[EDITED]

[AZatBC]

Hello!!

Whew - took a while to get signed up and ready to post on ECF - but I'm here now and happy to answer any questions that may be floating around. I know I saw an age verification thread somewhere else, but can only respond here. That being said - I'll be as transparent and open as possible regarding our age verification system, what version 2 means and when it launches, and answer any question to the best of my ability.

Along the way, I'll lay out some of the things I've learned about this industry from interfacing with feds down to individual shop owners, to end purchasers on sites to credit card processors and industry organizations.

Our goal isn't to make life hard or a pain in the @** to order online- but to help keep your online stores compliant and away from audits.

Let me know what I can answer for you!

Alex Zeig - BlueCheck

 

[KentA]

Our goal isn't to make life hard or a pain in the @** to order online- but to help keep your online stores compliant and away from audits. Alex Zeig - BlueCheck

You profit motivated support of the FDA's regulations seem to contradict that marketing spiel.

 

[AZatBC]

Hi KentA - unpacking this a bit:

1) profit motivated - yes, we are a business. Same as the stores you order from.
2) support of the FDA regs - I won't offer a statement regarding them in general, however regarding the age verification component of the regs, I am in agreement with them that there should be some age verification necessary to prevent sales to minors.
3) marketing spiel - there is no spiel here, our honest, truthful intention is to help online vape and eliquid stores stay compliant with the new regs.

 

[nova_did_it]

Why do you ask for SS# in any form for verification? This is not a number I give out.

 

[AZatBC]

Why do you ask for SS# in any form for verification? This is not a number I give out.

Purchasers over the age of 27 have two options - either use the last 4 of SSN or upload photo ID. Most of the time, we can get a match with SSN (same databases as lexisnexus, veratad, experian, etc), however sometimes we can't and need photos anyways (recent name changes etc).

Additionally, if you use SSN, that data is never stored or saved. It's just used to ping the databases and then immediately scrubbed from any of our records, permanently.

We offer the SSN verificaiton because it's an automatic check (faster) vs the photo ID, which is a manual check that can take up to 5 min.

Those under the age of 27 will always need to verify with photo ID.

 

[tmcase]

Hey Alex, welcome to ECF.

I’m going to be up front with you. I’m a plain talker. I don’t beat around the bush, mince words or sugar coat. I say it like I see it. Now if I haven’t scared you away, I have a few questions. Some of my questions you may have already addressed while I was preparing my questions.

1) I see on your website that you say you are an ECF supporting member yet I don’t see a supporting member sticker on your post. Are you a supporting member or not?

2) I have read your terms of service and privacy policy but I hear different things from members and even from you. For example this question from Oasis Vapes:

Question: Can we, as the consumer, cross out any information on our ID we don’t want to give out such as our SSN if it’s on there or DL number?

Alex: Yep – what I need to see is the full license (to show it’s not clipped), Picture, full name, DOB, and license #.

You contradicted yourself about the driver’s license. Which is it? Can people cross out their DL # or not?

3) You said in one of your policies that you required SSN and some people have said SSN and some have said last 4 of SSN. You didn’t say anything about SSN being asked for in your answer above and the FDA regs don’t require it. Please explain.

4) Why can’t you verify with public records like some of the other services?

5) Why do you store and share people’s personal info with other parties? Please don’t say to improve your service. That’s an old tired line.

6) Are you requiring a selfie with DL for everyone or just those under age 27?

7) You are young with impressive credentials but very new to the age verification business. I don’t suppose you have any references? Why should I trust way you say.

 

[AZatBC]

hey tmcase - thanks for the welcome message! looking forward to settling in and being active here.

1) Yep - we are a supporting member. I don't know why I don't have the badge tho - let me follow up on that.

2) If you are sending in a photo of you license, feel free to cross out the dl number if you choose. We need to see name, DOB, expiration date, issuing state and picture. In a nutshell, we need to feel comfortable that the ID is legitimate and non-expired - and that the photo matches the person who sent it in.

3) If you are over the age of 27, you'll have the option to use the last 4 of your SSN instead of photo ID. We NEVER ask for the full SSN. Answer below in 4 as it relates to the FDA regs.

4) Public Record lookups usually consist of name, dob, and address. The lookup is going to validate the information provided - and perhaps match it against the billing address/shipping address. But someone who knows all that info could easily bypass it - you would be surprised at how often we block minors who have their parents wallets (credit card/ID). In fact, our records from August show that roughly 2% of all attempted orders were blocked because they were minors. As a company whose sole responsibility it is to keep stores compliant and provide airtight records in case of an audit, we found that public record lookups just weren't secure enough, which is why we require the last 4 of SSN or photo ID. Also remember, that this is only used for the first, initial verification.

5) Idk where this came from, but everyone asks about it - We do not sell customer data. Nor do we plan to. In fact, the only information kept online is name, dob, and phone/email - and this is to speed up repeat purchases. Also, here's a link to our privacy policy: https://bluecheckhelp.s3.amazonaws.com/BlueCheck_privacy_policy.pdf

6) To verify with photo ID (regardless of age), we require two photos. The first is a closeup of your ID, we need to see the picture, name, DOB, issuing state, exp. date, and picture. The second, a selfie of you holding the ID, is to show that you have possession of the ID, and that the photo matches the holder of the ID.

7) My advice would fall into the category of gather as much info as possible, and make an informed decision. That's what we did prior to entering this market, it's what we did when the regs came out in May and we had to re-build our system, and it's what informs our next steps. For us, reading and going through the regs was the single most important way to gather that information. I personally spent hours going through them, then had various law firms go through them. To that degree, here's what I've found.

1. FDA Regs, specific to online sales: minimum age (18+) and identification requirements (photo ID under 27).
2. Paper that is a bit more in-depth - requirements and penalties: FDA Guidelines .pdf - PDF Archive

My goal is to be transparent - who we are, what we are doing, and why we are doing it that way. Hopefully this helps answer some of your questions.

 

[tmcase]

3) If you are over the age of 27, you'll have the option to use the last 4 of your SSN instead of photo ID. We NEVER ask for the full SSN. Answer below in 4 as it relates to the FDA regs.

Thank you for clearing up the SSN issue. I'll change that but there's no way in hell I'll give out any part of my SSN and leave myself open to identity theft. There is no computer in the world that can't be hacked. I know you say you don't keep the SSN but how do I know that. I'm not calling you a lier, I wouldn't trust anyone that says that. I'm not sure that your AV requirements are the same as the FDA's requirements because I'm not a lawyer and am not going to read the mountain of regs regarding ecigs. It seems you're asking for more than is required so I won't be shopping at any ecig site that uses Bluecheck or any other service that asks for any part of my SSN, DL or cell #.

Oh, and I couldn't read what was underlined in the red box.

4) Public Record lookups usually consist of name, dob, and address. The lookup is going to validate the information provided - and perhaps match it against the billing address/shipping address. But someone who knows all that info could easily bypass it - you would be surprised at how often we block minors who have their parents wallets (credit card/ID). In fact, our records from August show that roughly 2% of all attempted orders were blocked because they were minors. As a company whose sole responsibility it is to keep stores compliant and provide airtight records in case of an audit, we found that public record lookups just weren't secure enough, which is why we require the last 4 of SSN or photo ID. Also remember, that this is only used for the first, initial verification.

Public record lookups seem to be working out just fine with other age verification companies for years.

We do not sell customer data. Nor do we plan to.

I didn't say SELL, I said SHARE.

From your Privacy Policy:
"Disclosure of Your Information We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may disclose personal information that we collect or you provide as described in this privacy policy: • To our subsidiaries and affiliates. • To contractors, service providers and other third parties we use to support our business. • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of BlueCheck, Inc.’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by BlueCheck, Inc., about our Website users is among the assets transferred. • To fulfill the purpose for which you provide it. • For any other purpose disclosed by us when you provide the information. • With your consent."

6) To verify with photo ID (regardless of age), we require two photos. The first is a closeup of your ID, we need to see the picture, name, DOB, issuing state, exp. date, and picture. The second, a selfie of you holding the ID, is to show that you have possession of the ID, and that the photo matches the holder of the ID.

This is absurd. You say you are trying to make it easy for us. Us? I think you are trying to make it easy on you. It's so much easier to put a customer through the humiliation of submitting to a selfie plus a closeup of their DL than it is for you to search public records.

I don't want to turn this into a war or muddy up your thread. I've said what I wanted to say and have heard your replies and I'll leave it at that unless I have to come back to address any further replies.

 

[AZatBC]

Here's what the underlined portion said in the redbox: "Therefore, any sale of covered tobacco products over the internet must comply with the minimum age and identification requirements in this rule". Minimum age = 18 Identification requirements = photo ID under 27

Public record lookups seem to be working out just fine with other age verification companies for years.

The FDA regulations, and their new requirements as it pertains to online age verification, just became active in August.

I didn't say SELL, I said SHARE.

The only companies that we share some of this info with are the e-commerce stores, when they have questions about particular users. If we weren't allowed to share with them, I'm not sure how we would get certain users verified at all. Again, we do not SELL or SHARE any information unless it's for the purpose of verification.

Have you also looked at the privacy policies for other age verification providers? Or stores that you buy from? How do their policies differ?

t's so much easier to put a customer through the humiliation of submitting to a selfie plus a closeup of their DL than it is for you to search public records.

This couldn't be further from the truth - the cost to support a real-time staff (US based) doing 24/7 manual verifications at scale is massive. By comparison, a public record search is automatic and costs around $.10 at scale. Additionally, match rates for public record lookups barely cross into the 70% range - which poses another issue - not only is your match based on very loose data (it's public after all!), but you would still have to verify that 30% via additional methods. Again, without the regs in place, this maybe would have sufficed - but now the regs require a different set of compliance standards.

I don't want to turn this into a war or muddy up your thread

There is no muddying up this thread - the sole purpose is to provide information and inform you about the what we are doing, and why we are doing it that way.

 

[r77r7r]

It'd be great to get verified once at a secure site and then have an ID to use wherever I choose to shop.

 

[tmcase]

Have you also looked at the privacy policies for other age verification providers? Or stores that you buy from? How do their policies differ?

Yes I have. Quite a few actually and some ask for the same info you do and some less. I'll go with the less...the ones that only ask for DOB.

 

[tmcase]

It'd be great to get verified once at a secure site and then have an ID to use wherever I choose to shop.

There's no such thing as a secure site.

 

[r77r7r]

There's no such thing as a secure site.

Sorry tm, I was addressing Alex...

 

[AZatBC]

Hi r77r7r - that's actually how BlueCheck currently works.

Once you're verified on any specific site, you're now verified on any site that uses BlueCheck for future purchases. Currently, our network is over 150 sites, and we've got another ~100 slated for release over the course of September.

 

[nova_did_it]

I do appreciate you taking the time to try and clear up your platform. A few of my favorite vendors do use your system for age verifying. Unfortunately, because I will not give out my SSN in any form to anyone, due to sensitivity of those number which includes even those 4 little last numbers, I cannot move forward with purchase. Now I haven't been back to these vendors since the first encounter with your system to see if there have been any improvements.

I might email them to see if they do accept other forms of ID's. But initially, they said they could not, I had to provide my SSN, which I won't. Their stance could have changed since then, as the system was only recently installed.

I find that companies that use other forms for verification of age that are less intrusive, but just as reliable to be much better suited for me.

 

[AZatBC]

But initially, they said they could not, I had to provide my SSN, which I won't.

if you email help@bluecheck.me with a photo of your ID and a photo of you holding it (selfie to show possession), along with a phone#/email address to send a confirmation code to, they will email you right away, and you'll be clear to order from any of those sites that use BlueCheck. Our turn around time for this will likely be in 5-15 min.

SSN is NEVER required - always have the option to verify with photo ID on any site that uses BlueCheck.

 

[Burnie]

<------------- This is me 6 or 7 years ago, I don't need to show my ID to anyone, and anyone that expects me to jump through hoops to purchase from them (me give them my money) is sadly mistaking. I google searched my Name, City & State, it comes up with my Street, Date of Birth, and a Map of where my house is. Nope NOT doing Bluecheck hoops to prove I am 56 years old. JMHO

 

[retired1]

1) I see on your website that you say you are an ECF supporting member yet I don’t see a supporting member sticker on your post. Are you a supporting member or not?

Non issue. As a registered supplier, they're authorized to display the Supporting badge on their site. This is different from the Member Support badge shown in user profiles.

 

[WharfRat1976]

Redacted

 

[mcol]

As a little consumer in the big world, I have gotten to the point
of being very very selective who I order from in the vaping world
as of August 8th. I will not send a selfie with my license nor
give out any part of my SSN to anyone I'm ordering from. Just an
fyi, two days ago I placed my first U.S. vaping supply order since
August 8th...in the comments section I thanked them for using
(name) which only asks for dob instead of a company that is more
intrusive...and stated that if they were more intrusive I would have
not ordered from them. That meant for me giving up a few vendors
that have been very good to me over the years, but flat out won't
budge on this. I am so easily verifiable through public records there
is not a reason in the world to give them any more information, ever.
Not trying to argue or berate anyone, but vendors need to know
why consumers may not be ordering from them, and consumers need
to know before just voluntarily giving up personal information.