Up to now, identifying oneself to a company has felt rather like running the gauntlet. It was a long-accepted fact that a customer wishing to unlock a prepaid SIM card or open an online bank account, for example, would have to present themselves at the post office branch to confirm their identity based on a comparison with their photo ID. More recently, technology has streamlined the procedure. These days, the VideoIdent process usually performs the check via an online video chat, thus sparing the user a trip to the branch. However, the arrival of the AutoIdent process means there is now another method in the starting blocks that will further simplify identity verification and make it even more secure. Read on to learn how the processes differ from one another, and how AutoIdent works.
For many sectors of the economy, there is no getting away from the need to identify customers beyond doubt, a process also known as authentication or ID verification. Banks and other financial institutions must demonstrate in this way that their accounts are not being misused for tax evasion and money laundering. Likewise, it is important that they do not enter into business relations with persons who are on international sanction lists. Equally strict requirements also apply to the mobile communications sector: since 2017, prepaid SIM cards can only be unlocked for persons whose identity can be clearly authenticated. Here too, legislators were motivated by fears that terrorists and criminals could otherwise communicate entirely anonymously and evade the security authorities.
Not a 24-hour service: the challenge of VideoIdent
It is clear that these security measures are designed to protect society, which must take priority over the convenience considerations of individual citizens. Although the VideoIdent process represented a major leap in convenience compared with having to visit the post office branch, the process is not without its quirks, mostly in terms of availability. Customers using VideoIdent are tied to business hours just as they are with retail stores. Very few companies are willing and able to pay for a 24-hour service which will ultimately lead to a sharp increase in payroll costs. This means that a new customer of an online bank who tries to initiate the authentication process in the evening at home may find themselves outside a locked virtual door because they are calling outside business hours. Given the mantra of 24/7 availability on which online service providers and retailers normally base their core business, an opening scenario of this type will be hard to swallow.
AutoIdent offers fully automated processes – with even greater security and round the clock
So, what can AutoIdent do better? And more importantly, how? First and foremost, the entire process does away with human operators: the customer needs just two things that are normally within easy reach anyway, that is, an identity document and a smartphone. AutoIdent is designed to automate all security checks that would otherwise be carried out by a call centre employee. This usually operates as follows:
- Customers wishing to carry out an identity check will be directed to a mobile-only website. If they access the URL from a laptop or another stationary computer, they will be instructed to use a smartphone or tablet instead and will then receive a matching QR code. Why? The validity check also uses location data and other factors that are readily detectable using the sensors on a mobile device. The entire process can be handled using identity-verification-as-a-service solutions that companies can embed seamlessly into their existing website infrastructure.
- To comply with the GDPR, the customer must consent to the collection of data required for the provision of the service.
- They then indicate which document they wish to use for authentication, for example, an identity card or passport. They can then use the camera on the mobile device to record all relevant pages of the document – while being guided each step of the way by screen masks and text overlays.
- After that, the biometric data of the face is checked: The users record themselves using the camera on the device and follow the additional instructions, for instance, to turn or lean their head slightly to one side. On the one hand, the biometric factors that can be calculated from the camera image are then compared in this way with those of the photo ID. On the other hand, this ‘liveness check’ can effectively detect any attempt at deception (for instance, if only a photo or video of the ID card holder were to be used).
- Once all the data has been recorded and the check successfully completed, the user is authorised to use their requested services and can access them immediately.
Backlighting is the final foe
Where there is light, there are shadows. In the case of AutoIdent, this is particularly true if there is too much light. Just as with VideoIdent, users must avoid sitting in the backlight so that they are clearly visible for identification purposes. The same applies if the lighting is too dim or if the general video quality of the camera used is poor. In these cases, the AutoIdent software will point out the source of the error and ask the user to rectify it. The remote identification is only terminated if the cause cannot be promptly resolved – a situation only likely to occur very rarely. Generally speaking, AutoIdent ensures that the user experience always remains in the positive zone even with regard to the sometimes problematic topic of identity proofing.