A credential is a non-military identification card or other document issued by the United States government, any state government, or a passport issued by a foreign government that has been stamped by the United States immigration and naturalization service. In order to be valid, the credential must also be unexpired and contain the photograph and signature of the principal. Credential analysis is the process by which the validity of a non-military government-issued identification credential is verified. Credential analysis is performed utilizing public and proprietary data sources to verify the credential presented by the principal. Credential analysis shall, at a minimum:
(a) Use automated processes to aid the online notary public in verifying the identity of a principal;(b) Ensure that the credential passes an authenticity test, consistent with sound commercial practices that:1. Use appropriate technologies to confirm the integrity of visual, physical or cryptographic security features;2. Use appropriate technologies to confirm that the credential is not fraudulent or inappropriately modified;3. Use reasonable efforts to utilize information held or published by the issuing source or authoritative source(s), as made generally available for commercial purposes, to confirm the validity of personal details and credential details; and,4. Provide output of the authenticity test to the online notary public; and(c) Enable the online notary public to visually compare the following for consistency: the information and photo presented on the credential itself and the principal as viewed by the online notary public in real time through audio-visual transmission.(3) Requirements for Identity Proofing. Identity proofing is the process by which the identity of an individual is affirmed by a third party through review of public and proprietary data sources. Identity proofing is performed through dynamic Knowledge Based Authentication (KBA) which meets the following requirements:
(a) The principal must answer a quiz consisting of a minimum of five (5) questions related to the principal's personal history or identity, formulated from public and proprietary data sources;(b) Each question must have a minimum of five (5) possible answer choices;(c) At least 80% of questions must be answered correctly;(d) All questions must be answered within two (2) minutes;(e) If the principal fails in his or her first attempt, the principal may retake the quiz one time within 24 hours;(f) During the second attempt, a minimum of 60% of the prior questions must be replaced; and(g) If the principal fails in his or her second attempt, the principal is not permitted to retry with the same online notary public for a period of 24 hours.(4) If the principal must exit the workflow, the principal must meet the criteria outlined in this section and must restart the identity proofing and credential analysis from the beginning.(5) An online notarization system used to perform online notarial acts by means of two-way audio-video communication shall:(a) Provide for continuous, synchronous audio-visual feeds;(b) Provide sufficient video resolution and audio clarity to enable the online notary public and the principal to see and speak with each other simultaneously through live, realtime transmission;(c) Provide sufficient captured image resolution for credential analysis to be performed in accordance with these rules;(d) Include a means of authentication that reasonably ensures only authorized parties have access to the audio-video communication;(e) Provide some manner of ensuring that the electronic record presented for online notarization is the same record electronically signed by the principal;(f) Be capable of securely creating and storing or transmitting securely to be stored an electronic recording of the audio-video communication, keeping confidential the questions asked as part of any identity proofing quiz and the means and methods used to generate the credential analysis output; and(g) Provide reasonable security measures to prevent unauthorized access to: 1. The live transmission of the audio-video communication;2. A recording of the audio-video communication;3. The verification methods and credentials used to verify the identity of the principal; and4. The electronic documents presented for online notarization.Tenn. Comp. R. & Regs. 1360-07-03-.05
Emergency rules filed April 15, 2019; effective through October 12, 2019. Emergency rules expired effective October 13, 2019, and the chapter reverted to its previous status. Original rules filed October 9, 2019; effective 1/7/2020.Authority: T.C.A. §§ 8-16-301, et seq. (Public Chapter 931, effective April 18, 2018).