List of vendors Age Verification requirements.

[Str8vision]

Then I see no reason to not shop at vendor stores that use Veratad but others have posted that vendors that use Veratad have been asked for SSN. I'm so confused.

I'd have no problem doing business with a vendor who uses Veratad. Bluecheck on the other hand is a completely different story.

 

[tmcase]

If I recall, they're tied into databases that already have your identifiable information. If, for some chance, it comes up with a rejection, you'd then have to provide proof that you are who you say you are.

Depends, here's the explanation from one of my tobacco sites;


How does Veratad’s Age Verification work?

Veratad’s AgeMatch Age Verification services use multiple trusted data sources containing billions of public records to return an age validation based on the personal information you submit. This service is specifically designed to validate and protect your identity while maintaining the highest level of consumer privacy when processing online transactions.

Access to the public records allows Veratad to validate the information you provide and in some cases, depending on the nature of your purchase, to present a series of multiple choice questions based on non-credit related (“out-of-wallet”) historical facts about you. These facts are obtained by instantaneously scanning billions of public records from trusted data sources containing information that would not generally be found in your wallet if lost or stolen.

Is the information I provide secure?
Veratad’s secure 256 bit encryption technology ensures the safe delivery of the information you provide online. In addition, Veratad does not store your sensitive personal information or share (or sell) any data with other third parties. This practice assures you that unauthorized parties cannot gain access to your sensitive personal information.

What happens if I cannot be verified by the Age Verification process?
A small percentage of shoppers may not be verifiable due to limited availability of publicly available information in the age verification databases. If this happens, we will attempt to contact you via phone and email to verify your age. We typically require a copy of your driver’s license or some other form of government issued ID that verifies your date of birth.

I live outside of the U.S. Can I be verified?
Our use of Veratad’s Age Verification is based solely on U.S. records and therefore verification of individuals residing outside the U.S. is unavailable, unless you are using a military address outside the U.S. Individuals in all other countries will be subject to our manual review process described in the previous section.

Thank you both. It sounds like Veratad is less invasive than Blue Check. I'd like to hear back from the people that posted that Halo, ViperVape and the others that were asked for their SSN. There may have been extenuating circumstances in their cases.

 

[retired1]

Thank you both. It sounds like Veratad is less invasive than Blue Check. I'd like to hear back from the people that posted that Halo, ViperVape and the others that were asked for their SSN. There may have been extenuating circumstances in their cases.

If the info you input doesn't match anything in the databases, it's going to ask for verification before it'll approve the order. It's no surprise at all that some are being asked for information proving their identity, especially if there's little to no "public" information about them on the Internet. It can be done.

 

[tmcase]

If the info you input doesn't match anything in the databases, it's going to ask for verification before it'll approve the order. It's no surprise at all that some are being asked for information proving their identity, especially if there's little to no "public" information about them on the Internet. It can be done.

I understand. I personally am not worried about passing since I've been around awhile and have been living in the same place for almost 2 yrs so there are plenty of public records out there so it shouldn't be a problem. It may be for others though.

 

[Bea-FL]

Veratad’s secure 256 bit encryption technology ensures the safe delivery of the information you provide online. In addition, Veratad does not store your sensitive personal information or share (or sell) any data with other third parties. This practice assures you that unauthorized parties cannot gain access to your sensitive personal information.
.

Tell that the Target customers whose 40 million credit and debit accounts were hacked a couple years ago. A friend who is a computer programmer said there is no such thing as a 100% secure site, a good hacker can find a way in.

Edit: not getting on you @Str8vision. My comment is addressed to Veratad.

 

[Burnie]

Interesting
I just went to Google, typed in my Name, City, & State, first listing at the top of the page had my address, date of birth (I'm 56), and a google map showing where my house is located. I have lived here since 1987. I will NOT jump through any hoops with ANY vender to verify my age, they can google me just as easy if they want my business. I am well stocked anyway and just buy stuff because of "Ohhh Shinny", or that looks nice or cool. FDA KMA

 

[oplholik]

I don't know much about these things but, if a hacker got in, and nothing is stored, what would they get?

 

[tmcase]

Tell that the Target customers whose 40 million credit and debit accounts were hacked a couple years ago. A friend who is a computer programmer said there is no such thing as a 100% secure site, a good hacker can find a way in.

You are correct. We have to assume that a company that has been in this kind of business for 12 yrs has a pretty secure site. Not much we can do. It wouldn't look good if they said their site was 99% secure.

 

[tmcase]

I don't know much about these things but, if a hacker got in, and nothing is stored, what would they get?

Now why didn't I think of that?

 

[Str8vision]

Tell that the Target customers whose 40 million credit and debit accounts were hacked a couple years ago. A friend who is a computer programmer said there is no such thing as a 100% secure site. A good hacker can find a way in.

I agree 100% however, Veratad doesn't store or keep your personal information so there's nothing for a hacker to take. Bluecheck on the other hand does store your personal information so there would be a risk of data loss.

Interesting
I just went to Google, typed in my Name, City, & State, first listing at the top of the page had my address, date of birth (I'm 56), and a google map showing where my house is located. I have lived here since 1987. I will NOT jump through any hoops with ANY vender to verify my age, they can google me just as easy if they want my business. I am well stocked anyway and just buy stuff because of "Ohhh Shinny", or that looks nice or cool. FDA KMA

One of the reasons I stockpiled early and heavy, it provided me with the option of not needing to purchase anything if I don't want to.

 

[crxess]

Anyone Back checking these Verification companies? I smell one more Profit Scam........(FDA induced)

I'm almost 63, wonder how much of a problem this will be for me?
well, not really.......Self Sustaining.

 

[Bea-FL]

I don't know much about these things but, if a hacker got in, and nothing is stored, what would they get?

Good point…as long as they truly dont!

 

[tmcase]

I just made a test order at Myvaporstore, which uses Veratad. I got through checkout without a hitch. Right below the "Buy" button was:

Age Verification:
We have partnered up with Veratad Technologies, a world class provider of online/real-time Identity Verification and Knowledge Based Authentication Solutions to ensure all customers meet the legal smoking age of the state in which they reside. All orders are filtered through Veratad's AgeMatch Age Verification Service.

If we are unable to verify your age, we will contact you for further verification or ship your order with adult signature required service. Adult signature shipments require an adult 21 years of age with a government issued ID to sign for the package.

I would have rather seen this info before I placed my order.

Now I'll wait and see how long it takes to receive an email asking for verification or a shipping email.

If my order goes through without requiring verification then I'm golden but I will be checking with vendors before I place my order to see what their AVP is. Inconvenient but doable.

 

[Bea-FL]

I wish we had a computer hacker or geek in our mist that could answer that question. Alls I can tell you is that same friend said is that nothing is totally deleted unless you use specific "scrubbing" software ( i think that's what it's called). I'll see if I can call him.

 

[Completely Average]

And how easy would it be for that same intrepid underage teenager to simply look through their parent's stored tax returns for the SSN? Or simply go pluck the actual card from wherever it's stored in the house? They live there. Any snooping kid worth their salt knows where these things are in the house.

I work for a company that among other things, finds people, and one of the search criteria that we have available is to search by social security number. We rarely do searches based on SS numbers because of the large number of cases of fraud. Its not at all unusual to find multiple names attached to a single SS number.


Now, that said, BlueCheck absolutely provides your data to other people. You have to read the fine print of their pdf file, but they admit to it.

https://api2.bluecheck.me/modal/data/policy.pdf

We may disclose personal information that we collect or you provide as described in this privacy policy:

•To our subsidiaries and affiliates

•To contractors, service providers and other third parties we use to support our business.

That second one is a big worry for me. Any company that gives them money is a "third party which they use to support their business", so selling your info to other companies, advertisers, etc... is acceptable within their written policy.


Veratad is also worrisome, albeit less so than BlueCheck. While they claim to get all of their information from "publicly accessible sources" and don't necessarily require user input to be verified, that doesn't mean they aren't handling and storing sensitive information about you. For example, if you own a home your property tax records are publicly available. They can use that and your IP address to verify your location, but that also means they are accessing and/or storing your IP address as well as state, county, and/or city tax information about you. That would obviously include your full legal name, your address, and the value of your home. And yes, they share this information with their subsidiaries, partners, and contractors, but not with 3rd parties or service providers.


As for hacking, I can assure you that no one is safe from being hacked. I do internet security for a living. I've worked with fortune 500 financial institutions and military contractors. I can assure you that if banks, military weapons designers, the DNC, and government websites can be hacked then there is nothing making Veratad or BlueCheck immune from such hacking attempts. Their only real security is in the lack of useful information that a foreign entity or serious hacker would get. With no credit card data, no bank account numbers, and no vital secret information there is little reason for a serious hacker to waste time on them. But if one were inclined to do so I have no doubt that they could.


Now if you really want to be scared, one of the companies I deal with daily is LexisNexis and their subsidiary Accurint. These are the people law enforcement and the government use to find information about you. The amount of personal information about you that is available through them is shocking. You give me a name and a zip code and I can find every address they've ever lived at, every phone number they've ever had including cell phones, every place they've ever worked, how much they've claimed on their taxes every year for the past 20 years, etc... And I can get all of that information about every one of their relatives as well.

Of course I would likely end up in jail for misusing their system, but the data they have is absolutely frightening.

 

[tmcase]

I wish we had a computer havker or geek in our mist that could answer that question. Alls I can tell you is that same friend said is that nothing is totally deleted unless you use specific "scrubbing" software ( i think that's what it's called). I'll see if I can call him.

Their are some things we have no control over. @retired1 is pretty computer savvy/nerd and he seems to know something about Veratad, so if they were lying about storing personal info, it surely would have been exposed in the last 12 yrs they've been in business. So if retired trusts them, that's good enough for me.

Did I score any points today retired?

 

[MMW]

I wish we had a computer hacker or geek in our mist that could answer that question. Alls I can tell you is that same friend said is that nothing is totally deleted unless you use specific "scrubbing" software ( i think that's what it's called). I'll see if I can call him.

If that's the case, which it probably is, then why worry all of a sudden? Most of it's already in the wild then.

 

[Completely Average]

I wish we had a computer hacker or geek in our mist that could answer that question. Alls I can tell you is that same friend said is that nothing is totally deleted unless you use specific "scrubbing" software ( i think that's what it's called). I'll see if I can call him.

Nothing is deleted. Even if it's deleted it's not deleted. It's just harder to access. The only way to ever truly delete data is to physically destroy the media that data was saved on, and even then it's sometimes possible to retrieve it. You can have a file on a hard drive, delete the file, then format the hard drive, fill it up with other data, then delete all of that data, run a low level format on the hard drive, and I can still retrieve that original file.

It's nothing your normal every day run of the mill hacker could achieve, but I could write a book on how the Chinese have been able to hack into systems at the CPU level and extract data without any monitoring software or system ever being able to detect them. It was only detected when the actual cpu cycles were monitored and the actual transistor workload was compared with what was expected for the operations that were being performed. It all happened "to the metal", below the software layer.

 

[tmcase]

I work for a company that among other things, finds people, and one of the search criteria that we have available is to search by social security number. We rarely do searches based on SS numbers because of the large number of cases of fraud. Its not at all unusual to find multiple names attached to a single SS number.


Now, that said, BlueCheck absolutely provides your data to other people. You have to read the fine print of their pdf file, but they admit to it.

https://api2.bluecheck.me/modal/data/policy.pdf

We may disclose personal information that we collect or you provide as described in this privacy policy:

•To our subsidiaries and affiliates

•To contractors, service providers and other third parties we use to support our business.

That second one is a big worry for me. Any company that gives them money is a "third party which they use to support their business", so selling your info to other companies, advertisers, etc... is acceptable within their written policy.


Veratad is also worrisome, albeit less so than BlueCheck. While they claim to get all of their information from "publicly accessible sources" and don't necessarily require user input to be verified, that doesn't mean they aren't handling and storing sensitive information about you. For example, if you own a home your property tax records are publicly available. They can use that and your IP address to verify your location, but that also means they are accessing and/or storing your IP address as well as state, county, and/or city tax information about you. That would obviously include your full legal name, your address, and the value of your home. And yes, they share this information with their subsidiaries, partners, and contractors, but not with 3rd parties or service providers.


As for hacking, I can assure you that no one is safe from being hacked. I do internet security for a living. I've worked with fortune 500 financial institutions and military contractors. I can assure you that if banks, military weapons designers, the DNC, and government websites can be hacked then there is nothing making Veratad or BlueCheck immune from such hacking attempts. Their only real security is in the lack of useful information that a foreign entity or serious hacker would get. With no credit card data, no bank account numbers, and no vital secret information there is little reason for a serious hacker to waste time on them. But if one were inclined to do so I have no doubt that they could.


Now if you really want to be scared, one of the companies I deal with daily is LexisNexis and their subsidiary Accurint. These are the people law enforcement and the government use to find information about you. The amount of personal information about you that is available through them is shocking. You give me a name and a zip code and I can find every address they've ever lived at, every phone number they've ever had including cell phones, every place they've ever worked, how much they've claimed on their taxes every year for the past 20 years, etc... And I can get all of that information about every one of their relatives as well.

Of course I would likely end up in jail for misusing their system, but the data they have is absolutely frightening.

Thank you for scaring the out of me. Seriously though...most everyone with a computer knows most of this but we can't just live in a cave. You have to decide what you are comfortable with and go with it. I have nothing to hide so I don't fear hackers other than CC hackers. They really piss me off but I won't give out my driver's license or SSN to every ecig vendor I do business with. That's just asking for trouble. Thank you for reminding us how vulnerable we are. It should help to make people more careful.

 

[DC2]

I just went to Google, typed in my Name, City, & State, first listing at the top of the page had my address, date of birth (I'm 56), and a google map showing where my house is located.

Yup, same here.