In France, the popularity of online identity verification shows no signs of slowing. However, with increased usage comes increased focus from regulators. Here, we unpack the new regulations and requirements facing remote identity verification services.
In March 2021, ANSSI (The National Information Systems Security Agency) changed the requirements that must be met by remote identity verification service providers operating in France, launching its prestataire de verification d’identité à distance or Remote Identity Verification Providers (PVID) standard
Regardless of whether identity verification takes place face-to-face or remote, the risks of fraud and, in particular, identity theft are significant. Additional risks exist when the identification process is performed remotely, as it is more complicated to check if the user is the person they are claiming to be when the user is behind a screen.
In order to minimize risk, organizations must ensure they implement a robust and reliable identity verification process to meet the needs of the users, and comply with the relevant regulations. This verification process, commonly known as KYC (Know Your Customer) is an integral part of ensuring compliance with both the AMLD (Anti-Money Laundering Directive) and CFT (Combating the Financing of Terrorism).
The PVID standard for all KYC providers in France is based upon the ever-evolving AML/ CFT requirements.
(We are now PVID-certified! Read more about our PVID-standard identity verification services in our recent press release.)
What are the challenges of implementing the PVID standard?
The goal of the PVID standard is to create strong and secure guidelines for remote identity verification services. Banks and financial institutions are in the spotlight, but the PVID standard also has an impact on KYC service providers and security systems for the online gambling sector, as well as the telecommunications sector.
In March, ANSSI took the opportunity to extend the scope of the baseline requirements for trust services governed by eIDAS: electronic signatures for the issuance of qualified certificates providers, registered e-mail services providers and digital identity providers.
How to get certified by ANSSI?
To become certified by Anssi, the PVID baseline consists of three major steps:
What a remote verification process should include:
- The identification data procurement
- The identification data verification
- The elaboration of an evidence file
- The submission of the identity verification result
Evaluation methods for PVID:
- Certification of remote business services
- Compliance to 910/2014 European Regulation (eIDAS)
- Assessing identification methods for high levels of assurance
Requirements for service provider to fulfil:
- Risk evaluation
- The remote identity verification policy and practice
- The required data protection
- The organization and administration of the service provider
- The quality and the required level of the service
All of the above requirements have to be met in order to receive the ANSSI certification.
So, what is the role of IDnow in all this?
Ensuring you meet the myriad of different requirements across regions, countries and jurisdictions can take significant time and effort, and stifle and inhibit growth and innovation. However, not offering a PVID-standard identity verification service can also result in substantial fines, penalties, and reputational damage.
At IDnow, we keep abreast of all regulatory changes, so we can better support our customers and partners. to navigate the complex regulatory landscape. Adding to our expansive regulatory certification and expertise across Europe, our latest PVID certification for VideoIdent and IDCheck.io demonstrates once again the integrity, security and strength of our remote identity proofing services – a certified service that you can trust anytime, anywhere.
IDnow’s highly configurable identity proofing products work across multiple regulations, industries and use cases.
Whether automated or expert-assisted, online or point-of-sale, our identity-proofing methods have been optimized to meet the strictest security standards and regulatory requirements without compromising on customer conversions or the consumer experience.
France is one of the first countries to develop a guide, but European states are almost certain to follow the PVID baseline soon.
Unsure of how to choose your PVID certified remote identity verification provider? Check out our ‘How to choose your PVID certified provider’ blog.
Regulatory challenges in the fintech Industry.
By
Rayissa Armata
Senior Head of Regulatory Affairs at IDnow
Connect with Rayissa on LinkedIn