eIDAS: Electronic Identification, Authentication and Trust Services
Consider the traditional trust framework for interactions involving identity: manual documents, in-person checks, third-party notarizations, and multiple government-issued identification. While it served its purpose, it’s not built for the modern world of high-speed, online, mobile interactions; we need a modern identity framework that can perform electronic identification and trust services for digital transactions. Enter Electronic Identification, Authentication and Trust Services (eIDAS), the European regulation to create one identity framework for the entire European Union.
The eIDAS regulation was passed on July 23, 2014 and various implementing regulations and decisions were passed in 2015. Currently, Member States have the option to accept other Member States electronic identification (eID), however, in September 2018 they will be required to accept eID from all other EU Members.
Keep in mind, the September 2018 deadline is for Member States, therefore, it does NOT apply to the private sector. However, if the rules and infrastructure is in place, it makes it easier for the private sector to accept and implement similar processes. Although each country is required to create their own rules and notify other Member States by September, there’s no explicit timeline for the acceptance of eIDAS within the private sector.
eIDAS covers multiple elements of the trust framework. In regard to Trust Services, these are regulations that establish a legal framework for electronic signatures and certification services. They make it easier to use electronic signatures and ensure that their legal standing is uniform across the Union. While making no specific technology recommendations, there are guidelines for time stamping, electronic seals, electronic delivery and website authentication.
More pertinent to Trulioo’s mission, the Electronic Identification regulations promise to, according to the European Commission, “guarantee the unambiguous identification of a person and make it possible to get the service delivered to the person who is really entitled to it.”
Currently, different Member States have different eID schemes and there’s very little standardization or cross-border cohesion. Thus, for private companies operating in Europe, they have to deal with tough compliance regulations regarding identification on a country-by-country basis.
For example, new 4AMLD regulations call for enhanced due diligence procedures, lower KYC (Know Your Customer) thresholds and new beneficial ownership reporting requirements, all adding to the requirements for proper identification. Additional AML (Anti-Money Laundering) requirements are being debated and will end up being included in 5AMLD, will push these requirements even further.
The costs for AML/KYC compliance is significant. A Consult Hyperion report (commissioned by Mitek), estimates that a KYC costs £10 to £100 per check, and the average bank spends £47 million a year on ‘inefficient KYC processes.’ Besides the day-to-day costs, there’s the risk of fines, which are potentially enormous.
Waiting for eIDAS
“The cost of KYC checks is much too high, placing too much reliance on inefficient and error-prone manual processes,” said Steve Pannifer, author of the report and COO at Consult Hyperion. “Getting it wrong is both costly and damaging. New rules will result in much higher fines when serious failures in compliance occur. Financial institutions cannot afford to wait for eID to be widely available.”
Instead of waiting for the potential of eIDAS to propagate through the various legal stages and through to independent businesses, companies can improve their compliance procedures now.
While each country has different ID procedures, there is a best practice for each member state. Through careful analysis and consideration, these processes are combinable into one solution, which works for multiple countries, multiple situations, and is easily managed.
It’s about using a system that can take in multiple inputs, standardize the data, create custom rule-sets and allow automation of input data and analysis, while still allowing for manual oversight (if necessary).
The beauty of such a system is that it doesn’t limit itself to Europe, or any specific ID data scheme. With proper design and attention to smart data handling, an effective automated ID verification system works globally, and is adaptable to new regulations and technology.
While it is buildable of course, building such a system is not easy. You’d need all the engineers and programmers to develop the technology. You’d require all the data contracts to properly gather the necessary data to run effective checks. And, you’d need to run and manage the system on a 24-7 basis.
The alternative is to go with a trusted party that has already done those steps and has proven the reliability, scalability and accuracy to deliver ID verification to meet and exceed your specifications. Someone like Trulioo.
While regulations like eIDAS are a step-forward for a set of coherent, cross-Europe identity requirements, there’s no reason to wait to implement an effective eID system. You can start controlling compliance costs, reduce the risk of fraud and fines, improve your onboarding process and future-proof your processes for eIDAS and other regulations. With Trulioo’s GlobalGateway, a solution is here now. eID is the future; the future is now.