5 remote identification trends in the EU
For any fintech or finance provider, the world of remote identification for AML-KYC is like a jungle full of new, confusing paths. The issue runs deep, affecting everyone from company leaders to product managers and developers. Regulations also differ across member states, creating double standards for international competition.
Building user-friendly remote services is hard, but solutions are emerging as we speak. To illustrate this, here are five super trends that are shaping the future of remote identification today.
1. The end of do-it-yourself identification
As the EU sees it, remote identity, signature and authentication show a clear path towards the future digital EU. It would allow free movement of goods and services across member states. Even so, at the moment this area is facing many challenges. For one, we are missing clear, consistent guidelines for building those tools. Another issue is building digital trust in our society. It won't happen without clear regulations for border trust, signature validation, personal data protection, information security, and oversight.
Taking action, the EU introduced the eIDAS regulation that affects authorised trust service providers. It puts liability in their hands, making sure they go hand in hand with regulation, legislation and European standards. And that's good news for you. This system guarantees less risk, less liability, and a competitive number of offerings.
2. No more ad-hoc e-signatures
When it comes to the quality of E-signatures, many variables come into play. One of them is quality in remote identification. It also depends on the link between the identification and method of generating a signature. The final item on this list is the amount of control that the user has of their signature.
At this point, most e-signatures are either basic (no requirements at all) or advanced (specific requirements under eIDAS). But even advanced signatures have grey areas. Those include loose common standards, weak mechanisms of validation for relying parties, and poor supervisory oversight. As a result, e-signature offerings range from BankID type products to identification with email and button click to sign. And for a buyer who is just looking for a reliable advanced signature, that's a tough choice to make.
Today, the marginal cost of a qualified signature (the highest, most secure and EU compliant signature) is low. All thanks to the latest development in computing and mobile technology. It also lowers the bar of user experience, which makes for a great trade-off.
3. eIDAS Qualified Level = Compliant Customer Due Diligence
Fuzzy boundaries that surround remote identification are not only confusing, but also distracting. But there is one thing that many practitioners (especially in the EU) don't know. It's that eIDAS trust services are replacing the need for dedicated CDD legislation.
At the moment, all member states still have their own anti-money laundering legislations. Even so, harmonised money laundering directives are on the way to replace them. In fact, it was eIDAS that all member states trusted to introduce the qualified signature for remote identification. Harmonious future of KYC is already in sight! It features eIDAS qualified signatures and varying levels of national eIDs.
Seeing what's already happening all across the EU, one thing is clear: QeS is the future. It's a 2-in-1 solution:
- Compliant, cross-border method of identification that supports CDD and high security esignatures.
- Safe and reliable means for transactions and strong authentication.
4. Video will disappear in 2-3 years
Most member states in the EU don't have any technology-specific legislation. Instead, they are relying on the closest alternative to physical meetings - video conference. And without any common rules for the procedure, the debate leads to nowhere.
One such example is Germany. Their financial legislator, Bafin, has their view of what's acceptable for remote identification. On the other side of the fence stands the Bundesnetzagentur, a network/telecoms legislator with a different agenda at hand. Both legislators have the same goal, but they use different means to achieve it. Makes no sense, right?
As recent trends show, that’s about to change.
One thing's for sure: video is a conversion killer. It's intrusive, time-consuming, and simply outdated. Providers who offer synchronous video conferences face endless scheduling issues and delays. On the user's side of things, it also comes with connection problems and confusing instructions that vary from one provider to another.
It's about time for member states to build modern remote identification systems that legislators can rely on. French PVID is a great example of that. It's the first (almost) common certification scheme initiated by a member state. It sets a clear standard that service providers can rely on, creating a level playing field and setting the bar high for safety and consistency.
5. Manual vetting is the future
Turning away from video identification doesn’t mean full automation. Let's see why that won't work.
The Bundesnetzagentur published the auto-ident ordnance last year (under the “innovative methods” VDG provision). It permitted determination of physical presence and identity with machine only. The catch here is that, to meet the statistical requirements, service providers need a substantial amount of data. This is a tough requirement, meaning that very few innovators can deliver a fully automated process. Another problem is that it doesn’t process cryptographic ID documents (RFID/NFC enabled). Last but not least, it forces identification providers to store identification data (15 second live stream) "for all future". That hardly resonates with GDPR principles as we know them.
Making the ultimate decision on who receives a qualified certificate (and who doesn't) is tough. It's also risky to give the machine 100% control of those decisions. As a result, trust service providers balance security with innovation by combining the two in a user-friendly process. For us, it translates to manual vetting - an extra step at the end of the registration process. Our team confirms users’ identity by comparing the visual from the phone camera to ID and other information gathered throughout the registration process.
The manual component is also a must in PVID.
This is why using a strong trust service provider is a great choice for any aspiring financial service provider.