Identity verification

Identity verification with Signicat Assure

1031 views August 28, 2017 May 26, 2020 3

Digital onboarding offers challenges that face to face onboarding does not. Companies need to remotely ensure who their customer is and detect potential risks for diminishing the chance of being used for illegal activities, such as money-laundry, fraud or funding terrorism. KYC (Know Your Customer) guidelines rely on procedures such as collecting and validating identification documents and looking up/matching if those identities are present on sanctions and PEP (Politically Exposed Person) lists.

When choosing what methods to use for identity assurance, this must be done considering multiple factors such as the required level of assurance, user experience, the nationality of end-users, etc. This is typically dictated by the geographic markets that the company operates in and is often subject to local regulatory requirements.

Signicat Assure drastically simplifies the onboarding process in many industries, but especially banking and finance, which typically have complex onboarding processes.

Further reading

The following sections on this page give you a high-level introduction to Signicat Assure:

For more technical descriptions, see:

Use case example

Picture a potential customer, let’s call her Claire, who wants to open a new online bank account. The bank might want to take several different steps to ensure that it is indeed Claire who is opening this account. The following is just one of many possible workflows.

End-user perspective

  1. Claire enters the bank’s online website and selects “Become a customer”.
  2. The bank asks Claire to provide some basic information about herself, such as her full name, date of birth, and address.
  3. The bank asks Claire to identify herself with an eID method, e.g. the Dutch iDIN.
  4. The bank asks Claire to identify herself using her passport and take a selfie.
  5. The identity verification is finished and Claire can continue as a new customer of the bank.

Bank’s perspective

  1. A new user, Claire,  wants to become a customer in the bank.
  2. The bank initially collects information from Claire in a form on the website, among the information her full name, date of birth, and address.
  3. Based on the type of customer relationship, risk profile and regulatory requirements the bank decides on the necessary steps in the customer due diligence process.
  4. Now the bank calls Assure API to create a dossier, which is a container for all information needed to perform the identity verification.
  5. The bank submits relevant information about Claire as user data to Claire’s dossier in the Assure API.
  6. Since Claire is a citizen of the Netherlands, the bank uses iDIN as eID scheme. This constitutes is a strong identity verification method in the Netherlands. The bank creates an iDIN process within Assure API, which stores the results of the iDIN transaction in Claire’s dossier.
  7. Because of local regulations, iDIN in itself is not sufficient to meet the requirements. The bank, therefore, asks Claire to use her passport to further prove her identity. The bank creates a process using one of the available electronic Identity Document Verification (eIDV) methods. The result of the method returns the information from the identity document and the result of the face match and liveness detection to Claire’s dossier.
  8. The bank now has sufficient information about Claire and now must perform corroboration on the captured data. The bank uses Assure APIs corroboration functionality to compare the information stored in the user data with the data from the iDIN and eIDV processes. The bank parses the responses and based on internal business logic, the bank’s risk engine decides that it can continue the business process and make Claire a customer of the bank.
  9. The necessary identity information is used to establish an identity in the bank’s identity store and the relevant proof is extracted from the Assure API. The bank then sends a delete request to permanently delete all of Claires PII data from Signicats platform.

Want to try it out?

You can try out the concepts of Assure using the following approaches (follow links to more details below):

The Assure test server

The Assure test server allows you to test a subset of the Signicat Assure functionality. It is not a product on its own but it integrates with the Assure API. This is an easy way to get an initial impression of what Signicat Assure is.

  1. You must provide your email to access the Assure test server. Then you will receive an email with a one-time link that you can use to log in:

2. Once you are logged in, you create a dossier. A dossier is a container that is used to temporarily store information about an end-user that is going through identity verification:

3. Select the dossier you just created to add processes that you want the end-user to go through:

4. Within a dossier, you can choose the process you would like to try. It is possible to have multiple processes within one dossier:

For high-level descriptions of the different processes in this list, see Supported eIDV methods and Supported public eID methods. For more technical details, see, Assure API Integration details and Assure API reference documentation.

Swagger documentation

You can try out the Assure API directly using the Swagger documentation.

Start by supplying the authorization details provided by Signicat Operations or use the demo-service credentials available on the Demo service page.

Note: The demo service is a shared environment that anyone can access. Ensure that you DO NOT use or provide anything that contains PII data.

API integration

This is the most flexible way of testing Signicat Assure. You can use your preferred IDE, Framework, Postman, etc using credentials provided by Signicat Operations or using the demo-service credentials available on the Demo service page.

Note: The demo service is a shared environment that anyone can access. Ensure that you DO NOT use or provide anything that contains PII data.

Supported eIDV methods

The Assure API enables companies to use a wide range of identity document verification mechanisms such as NFC reading of passports, fully automated verification using AI, and manual verification performed by agents, based on the specific requirements for each individual end-user identity being verified.

Leading providers such as OnfidoElectronic IDentification and ReadID as well as Signicat Paper Verify are integrated and ready to be used in the Assure API.

Being a single point of integration across providers, the Assure API dramatically reduces integration and maintenance of the identity assurance of end-users and allows companies to strike the right balance of risk, user experience and cost.

The integration of eIDV methods can be illustrated as follows:

  1. Initial setup: You must set up the necessary resources, i.e. you must create a dossier section and then create a process inside that dossier. The dossier contains all the information about the end-user. The process allows you to retrieve the authorizationUrl. This URL is later used during the authentication of the end-user. The process also holds all the information about the authentication. When creating a process, you must specify which ID method you want to use (e.g. iDIN) and a redirect URL to where the end-user should be redirected after authentication.
  2. Upload ID images: The end-user must provide images of his/her ID. This is done either by using the third-party providers’ SDKs to capture and upload those images or by uploading the images directly to the Assure API.
  3. Request verification: After the end-user has provided the images, you can request to perform the identity verification.
  4. Get result: You will receive a notification that the authentication is completed and a status of the authentication (successful or failed login). If required, you can check more details about the result of the authentication (using Get Process).

For more information about how to do this integration, see Integration use cases.

Supported public eID methods

Assure API supports eID providers like iDIN, Norwegian BankID and NemID. These methods are OIDC based. For a full list of eID methods currently supported by Signicat, see the ID methods page.

Before you can set up the integration, you need a contract with Signicat. When you have a contract, Signicat will set up the configuration with your required ID method in your service.

When this is set up, you can start integrating the ID method, illustrated as follows:

  1. Initial setup: You must set up the necessary resources, i.e. you must create a dossier section and then create a process inside that dossier. The dossier contains all the information about the end-user. The process allows you to retrieve the authorizationUrl. This URL is later used during the authentication of the end-user. The process also holds all the information about the authentication. When creating a process, you must specify which ID method you want to use (e.g. iDIN) and a redirect URL to where the end-user should be redirected after authentication.
  2. Authentication: The end-user accesses the authorizationUrl and authenticates using the chosen ID method. When the authentication is done, the end-user is redirected to the indicated redirect URL you specified in step 1.
  3. Get result: You will receive a notification that the authentication is completed and a status of the authentication (successful or failed login). If required, you can check more details about the result of the authentication (using Get Process).

Was this helpful?