The Security difference in identity authentication methods
Identity Authentication Methods
The health emergency generated by the COVID-19 crisis created the need to facilitate administrative procedures remotely, so that the identification processes were legally equivalent to the procedures carried out in person, through the corresponding identity document. For this, the regulatory framework had to be adapted, guaranteeing the security of remote identity authentication methods, such as video identification, which allow obtaining qualified certificates, through which identification processes can be carried out with a high level of security, as well as qualified firms.
At the end of 2020, after allowing, exceptionally and provisionally, the use of video identification systems to issue qualified electronic signature and seal certificates. On May 6, 2021, the government approved Order ETD/465/2021, which regulates the remote identification methods by video for the issuance of qualified electronic certificates, now definitively.
The new order contemplates the possibility of verifying the identity of the applicant for a qualified certificate using “others nationally recognized identification methods that guarantee security equivalent, in terms of reliability, to physical presence”, defining the regulation of identification and authentication information, the technical conditions and the minimum requirements necessary to guarantee security in the identification and authentication processes.
The technological identity authentication mechanisms required in Order ETD/465/2021 for Qualified Trust Service Providers (PCSC), such as Víntegris, must meet certain security requirements. For example, being safe against identity theft attacks, possible manipulation of images, identity document data, or theft of access credentials.
In addition, these technological mechanisms must be based on recognized standards, such as those referenced by the CCN, (Spanish National Cryptologic Center), and have mechanisms for monitoring and recording authentication operations.
On the other hand, within the control mechanisms for identity authentication, we find those applied by the Financial Intelligence Unit of Spain, SEPBLAC. These apply to those persons and entities that, due to their activity, hold the status of obligated subjects and require control of the prevention of money laundering and terrorist financing.
The Article 21.1.d) of the Regulation of Law 10/2010, stipulates that obligated subjects may carry out operations through telephone, electronic or telematic means with clients who are not physically present, when the identity of the client is verified through the use of secure identification procedures, which have been previously authorized by SEPBLAC, such as the electronic certificate, the Cl@ve system, or the use of video identification systems that meet the requirements established by SEPBLAC itself in the respective Authorizations published by it in 2017.
What differences do we find between identity authentication mechanisms?
The main difference in terms of security between the identity authentication mechanisms between Order ETD/465/202 and those defined in the SEPBLAC authorization for the non-presential identification procedure, lies in the fact that the former requires the implementation of some specific technological requirements by Trusted Electronic Service Providers, while in the second, different authentication mechanisms are used without demanding specific security requirements, but merely for guidance.
However, it should be noted that both Order ETD/465/202 and SEPBLAC seek a single objective: guarantee security in the processing of personal data, and achieve user identity authentication.
Video Identification with nebulaID
Víntegris video identification solution, nebulaID, combines real-time video call with various biometric identification mechanisms and robust authentication, guaranteeing security in the processing of information according to the standards determined by the CCN (National Cryptological Center) and ETD/regulations. 465/202, eIDAS, KYC (Know Your Customer), and the Data Protection Act, GDPR.
nebulaID ensures the qualified electronic signature to avoid fraud, such as identity theft or the use of fraudulent documentation.
How is the video identification process with nebulaID?
Fast – The identification process is carried out in less than 5 minutes, obtaining a qualified digital certificate without queues, validation of the notary, or days of waiting to validate the documentation.
Simple – Just create a device with an internet connection to receive and secure OTP codes verifying your device and performs Face Matching and life tests during video chat.
Accessible – Consent to identification anytime and anywhere.
Guaranteed – Víntegris then performs a real-time verification with the National Police Database to confirm the validity and validity of the document of accreditation presented.
Insurance – The verification of the identity is carried out in a few minutes by the certified agent. The facial nebulaID scoring system guarantees a false negative score of less than 5% and false positives of less than 1/1,000,000.
Include the video identification for your qualified signature process Contact and signature remotely with your legal guarantee.