In France, the popularity of verifying identities online shows no signs of slowing. However, as always, with increased usage comes increased focus from regulators. Here, we unpack the new regulations and requirements facing Remote Identity Verification Service Providers (PVID).
In March 2022, ANSSI (The National Information Systems Security Agency) changed the requirements that must be met by Remote Identity Verification Service Providers (PVID) operating in France.
Regardless of whether identity verification takes place face-to-face or remote, the risks of fraud and, in particular, identity theft are significant. Additional risks exist when the identification process is performed remotely, as it is more complicated to check if the user is the person they are claiming to be when the user is behind a screen.
In order to minimize risk, organizations must ensure they implement a robust and reliable identity verification process to meet the needs of the users, and comply with the relevant regulations. This verification process, commonly known as KYC (Know Your Customer) is an integral part of ensuring compliance with both the AMLD (Anti-Money Laundering Directive) and CFT (Combating the Financing of Terrorism).
The PVID standard for all KYC providers in France has been based upon the ever-evolving AML/ CFT requirements..
What are the challenges of implementing the PVID standard?
The goal of the PVID standard is to create strong and secure guidelines for remote identity verification services. Banks and financial institutions are in the spotlight, but the PVID standard also has an impact on KYC service providers and security systems for the online gambling sector, as well as the telecommunications sector.
In March, ANSSI took the opportunity to extend the scope of the baseline requirements for trust services governed by eIDAS: electronic signatures for the issuance of qualified certificates providers, registered e-mail services providers and digital identity providers.
How to get certified by ANSSI?
To become certified by Annsi, the PVID baseline consists of three major steps:
What a remote verification process should include:
- The identification data procurement
- The identification data verification
- The elaboration of an evidence file
- The submission of the identity verification result
Evaluation methods for PVID:
- Certification of remote business services
- Compliance to 910/2014 European Regulation (eIDAS)
- Assessing identification methods for high levels of assurance
Requirements for service provider to fulfil:
- Risk evaluation
- The remote identity verification policy and practice
- The required data protection
- The organization and administration of the service provider
- The quality and the required level of the service
All of the above requirements have to be met in order to receive the ANSSI certification.
So, what is the role of IDnow in all this?
At IDnow, we keep abreast of all regulatory changes, so are well prepared for the arrival of the PVID baseline, so we can better support all our customers and partners. Our identity verification process includes the functionality for dynamic document capture, an electronic documents chip reading service and also a hybrid document verification and facial recognition service.
IDnow’s highly configurable identity proofing products work across multiple regulations, industries and use cases.
Whether automated or expert-assisted, online or point-of-sale, our identity-proofing methods have been optimized to meet the strictest security standards and regulatory requirements without compromising on customer conversions or the consumer experience.
France is one of the first countries to develop a guide, but European states are almost certain to follow the PVID baseline soon.
Unsure of how to choose your PVID certified remote identity verification provider? Check out our ‘How to choose your PVID certified provider’ blog.
Regulatory challenges in the fintech Industry.
Senior Head of Regulatory Affairs at IDnow
Connect with Rayissa on LinkedIn