The Official State Gazette (BOE) publishes today, May 14, 2021, the Order ETD/465/2021, of May 6, which regulates the methods of remote video identification for the issuance of qualified electronic certificates.
Veridas, reinforcing its commitment to the correct regulation of digital identity verification systems, has been an active and collaborating party in the process of drafting the Order. Its publication within the Spanish legal system represents a competitive advantage in the activity of trustworthy electronic service providers.
Remote video identification consists of a process in which the user scans their identity document through their mobile device or computer, followed by a photo of their face for biometric comparison and proof of life to avoid possible fraud attempts. This process is carried out in just one minute and allows all the process evidence to be collected for subsequent review by an agent.
The authorized remote video identification process includes, among other measures, the requirement to verify the authenticity and validity of the identity document, as well as its correspondence with the certificate applicant, through technologies such as facial recognition, and to verify that an applicant is a living person who is not being impersonated. This process requires the subsequent review of the captured evidence (identity document, facial image, and video) by an agent.
The Veridas solution allows these issues to be analyzed with all the guarantees of security and accuracy and provides providers with a back-office tool where operators can view and validate all the evidence collected in the identification process, thus recording their approval or denial decision.
In addition, as part of the training requirements for operators of qualified trust service providers, Veridas will offer its customers an annual training plan for the personnel in charge of identity verifications of applicants.
Among the requirements for implementing a remote video identification process, it is required to use a product that meets the minimum security requirements indicated in Annex F11 of the National Cryptologic Center (CCN-STIC-140) high category ICT Security Guide. Veridas’ product complies with all the requirements established in the aforementioned standard.
In the coming weeks, Veridas will have available and accessible to all its customers a certificate issued by Dekra Testing and Certification as a laboratory and conformity assessment body, which allows accrediting compliance with all the requirements of Annex F11 of the CCN-STIC-140 guide.
Thus, under the Single Transitional Provision, trusted service providers would be able to start implementing the non-presential identification procedures, guaranteeing that Veridas complies with all the requirements.
This Order and Annex F11 of the CCN-STIC-140 ICT Security Guide are now the most detailed regulation within the national legal system of non-presential identification processes. Still, they are not the first rules in this area.
In 2016, the Executive Service of the Commission for the Prevention of Money Laundering and Monetary Offenses (SEPBLAC) issued its first authorization for the non-face-to-face identification of customers required by Law 10/2010, of April 28, on the prevention of money laundering and terrorist financing, renewing this commitment to the use of new technologies for digital identity verification in 2017. Veridas technology has been helping companies in the financial and telecommunications sector for years to comply with this requirement, in Spain and other countries such as Mexico or Austria, performing millions of validations worldwide.