The digital revolution, accelerated by the health crisis, as well as by the latest directives on the fight against money laundering and the financing of terrorism, have developed the need for trustworthy services in the field of online identity verification. These services are becoming in the digital world what physical identity documents were.
We are living in a period of profound transformation. Every day, the digital economy is bringing about changes in many areas. For example, Fintechs have revolutionized payment and more broadly banking interactions in recent years. With the advent of the mobile era, they have made possible new uses that are easier and less restrictive for users, such as 100% digital banks, mobile payment services, money transfers, bank account aggregation, etc.
Identification has not escaped this wave of innovation, but even more so, it must offer services that meet these new remote challenges. Until now, identity verification of end customers was mainly done physically, by checking identity documents issued by government bodies. But the digitalization of the economy, reinforced by the pandemic context, has led to an explosion of new uses. Remote identification solutions are no longer simply a luxury, they have become an absolute necessity for companies to carry out their transformation. They have therefore had to radically transform themselves to meet the new expectations.
A profound evolution
At their inception, identity verification services consisted mainly of analyzing a photocopy of a document via an automatic check to ensure its authenticity. Initially manual, these services have gradually been automated by introducing new checks. Thus, the verification of an identity document based on the MRZ alone was supplemented by the verification of security features using visible light and by cross-referencing information. This made it possible to verify the integrity of the readable data on a document and its authenticity. But the use of these services was mostly a second step, after physical validation by an employee.
With the emergence of new digital uses, the identification process was brought to 100% online services. At the beginning, it was mainly adopted by the leading players, to distinguish themselves. A nice to have, not yet a must have…
The strengthening of the obligations of regulated players, such as banks, with regard to the fight against money laundering and the financing of terrorism has made this type of service compulsory in the context of entering into a remote relationship.
In addition to the verification of the identity document, the identity of the bearer has been verified on the basis of technologies for detecting the living character of the person and biometric facial recognition.
But how can we be reassured about the robustness and performance of these services compared with face-to-face contact in a branch?
A regulated market
The fight against money laundering and terrorist financing (AML/CFT) has largely contributed to the evolution of identity verification. The Fourth Directive, by obliging organizations carrying out fund transfers – financial institutions in particular – to check two documents proving a person’s identity, led to an explosion in the number of requests made to specialized companies.
The Fifth Directive has accentuated this by requiring these organizations, as one of the vigilance measures of the Financial Markets Code, to use a PVID (Remote Identity Verification Service) certification. This certification, the first of its kind in the world, was developed by the ANSSI (French National Agency for Information Systems Security) and will be granted to organizations that can demonstrate the efficiency of their services in terms of both robustness and performance. The aim is to certify services that provide a guarantee equivalent to a face-to-face meeting.
This is a step forward for this market, but it also means that new families of controls will have to be offered as part of these services. In particular, identity document checks will have to be carried out on video in order to verify security features that are not visible on a static capture (IVDs, holograms, etc.). Here again, therefore, the regulation is driving identity verification services forward in their constant improvement to combat fraudsters.
Clearly, the greater the threats posed by money laundering and terrorism, the more directives there will be to regulate money transfers and identity verification, and the more effective the associated services will have to be. This is how citizens can live in a more secure world.
Identity verification providers : the new Internet policemen?
The Sixth Directive, which came into force for Member States on the 3rd of December 2020 and must be implemented by financial institutions by the 3rd of June 2021, envisages going further in penalizing identity fraud.
Today, when false documents are traced back by KYC bodies (in the process of PVID certification) to requesting institutions, this simply results in a “block” of the service to the fraudster. Tomorrow, with this new directive, the latter could be prosecuted and face up to two years in prison. This is a particularly dissuasive measure, which will have the effect of transforming future PVID organizations into Internet “policemen”.
What next? The next few years should see a profound change: the transition from identity verification by each service provider to a “single” identity verification, the same for all service providers. A true digital identity…
By Bertrand Bouteloup, Deputy Managing Director at ARIADNEXT.