Introduction
The past 2020 highlighted the urgent need to digitize communication with the Public Administration. The severe bureaucratic problems experienced by millions of people to retire during confinement or to carry out any other procedure with Social Security were a clear example of the obstacles that we must solve as a country to improve the lives of citizens.
In recent weeks, we see the steps being taken by public institutions to help companies and administrations implement a digital transformation that improves people’s quality of life and legal protection in the digital sphere. First with Order ET/465/2021, which regulates remote video-identification methods for issuing qualified electronic certificates; and now with the recent publication in the BOE of the Resolution of May 25, 2021, by the Secretary of State for Social Security and Pensions. This resolution, motivated by the need to generate a more practical approach of SS services to citizens through remote assistance, enables Spaniards to carry out procedures and actions through telephone and telematic channels thanks to small video-identification systems and biometric identification systems.
The Secretary of State for Social Security and Pensions has recently enabled remote identification systems through video-identification and biometric identification systems to carry out procedures with Social Security.
What does this new regulation mean? That, for example, more than 9 million Spanish pensioners will no longer need to go to any office to provide proof of life to continue receiving their pensions. Or that the more than 3 million self-employed in our country will be able to carry out telematic transactions with the Administration whenever and wherever they need to. Or simply that citizens will be encouraged to carry out their digital transactions with the Social Security more quickly, because they do not need an electronic certificate, do not have the means to operate with the electronic ID, or do not remember their cl@ve, in addition to all the positive connotations of reducing the environmental impact that this implies by avoiding unnecessary travel.
But behind an important innovation that has such a powerful social impact, there must be technological security to match. That is why the State is and must be demanding when implementing these video-identification and biometric identification systems. The security of all these processes is at stake in the identification of people (authenticating certainty that a person is who they claim to be). At Veridas, we are strong advocates of these requirements, so we periodically evaluate our voice and face biometric technology at the National Institute of Standards and Technology, among other regulations and certifications that I will detail later.
How is remote video identification performed?
From Veridas, and by analogy to other national regulations, we design a video-identification process that at least has the equivalent security to the face-to-face (according to the eIDAS Regulation) and having the accreditation of a third party entity, such as DEKRA.
To give robust security to this process, the Government of Spain establishes the following rules for the development of video-identification and biometric authentication in the Security Guide of the National Cryptologic Center:
- Evaluation by NIST (National Institute of Standards and Technology), the independent reference institution in the field of biometrics in the United States.
- Inclusion of anti-fraud methods.
- Anti-fraud method in the document.
- Human review a posteriori
- Integrity in the process in time and device.
- Real-time identification.
- Biometric facial validation scoring.
- Communication security protocols.
We explain more about it here.
This new regulation is a significant step in the correct code of identity verification technologies, and at Veridas, we are 100% prepared to implement it.
We are aware that this regulatory change is an excellent opportunity to execute the long-awaited digital transformation in companies and institutions with the most outstanding security. But it is also a pivotal moment in which entities that develop identity verification technology, such as Veridas, must comply with state and European regulations (GDPR) to offer these solutions that have a very positive social and business impact. Therefore, since the beginning of our activity, in Veridas, we have had an absolute commitment to regulatory compliance, which began with SEPBLAC certification with DEKRA, ISO 27000 certification, ISO 30107, our participation in NIST evaluations, ENS certification, or compliance with the Security Guide of the National Cryptologic Center.