Current through Vol. 42, No. 1, September 16, 2024
(a)
Multi-factor authentication. If a notary public does not have
satisfactory evidence of the identity of a principal under subsection (b) of
this Section, the notary public must reasonably verify the principal's identity
through a multi-factor authentication procedure as provided in this subsection.
The procedure shall analyze the principal's identification credential that is
the subject of remote presentation against trusted third-person data sources,
bind the principal's identity to the individual following successful dynamic
knowledge-based authentication assessment, and permit the notary public
visually to compare the identification credential and the principal. The
analysis of the identification credential and the dynamic knowledge-based
authentication assessment shall conform to the following requirements:
(1)
Credential analysis. The
analysis of the identification credential that is the subject of remote
presentation must use public or private data sources to confirm its validity
and shall, at a minimum:
(A) use automated
software processes to aid the notary public in verifying the identity of each
principal;
(B) require that the
identification credential passes an authenticity test, consistent with sound
commercial practices that use appropriate technologies to confirm the integrity
of visual, physical or cryptographic security features and to confirm that the
identification credential is not fraudulent or inappropriately modified;
(C) use information held or
published by the issuing source or an authoritative source, as available and
consistent with sound commercial practices, to confirm the validity of personal
details and identification credential details; and
(D) enable the notary public visually to
compare for consistency the information and photograph on the identification
credential and the principal as viewed by the notary public in real time
through communication technology.
(2)
Identity proofing. The
notary public must perform an identity proofing procedure that consists of a
dynamic knowledge-based authentication assessment. The assessment is successful
if it meets the following requirements:
(A)
The principal must answer a quiz consisting of a minimum of five questions
related to the individual's personal history or identity formulated from public
or private data sources;
(B) Each
question must have a minimum of five possible answer choices;
(C) At least 80% of the questions must be
answered correctly;
(D) All
questions must be answered within two minutes;
(E) If the principal fails the first attempt,
the principal may retake the quiz one time within 24 hours;
(F) During a retake of the quiz, a minimum of
40% of the prior questions must be replaced;
(G) If the principal fails the second
attempt, the principal is not allowed to retry with the same online notary
public within twenty-four (24) hours of the second failed attempt; and
(H) The notary public must not be
able to see or record the questions or answers.
(b)
Other methods of identity
verification. A notary public has satisfactory evidence of the identity
of a principal if the notary public has personal knowledge of the identity of
the principal or if the principal is identified by oath or affirmation of a
credible witness in accordance with the following requirements:
(1) To be a credible witness, an individual
must have personal knowledge of the principal.
(2) The notary public must have personal
knowledge of the credible witness or verify the identity of the credible
witness by multi-factor authentication in accordance with subsection (a).
(3) A credible witness may be a
remotely located individual if the notary public, credible witness, and
principal can communicate by using communication technology.
