Skip to main content

Trusted online service for identity assurance

Periodic Reporting for period 2 - IDAaaS (Trusted online service for identity assurance)

Reporting period: 2018-08-01 to 2019-11-30

The financial services (FS) industry is undergoing the biggest transformation in its long history. It is rapidly becoming a digital business. European regulators want to open the market to competition enforcing, at the same time, ever-stricter legislations for online transactions, like the EU Anti-Money Laundering Directive 5 (AMLD5) and Payment Services Directive 2 (PSD2) for the prevention of identity theft and financial fraud, including tax avoidance, money laundering and terrorist financing. As a result, lack of sufficient IT personnel and volume of regulatory changes are top concerns reported by financial institutions.

Know-your-customer (KYC) is a legal obligation for online onboarding into financial services to ensure that the person (or an organization) claiming a particular identity is in fact this person (or organization). In September 2015 the EU adopted eIDAS Regulation on electronic identification and trust services for electronic transactions. Nevertheless, eIDAS provides a regulatory environment with three assurance levels (low, substantial and high) but it is up to the Member States to define both the tools needed for each assurance level and the associated financial services allowed per level. This has resulted in a fragmented landscape of electronic identity and complicated procedures: e.g. in the UK almost 40% of users abandon the on-boarding process because at some point they become frustrated enough with the online application. This is a barrier for people and companies to access national and cross-border financial services online, hindering as well the development of the FS industry in Europe as a digital single market, as stated by the European Commission.

Signicat’s innovation relies on the integration of different tools for identity assurance to help financial institutions comply with legislation, while simplifying user’s online on-boarding through one-stop-shop: the Signicat Toolbox. Financial institutions intermediate with their users through our standardized interface to dynamically meet the assurance level requested for each service, meaning that by combining the tools, the eIDAS security level of assurance increases. In the Nordic countries where Signicat is market leader, banks have reported a compliance cost reduction of up to 80.4% and an increase in completed on-boarding from 20% to 70% since our electronic identity (eID) is being used, as we allow users to reuse the information already provided to other institutions as an individual eID-Hub. We offer a high service level assuring up to 99.8% availability 24/7 to match the customers/users’ needs.

Our technology helps financial institutions to increase online onboardings up to 70% and to comply with legislation.

Signicat is the first identity assurance as a service (IDAaaS) provider to the financial industry in the Nordic countries. The overall objective of this project is to upscale, pilot and commercialise in the other EU countries our technology, opening to citizens a secure market for online banking in national and EU cross-border transactions as a single market.
IDAaaS has been tested internally as well as in customer implementations, using configurations with one or more of the following components; eID, register lookups and ID paper verification, orchestrated by the Signicat Assure engine.

There has been a number of possibilities to perform functional tests both inside and outside of the Nordic region in relation to customer and partner demonstrations. Demonstrations have been performed for the companies in the financial sector in UK, Germany, BeNeLux and US. The solution has been implemented in production for customers based in Norway and the Netherlands. Currently four customers are accessing production environment. In addition, there are a number of companies with access to pre-production for testing and implementation purposes.

The User experience (UX) is key to guiding the end user through the process of a digital on-boarding. We have improved the UX to increase the number of successful transactions, implementing functionality like auto capture of images and glare detection when capturing ID papers. The UX has been optimized to work on mobile and desktop browsers.

The goal of the Assure API is to facilitate customer onboarding by providing a single point of integration for performing id document verification, and allow doing it asynchronously both in browser and native app context. For a first acquaintance with the Assure API please refer to the documents available here: https://developer.signicat.com/apis/assure-api/assure-api-v1/.Preferred suggested readings are the Overview documentation and the Introduction to the Assure API.

The following materials and activities have been implemented:
•Web page with information about the IDAaaS solution is found here: https://www.signicat.com/IDAaaS
•We have presented IDAaaS solution at 40+ industry events
•Multiple webinars have been held. Here is a recording from one of them: https://resources.signicat.com/celent-webinar-how-not-to-onboard
•A video giving a short intro to IDAaaS: https://youtu.be/k3gI0Tjkrtw
In addition, product documentation and one-pagers have been created.

The following results were generated during the IDAaaS technology maturation:
•Final technical specifications for IDAaaS
•IDAaaS KYC requirement to the FS industry
•IDAaaS test and validation protocol
•IDAaaS functionality testing results
These results can be utilized through scientific and economic exploitation routes into concrete value in new areas (e.g. utilities, transportation, healthcare, government) where there is a strong need for electronic identity and trust services.

The following results were generated during the IDAaaS piloting and validation:
•IDAaaS prototype and demos
•IDAaaS validation results
These results can be utilized through scientific and economic exploitation routes into concrete value in new areas (e.g. utilities, transportation, healthcare, government) where there is a strong need for electronic identity and trust services.

The “Trusted digital identity” is now an EU trademark for Signicat.
While banks require consumers to visit bank branches to sign up as a customer, consumers expect that everything can be done digitally. This is true for most digital services today, but not including banks and other financial institutions. By providing a digital-only solution, this will make it simpler for consumers to sign up to new financial services. With the arrival of PSD2 (Payment Service Directive 2 – EU Directive 2015/2366), which came into effect in 2018, it is expected that a lot of new players will enter the market, and the need for smooth on-boarding is a requirement for these to succeed.

With the arrival of eIDAS (EU regulation 2014/910), there will be more focus on assurance levels, as eIDAS defines Low, Substantial and High. It is up to the organization to decide which level is required for a customer, based on a combination of risk and regulation. It is possible to do an initial onboarding using assurance level low, and then step this up to a higher assurance level at a later stage, when the risk increases, or regulations demand it. The core of the IDAaaS is that the bank (or any other organization) can onboard new customers with the required assurance levels. The goal is to provide the eIDAS levels of assurance in each of the European countries, to make it simpler and harmonized.
Signicat Logo