ETSI Identity Proofing Standard – How to Meet the New Regulations

Rapid digitization trends have led banks and financial institutions into competition for providing the most frictionless online services. FinTech research shows that almost 71 percent of customers opt for digital financial services rather than traditional banking. On top of that, the COVID-19 pandemic propelled the digital transformation further seven years ahead.

As the tendency towards digital solutions grows, cybercriminals get more opportunities to succeed in their illicit motives. According to the Identity Theft Resource Center (ITRC), phishing attacks have nearly doubled in the last year. Considering the 82% spike in ransomware payouts in the first half of 2021, the need for online identity verification solutions cannot be stressed enough.

The European Telecommunications Standards Institute (ETSI) was initially established to standardize telecommunication regulations in Europe. However, its scope eventually broadened over the years and now it has become a global organization. Although its main objective is the standardization of Information and Communication Technologies in Europe, it is also one of the three-member recognized as the European Standards Organization (ESO).

The Objectives of the New ETSI Standard

Apart from regulating telecommunications systems, ETSI has also issued standards for identity proofing. Following the revised eIDAS regulation, ETSI recently issued a new standard  (ETSI TS 119 461 V1.1.1, 2021-07), which covers the various types of identity verification, ranging from face-to-face verification to online authentication. 

The purpose of the new ETSI ID proofing standard is to ensure that identity verification is done with the same security level as there is in face-to-face verification. Moreover, identity verification through Video KYC is considered to be the definitive and valid method for successful compliance. With these new requirements, ETSI aims to meet the general requirements of the international community in order to ensure trust and confidence in digital transactions. 

The standard not only includes requirements from the European eIDAS regulation but also from KYC processes already being implemented by various industries. The specification in ETSI’s standard highlights security requirements and breaks down the identity verification process into five tasks for addressing each one separately.

Identity Verification with ETSI Standard

These five steps are initiation, collection of ID proof, validation of ID proof, matching with data entered by the applicant, and finally showing the result of verification. The standard enlists requirements for each of these tasks while considering all types of identity verification including Video KYC.

The identity document presented for verification can be a government-issued ID card, a digital image of the ID document, or eID (as used in authentication protocols such as digital ID wallets). The specification includes requirements for every ID type and medium. Furthermore, it highlights that NFC verification is more secure as compared to optical solutions to verify the originality of identity documents.

It’s evident from the losses due to cybercrime this year that optical verification solutions are not accurate enough to successfully authenticate identity documents. The ETSI standard indicates that a single picture of the ID document does not provide enough proof anymore. Instead, ETSI requirement VAL-8.3.3-04) suggests that a short video that can record the different details in the document must be kept by the authorities to enable better inspection and validation.

What’s in it for Banks and Businesses

It’s quite obvious that verification using a single photo ID is still a standard practice in the industry, which means ETSI requirements are yet to be fulfilled.

That being said, the ETSI standard applies to all EU member states just like the eIDAS regulation. For banks and businesses, ETSI defines “identity proofing” as the process of verifying identity with the required degree of certainty that the provided information of the applicant is correct.

As the nature of this standard directly relates to the proof of identity in banks, FinTech, and B2B services, it is applicable in processes like KYC. The specification simply rejects the idea of identity verification with a low degree of accuracy. ETSI also targets the issuing of electronic identity (eID) to ensure transparency right from the initial stages.

For banks and financial institutions that strive to provide seamless digital services to their customers, staying clear of financial crimes is the top priority. The ETSI ID proofing standard is a sigh of relief for such banks and businesses.

It is essentially the regulation that was needed after the COVID pandemic gave rise to newer types of cybercrime.

Benefits of ETSI Identity Proofing Standard

The ETSI standard comes as a complementary regulation to the eIDAS regulation that lists down the rules for Qualified Electronic Signatures (QES). Additionally, it also regulates electronic transactions to ensure that they are free of fraudulent entities. Considering the mounting requirements, companies now need to incorporate a robust identity verification solution in order to operate in a secure digital environment and provide assurance to their customers.

Standardization in digital identity verification is a positive step towards the establishment of a secure space for both companies in the financial sector and government institutions.

What Shufti Offers

ETSI TS 119 461 has provided businesses and banks with a well-structured and complete overview of the possible identity verification processes. With the new and updated regulations for protecting identities in the digital paradigm, businesses need an optimum solution that allows them to establish trust. Shufti offers a Video KYC solution that is favorable for both parties. While being easy to use and integrate with digital business platforms, Video KYC enables customers to appear in front of a KYC official and make sure their identity is safe.

Shufti is an established worldwide IDV service provider offering services in 230+ countries and territories. Our Video Interview KYC service for customer onboarding enables businesses to verify their customers seamlessly. 

Want to learn more about video KYC?