Responsible AI & Biometric Notice

1. Purpose of AI-Supported and Biometric Technologies

ASTERIA KYC may use automated or AI-supported technologies to help Customers:

• verify identity documents
• detect document tampering
• assess image quality
• compare a facial image to an identity document image
• determine whether a person appears to be physically present
• detect presentation attacks
• identify suspicious verification patterns
• generate risk indicators
• support manual review
• route cases to appropriate review queues
• reduce fraud and account abuse
• support AML and compliance workflows
• improve service reliability and operational efficiency

2. Technology Support, Not Final Human Identity Judgment

AI-supported outputs and biometric-related outputs are decision-support signals. They may indicate that a document appears valid, that a person appears live, that a face appears similar to a document image, or that certain risk indicators are present.

These outputs do not prove a person’s legal identity with absolute certainty. They do not constitute a government-issued decision, regulatory approval, legal determination, or final compliance decision.

Customers remain responsible for reviewing outputs and making final onboarding, rejection, escalation, account, transaction, and compliance decisions.

3. Types of Biometric-Related Processing

Depending on Customer configuration, ASTERIA KYC may process:

• selfie images
• facial images
• video frames
• liveness signals
• facial similarity indicators
• anti-spoofing indicators
• presentation attack signals
• image quality signals
• biometric templates or biometric-related measurements where enabled
• confidence scores
• review statuses
• fraud indicators

The exact type of processing depends on the workflow selected by the Customer.

4. Liveness Detection

Liveness detection helps determine whether an End User appears to be physically present during verification.

Liveness detection may analyze images, motion signals, capture patterns, device signals, or other technical indicators to detect spoofing attempts, replay attacks, printed photos, screen captures, masks, deepfakes, injection attacks, or other presentation attacks.

Liveness detection may produce false positives, false negatives, inconclusive results, or manual-review recommendations.

5. Facial Comparison

Facial comparison may compare a selfie or live capture image against a reference image, such as a photo on an identity document.

The result may include a similarity score, match indicator, mismatch indicator, confidence level, or manual-review flag.

Facial comparison may be affected by lighting, camera quality, document photo age, pose, expression, facial hair, glasses, headwear, medical conditions, accessibility needs, image compression, device quality, and other factors.

6. Document AI and Image Analysis

ASTERIA KYC may use automated image analysis to support document verification. This may include:

• optical character recognition
• document field extraction
• document layout analysis
• document type classification
• expiration checks
• tampering indicators
• image quality assessment
• security feature analysis where available
• consistency checks
• fraud signal detection

Document analysis outputs should be reviewed in context and may not detect every forged, altered, expired, or invalid document.

7. Risk Scoring and Automated Indicators

ASTERIA KYC may generate risk scores, fraud indicators, confidence scores, workflow statuses, or automated classifications based on available data and configured rules.

Such indicators are not legal conclusions, proof of wrongdoing, proof of compliance, or guarantees of legitimacy. They are operational signals intended to support Customer review.

8. Human Review and Escalation

Customers should implement human review where required by law, appropriate due to risk level, or necessary to avoid unfair outcomes.

Human review is especially important for:

• failed biometric checks
• failed liveness checks
• potential sanctions or PEP matches
• adverse media indicators
• high-risk scores
• document tampering indicators
• inconsistent identity data
• accessibility-related capture issues
• user complaints
• adverse decisions
• high-impact decisions

9. Fairness and Bias Considerations

AI-supported and biometric technologies may be affected by limitations in data, capture conditions, device quality, demographic variation, regional document formats, and environmental factors.

Customers should use ASTERIA KYC in a way that supports fair treatment, non-discrimination, accessibility, and appropriate review.

Customers should avoid using automated outputs as the sole basis for decisions that may significantly affect individuals unless lawful, proportionate, and subject to appropriate safeguards.

10. Accessibility Considerations

Some individuals may have difficulty completing automated identity verification due to disability, age, medical condition, device limitations, camera quality, lighting environment, language barriers, document availability, or accessibility needs.

Customers should consider alternative review channels, manual review, support procedures, and fair escalation paths for users who cannot complete automated workflows.

11. Customer Notice and Consent Obligations

Customers are responsible for providing clear notice to End Users regarding biometric-related processing and AI-supported verification workflows.

Where required by law, Customers must obtain valid consent before collecting or processing biometric-related data, facial images, liveness data, or other sensitive information.

Customers must not submit biometric-related data to ASTERIA KYC unless they have a lawful basis and appropriate user notice.

12. Data Minimization

ASTERIA KYC encourages Customers to configure workflows to collect only data reasonably necessary for the intended verification, fraud prevention, AML, or compliance purpose.

Customers should avoid collecting unnecessary documents, images, biometric-related data, or sensitive attributes.

13. Purpose Limitation

Biometric-related data and AI-supported outputs should be used only for legitimate, disclosed, and lawful purposes, such as identity verification, liveness detection, fraud prevention, AML support, security, and compliance review.

Customers must not repurpose ASTERIA KYC outputs for unrelated surveillance, profiling, discrimination, harassment, or unauthorized monitoring.

14. Security of Biometric-Related Data

Biometric-related data may be sensitive. ASTERIA KYC applies technical and organizational safeguards designed to protect such data from unauthorized access, misuse, loss, alteration, or disclosure.

Customers must also secure any biometric-related data, verification results, exports, reports, or downstream records stored in their own systems.

15. Retention of Biometric-Related Data

Retention of biometric-related data should be limited to what is necessary for the verification purpose, fraud prevention, audit, dispute resolution, legal compliance, or Customer instruction.

Customers are responsible for determining appropriate retention periods and deletion requirements under applicable law.

Further information is provided in the Data Retention Policy.

16. Model and System Limitations

AI-supported and biometric systems may be affected by:

• model limitations
• data limitations
• poor capture quality
• fraud evolution
• adversarial attacks
• deepfake techniques
• new document formats
• regional variations
• system errors
• configuration issues
• integration issues
• bias risk
• false positives
• false negatives

No AI-supported or biometric system can guarantee perfect accuracy.

17. Customer Governance

Customers should maintain governance over AI-supported and biometric workflows, including:

• lawful basis review
• privacy notice review
• consent management where required
• risk assessment
• workflow testing
• threshold calibration
• human review rules
• escalation procedures
• complaint handling
• audit trails
• staff training
• periodic performance review
• fairness and accessibility review

18. No Use for Covert Surveillance

ASTERIA KYC services must not be used for covert surveillance, unauthorized identification, unlawful tracking, or biometric monitoring of individuals without appropriate notice, legal basis, and safeguards.

19. No Sole Reliance for High-Impact Decisions

Customers should not rely solely on ASTERIA KYC automated outputs for high-impact decisions where human review is required or appropriate.

High-impact decisions may include denial of access to regulated services, account closure, asset restriction, financial service refusal, employment-related decisions, housing-related decisions, or other decisions that materially affect an individual’s rights or opportunities.

20. Continuous Improvement

ASTERIA KYC may improve AI-supported and biometric features over time to enhance accuracy, reliability, security, fraud detection, accessibility, and user experience.

Improvements may include model updates, workflow improvements, capture guidance, error handling, monitoring, and review tooling.

21. Relationship with Other Policies

This notice should be read together with the Privacy Policy, Risk Notice, Data Processing Addendum, Data Retention Policy, Security Statement, Acceptable Use Policy, and applicable Customer agreements.

22. Updates to This Notice

ASTERIA KYC may update this Responsible AI & Biometric Notice from time to time. Updated versions will be posted on the website with a revised effective date.