Improving mobile NFC reading of passports in Dutch DTC Pilot Read blog
Using our App? Go here
Security

Secure through NFC and SaaS

Inverid handles the privacy sensitive data of your customers. Security is therefore of the utmost importance. Electronic identity documents form the basis of our security. Secure hosting, best in class certification and best-of-breed partnerships cater for the rest. 

NFC technology explained by Maarten Wegdam

Chipped identity documents are very secure

Modern passports (e-passports) and similar identity document have a contactless NFC chip. This chip is standardised as part of Doc 9303, Machine Readable Travel Documents, by the International Civil Aviation Organisation (part of the United Nations).

The information on the chip is digitally signed by the issuing country and has protection against cloning. ReadID provides the complex cryptography that is needed to verify the authenticity of and information on the chip. It provides a smart and simple way to verify the authenticity of the identity document within seconds (passive and active authentication). This way, we can detect if a chip was copied.

Trusted identity verification

Many organisations require NFC for trusted identity verification, such as the UK Home Office or the HM Land Registry. Analysts like Gartner advocate the use of NFC for trustworthiness. 

ReadID technology supports ICAO 9303 and ISO 18013 compliant identity documents. We can orchestrate with optical verification partners for non-chipped documents. This is a good alternative for data extraction, no for guaranteed document authenticity. 

Security by design

icons-readid-emrtd-nfc-chip

NFC based identity documents

The NFC chip in electronic identity documents allows for the most secure identity verification. Optical solutions are not secure enough as the documents can be manipulated and copied.

icons-readid-saas

SaaS architecture
preferred

We use a SaaS architecture, as client-based solutions are not secure enough in general. Client-only can be used on controlled devices, e.g., for face-to-face use cases

icon-face-to-face-solution-readid

Face verification based on high-res photo

The personal image in the chip cannot be manipulated and has a higher resolution than the printed face image. A much stronger basis for facial verification than optical solutions.

nfc-readid-sk-solution

“Even trained persons or good AI algorithms are not able to check identity document security features based on video.”

Kalev Pihl

CEO SK ID Solutions

Watch our interview with Kalev where he explains why SK ID Solution has chosen ReadID.

The value of certification, as discussed with Clemens Wanko (TÜV Austria)

World-unique certification package

The technology is secure, as is our company. We are the most certified in the identity verification industry: ISO27001, ISO27701 and eIDAS compliant certified under ETSI EN 319 401 and ETSI EN 319 411-1/2 standards. We are SOC2 Type 2 compliant and have Cyber Essentials. We are regularly audited and pen tested, and comply with EBA outsourcing guidelines. Inverid is based in the EU and is GDPR compliant. Our software works according to the WCAG accessibility guidelines. 

99.97%

availability of our SaaS services, as measured in the Home Office EU Settlement Scheme

Read the full story

Securely hosted

We provide ReadID technology  in two different versions: SaaS and client-only. For the SaaS version, the client-side runs on the smartphone, sending the information being read to the server side, where it is read and verified. The server side is hosted by Inverid in a public cloud: the SaaS version. Since ReadID is provided as SaaS, our customers do not have to worry about updates and security. ReadID SaaS is highly scalable.

The second version is the client-only version, where all functionality runs on the smartphone. For most customers, and especially for self-service onboarding use cases, the SaaS version is best suited since this is more resilient than the client-only version against compromised smartphones.

Client only solutions depend upon the security of the device. Smartphones can be tampered with if not under strict control of the company. Client only should not be used in remote use cases, only in controlled face-to-face situations.

readid-olga

How secure do you have to be?

Thinking of replacing your current optical solution by NFC-based identity verification? Or want to know more on how secure trusted identity verification is? Contact our specialists. 

We’ll reply within 1 day.