Fast, simple and convenient. This is today’s mantra for most of the digital services and solutions. To use them, you may need to get an electronic identity (eID). In one of our previous posts on this topic, we have briefly mentioned that identification is the first, crucial step in acquiring an eID. In this article, you will get a better understanding of identity verification so that this process would not take you by surprise.
Why is identity verification so important?
Your electronic identity (eID) is your ID card, pass or passport (call it as you like) in the digital world. It is embedded in what we call a “certificate” which is directly linked to your identity in the real world. It enables you to prove who you are in order to carry out specific digital operations which require identity proofing, such as bank transactions, tax declarations or electronic signing.
Moreover, service providers need a satisfactory level of assurance regarding the identity of who is accessing their services. This is most of the times required by law, but it is also a way of reducing and preventing identity thefts or frauds in online. Speaking of service providers, in this context, they can be anything from banks, hospitals to a national agencies or institutions.
Depending on the level of assurance of the identification process, these service providers may decide to give or, on the contrary, restrict your access to some of their services. So, in a nutshell, the more thorough the process, the better chances you will have to enjoy a wider range of services.
What should you expect during this process?
The identification processes may differ from provider to provider, but most of the times, they require you to share:
- some personal identity attributes, the most common ones being full name, birth date, address
- proof of your identity, by showing or sending paper ID documents.
The eID provider must then verify your identity and your documents. This could happen through:
A. Face-to-face identification: the most common type of identification, but not a very convenient or time-saving one. It requires you to be physically present at a specific moment in time in a certain place so that a desk clerk can check your ID.
B. Video identification: a newer digital alternative so that you can prove your identity remotely. This happens in a video session with a specially trained person directly from your smartphone.
C. Selfie identification: for some providers it is enough to take a selfie and send it to be cross-checked with your paper ID photos in order to obtain an electronic identity.
How sure is this identity verification process?
The degree of assurance and trustworthiness of the process largely depends on the identification means, technological standards and security measures implemented by the eID provider. Therefore, you may have different experiences depending on each provider’s policy or business model.
For your reference, any eID scheme which wants to be compliant with European legislation must follow and implement a set of minimum technical specifications and procedures regarding the electronic identification as defined in eIDAS*. This regulation also establishes three assurance levels for identity proofing and verification processes that are summed up in the table below.
How to assess your eID provider?
We are sure that you just want to get your eID and start using it, but depending on the identity verification process, you may or may not perform the online transactions you want. The process can also reveal a great deal about how well your eID is protected, the type of services you may access (or not) or the reliability of the provider itself.
Below, we have compiled a series of questions that may help you assess the electronic identification process and even your eID provider, to make sure your eID is reliable and secure:
- What type of transactions and operations will you use your eID for?
- How rigorous is the identification process?
- Is the identification level of assurance suited for the type of transactions you want to perform?
- Is it compliant with local/European regulators and regulations?
LuxTrust is an eIDAS Qualified Trust Service Provider (QTSP) published in EU Trusted List and a Certification Authority. Since it was founded 15 years ago, LuxTrust has built and maintained a nation-wide electronic identity scheme, providing electronic identity (eID) and trust services to 99% of Luxembourg’s population and supporting 95% of all retail banks operating in Luxembourg. You can learn more about us here.
*eIDAS or Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market