Skip to main content
Category

News

Newsletter September 2022

Online identification with fidentity – now even easier, safer and faster

Our vision: to enable trust in the digital world. Our way to achieve this: Making online verification simple, secure and flexible. That’s why we’ve expanded our identification solution in recent months. Our Liveness module is now even faster and more intuitive for your customers to use. We have also developed an NFC module. Interested? Learn more in our newsletter.

Liveness module in usability testing

Probably the most modern data center in Switzerland is located in a suburb of Bern. It opened in 2014 and cost 60 million francs.

Real-time face recognition, an improved progress bar for the user, a short tutorial video and immediate user feedback during the selfie process – these are just a few of the new features we have integrated into our liveness module. In a usability test, we wanted to know how the new features were received by users. And we are proud of the results: The testers gave our module a rating of 4.5 out of a total of 5 ⭐. What they liked best:

  • the ease of use
  • the intuitive user guidance
  • the design.

Convince yourself. Try our Liveness module for identity verification now.

Thanks to NFC: digital onboarding even more secure and faster

Probably the most modern data center in Switzerland is located in a suburb of Bern. It opened in 2014 and cost 60 million francs.

Many identity documents, including the Swiss passport, have an integrated NFC chip. This is as secure as the chip on a credit card and is considered counterfeit-proof by FINMA. fidentity enables this chip to be read and checked.

NFC technology is not new. But did you know that

  • most smartphones today have an NFC reader?
  • the bank transfer previously required to identify customers during onboarding is no longer necessary if verification is carried out by reading the data from the NFC chip?
  • fidentity now makes it possible to read and verify this chip?

Seamless integration of web an app

To date, only “native apps” can access the NFC reader function of smartphones. Since fidentity’s identity verification is web-based, we were looking for a technical solution that supports identification with NFC while integrating as seamlessly as possible into the web flow. Thanks to the new App-Clip technology (Instant App on Android), identification with NFC is possible without the user having to make a detour through the app stores.

See for yourself the seamless integration of the NFC module.

KPMG confirms: fidentity is proven to be FINMA-compliant

Security instructions in front of the data center: We will soon have to part with our personal belongings, exchange an official identification document for a visitor badge and pass a metal detector.

As part of a voluntary audit in accordance with the ISAE 3000 standard, KPMG confirmed that fidentity’s identification solution meets the requirements of FINMA Circular 2016/07 on “Video and Online Identification”. We also have extensive experience in other compliance issues and can meet your requirements according to the Data Protection Act, regarding outsourcing and risk management.

We are happy to help you create a user-friendly onboarding for your new customers.

Is there 100 percent security?

It recently became public: security researchers from the Chaos Computer Club (CCC) successfully hacked video-based online identification and thus gained access to a test person’s personal data. The CCC is therefore calling for this technology not to be used where there is a high potential for damage.

Behind the CCC’s attack is years of preparation. Moreover, the identity of a complete stranger was not stolen, but the identity of identical twins.

We at fidentity find the hack exciting and are convinced that it will contribute to an improvement of the procedures. Because all optical processes are vulnerable with more or less effort, fidentity continuously invests in our software and uses “friendly” hackers to uncover possible security gaps. Today, only identification with an NFC chip is considered 100 percent secure, as this is not “hackable” with today’s technology.

Get in touch with us

Would you like to know more about fidentity and how it can be used in your company? Call us now.

Or fill the form below. We will contact you.

    Interested in an online coffee with our CEO?

    Thorsten Hau, CEO and founder

    Book now

    KPMG audit confirms: fidentity still FINMA-compliant

    Press release

    • Swiss fintech company fidentity specializes in fully automated identity verification of real individuals.
    • As part of a voluntary audit, KPMG has confirmed that its online identification solution is proven to be FINMA-compliant.

    “We are pleased about the audit report, which confirms that our identification solution is FINMA-compliant,” says Thorsten Hau, CEO at fidentity. “Our customers can rely on the assessment of a recognized audit firm, which simplifies compliance with the FINMA Circular Video and Online Identification. This reduces costs for them in the digitization process.”

    "Compliance with the requirements of the FINMA circular 'Video and Online Identification' becomes easier with fidentity," says Thorsten Hau, CEO of fidentity.

    FINMA Circular 2016/07 “Video and Online Identification” regulates which technical measures and standards must be met when a new customer wants to open an account via digital channels. For example, during the identification process, the image quality of the scanned identity document must be checked, and the data entered by the user must be compared with the machine-readable zone (MRZ). In further checks, the selfie and the photo from the identity document are compared and a so-called “liveness check” is used to check whether the person is real.

    As part of the audit, which was conducted in accordance with the ISAE 3000 standard, KPMG tested requirements from eight different categories. In addition to technical criteria, the IT architecture and internal company processes were also scrutinized. “As fidentity provides services for regulated financial service providers, it is crucial that our systems work reliably and that control mechanisms are in place to identify any exceptions in good time and prevent failures,” explains Thorsten Hau, adding, “For us, it goes without saying that we have pen tests carried out on a regular basis to protect our system from unwanted cyberattacks.” Thanks to the hosting partner’s ISO 9001 and 27001 certifications, fidentity also complies with quality management and information security requirements.

    Less than 90 seconds – identity verification with fidentity

    Media contact

    Thorsten Hau; CEO & Founder
    thorsten@fidentity.ch
    079 461 99 36

    Nehmen Sie mit uns Kontakt auf

    Sie möchten mehr über fidentity und den Einsatz in Ihrem Unternehmen erfahren? Rufen Sie uns an.

    Oder füllen Sie das untenstehende Formular aus. Wir melden uns bei Ihnen.

      Sie möchten sich mit unserem CEO online treffen?

      fidentity thorsten hau

      Thorsten Hau, CEO and Gründer

      Termin buchen

      Digital Onboarding with NFC: Maximum Conversion Guaranteed

      Management Summary

      • Since June 1, 2021, the Swiss Financial Market Supervisory Authority (FINMA) permits the reading of the chip of biometric identity documents as an additional security measure for online identification.
      • This eliminates the bank transfer that was previously necessary for the customer to identify themselves.
      • With a custom-developed NFC software module, fidentity now also supports the contactless reading of biometric data for identity verification.
      • This makes digital onboarding even simpler, faster and more secure – for you and your customers.
      NFC makes digital onboarding even simpler and more secure. Find out why and what's behind the technology in our blog post.

      What is NFC technology?

      Near Field Communication (NFC) is not new. The technology has been around since the early 2000s. It is a bidirectional wireless data transfer between two electronic devices. For the data to be exchanged, the two devices must be no more than 10 centimeters apart. That’s why NFC is considered to be particularly secure, since the small distance makes it almost impossible for the data to be intercepted.

      NFC in everyday use

      Most users are not aware of that: NFC technology is already widely present in everyday life. It is used, for example, in contactless payment with smartphones or credit cards. In addition, NFC technology is also implemented where access and entry control is involved – for example, in hotels, public buildings or at the workplace. Whereas in the beginning a special device was needed to read the data, today almost every smartphone has an NFC reader.

      Contactless payment is just one of many use cases in which NFC technology is used today. For the two devices to exchange data, they must be within a distance of 10 centimeters. This is why the technology is considered particularly secure, because hardly any data can be intercepted due to the short distance.

      NFC in online identification

      Additionally, NFC is also being used for identity verification. Many ID cards, such as the Swiss passport, contain a NFC-chip that stores key personal data, and also biometric data such as a photo and fingerprints. Such e-travel documents are protected by various security mechanisms. For example, with an NFC reader non-governmental users cannot access biometric data, but can only read the data that is also visible on the document.

      With digital onboarding, the data stored on the NFC chip of ID documents can be read. If identification is carried out using an NFC chip, the previously required bank transfer by the customer is no longer necessary.

      NFC facilitates digital onboarding

      For NFC technology to be used in digital onboarding, it requires not only a smartphone equipped with an NFC reader and an identity document with an NFC chip. It also needs the appropriate legal basis. The Swiss Financial Market Supervisory Authority FINMA has created this legal basis last year with the update of Circular 2016/07. As of June 1, 2021, the reading of the chip of biometric identification documents is now permitted as a security measure for online identification. At the same time, the previously required bank transfer by the customer is no longer necessary if identification is carried out using an NFC chip.

      The legal adjustments were decisive for fidentity to be allowed to integrate the NFC reading functionality into the verification process. This gives customers to identify themselves during onboarding using an electronic passport or other identity document equipped with NFC technology.

      *Update to FINMA Circular 2016/07 of May 6, 2021

      Digital onboarding with NFC is for you and your customers…

      … even simpler: If the data for identity verification is read using an NFC chip, the bank transfer previously required from the customer during digital onboarding is no longer necessary.

      … even faster: The data is read out contactless. This makes the verification process even faster. This makes the verification process even faster.

      … even more secure: Data stored on the NFC chip is practically impossible to forge. In addition, the reading of the data is guaranteed to be error-free.

      Test our new NFC module

      The NFC software module is currently in test mode.

      For a successful test:

      • select the «ID verification» and «NFC reader» module,
      • have a CH passport ready for identification.

      Are you testing our NFC module with an iPhone? Please use the “Safari” browser in normal mode (not “private mode”).

      Would you like to know more about our NFC module? Please contact us.

      Get in touch with us

      Would you like to know more about fidentity and how it can be used in your company? Call us now.

      Or fill the form below. We will contact you.

        Interested in an online coffee with our CEO?

        Thorsten Hau, CEO and founder

        Book now

        Are digital signatures legally valid in Switzerland?

        The world used to be simple.
        Contracts were concluded with a handshake or drawn up on paper and signed by hand. Today it can happen that a billion dollar business transaction is null and void due to a formal error in the digital signature.

        The digital world is complex and we regularly do things without properly weighing the legal consequences.

        • We enter into contracts when we click a button on the Internet.
        • We use scanned signatures like originals.
        • We use digital signature services from cloud providers.

        The question therefore arises: What actually applies when things get serious – if we want to conclude an agreement that is legally enforceable? When do I enter into a contract? Who has to prove that the contract was concluded? Which legal requirements apply?

        In the following we analyze these questions in relation to the digital conclusion of contracts under private law, as they typically occur in business transactions.

        Technical implementation

        Three aspects are central to the legal enforceability of contractual agreements:

        1. Content of the contract: What was agreed?
        2. Expression of will: Were identical expressions of will made?
        3. Identity: Who are the parties to the agreement?

        Only when these three aspects are clear, i.e. when a contract has been concluded, can one discuss rights and obligations from the agreement.

        In the following we explain the technical implementation of these three aspects, as they lead to essential conclusions.

        Make the content of the contract unchangeable

        In the physical world, this is clear: we put the contract in writing, and the paper is relatively unchangeable. In the case of digital contracts, which are available in the form of a PDF file, for example, things are more complicated. PDF files can be replicated and modified.

        To render a PDF file immutable, a checksum must be calculated and inserted into the document. A change to the document always results in a changed checksum. If I have two documents with the same checksum, I can be sure that their content is absolutely identical. We need this checksum in the following step.

        Prove the expression of will

        Orally or in writing, handshake or signature. Both are possible as an expression of will, but the signature has clear advantages in terms of provability. Digitally, things get more involved . To sign, both parties take the checksum generated above and sign it. That means that they encrypt them. The encryption relies on two keys, one secret and one public. With the public key, I can check whether the encryption has been carried out with the secret key.

        This means that if I have a checksum that matches my document and the public key of the other party, I can prove that the party signed the document with their private key.

        This is technically complex, but takes place millions of times a day. The entire Internet is based on the technologies described.[1]

        The digital signing of a document now works as follows:

        • Generate document.
        • Calculate checksum.
        • Have the checksum signed by parties.
        • Insert signed checksums into the document.

        Done: I can prove that the owners of the private keys knew and signed the contract. Now we use the “signing” borrowed from cryptography, and we have a simple electronic signature.

        From a purely technical point of view, this process is absolutely “safe”. With today’s technology, it takes me an infinite amount of time to attempt fraud.[2]

        To clarify: All optical features inserted into the document such as images of signatures, logos, stamps etc. are completely irrelevant and only serve to please the user. Technically and legally, these elements are meaningless.

        Identity

        Unfortunately, a simple digital signature doesn’t prove anything. For example, I can easily deny that I had a private key. With that I have a contract with signed content. But I can’t prove who the other party is.

        This is where legal regulation comes into play. It defines how the identity of the parties is to be determined and linked to the signatures. There are three levels:

        • Simple: No guidelines whatsoever. Everything is allowed. Low assurance.
        • Advanced: The assurance that the link between the three factors can be verified must be “substantial”.
        • Qualified: « High » assurance that the link is correct. The requirements vary depending on the jurisdiction.

        Implementations available in Switzerland

        Simple signature

        Various implementations with the “simple signature” level are available on the market. Above all, Docusign is a well-known representative. Here you get a link that displays the document and enables it to be signed. The user types or draws his name and this is inserted into the document as a picture. The process described above is run in the background and a signed checksum is inserted into the document.

        If we analyze this process, we have the following components:

        • A checksum is calculated for the content of the contract.
        • The expression of will takes place as a click or by typing the name.
        • The identity is unchecked. The connection to a perso can only be made via the custom link sent by the sender to the recipient’s email.

        If we dig a little deeper, we can find out that the checksum was signed by Docusign and not by a secret key that is only known to the owner of the email address.

        In summary, with a simple Docusign signature you can only ensure that the company Docusign knew the content of the document.

        In the best case scenario, sending a link via email creates a very weak link between the person and activities on the Docusign platform. The evidential value should tend towards zero.

        Advanced signature (FES)

        Various providers enable advanced electronic signatures (FES). In Switzerland, these are subject to regulation with regard to the collection and linking of the factors (ZertES). In the context of the free assessment of evidence (Art. 157 ZPO), courts will attach increased evidential value to advanced electronic signatures. In order to achieve the required security, the providers have come up with various methods, especially for identification, in order to achieve substantial security with regard to identification. There is a small boom in enterprise-internal processes. Using the combination of company email address and security with regard to the identity of the employees, a solid procedure can be constructed that is sufficient for many business transactions.

        Swisscom offers a specialty in Switzerland with the argument that identification is required by law when handing over a SIM card and that a substantial level of security is thus achieved. A user can trigger a signature using an SMS code. The potential problem here is that the link between the contractual partner and his mobile number has to be established, which cannot always be taken for granted. It is also questionable whether it will be possible at the crucial moment to obtain evidence of the identity of the number owner.

        The advanced signature in combination with an appropriate identification method can be an adequate compromise for many contracts. Before using the advanced electronic signature, however, it should be clarified whether the corresponding contract or type of contract must be in writing (written form requirement; form required by law). For most contract types, this is not the case by law (e.g. employment contract, purchase order). Legal norms that require a handwritten signature can be found in consumer business (B2C), e.g. in tenancy law or consumer credit. Assignments of claims (assignments) and certain corporate law transactions also require the written form. In addition, formal requirements can be regulated in the contracts themselves (so-called contractual written form reservations), which is often the case with written contracts.

        With an FES, a form invalidation arises in these cases. The contract did not come about and has no legal effect.

        Qualified electronic signature (QES)

        The qualified electronic signature (QES) is the counterpart to the handwritten signature. It offers legal certainty with regard to formal requirements, because it is explicitly “on a par with a handwritten signature” [3] and meets all legal formal requirements. Anyone who signs with a QES does not have to worry that a contract has not been concluded due to a lack of formal requirements.

        Compliance with the formal requirements does not say anything about the evidential value of the document. Neither the ZPO (Swiss code of civil procedure) nor the ZertES (Swiss digital signature law) contain any special guildelines regarding the evidential value of electronic signatures. If the authenticity of the document or the signature is disputed, it can be assumed, according to the general principles of evidence assessment and teaching, that the qualified electronic signature has a higher (if not full) evidential value. The Federal Administration’s Validator Service can be used to check whether a document has a qualified electronic signature equivalent to a handwritten signature and when the document was signed (qualified time stamp).

        In order to achieve this high level of security, however, the legislator makes extensive requirements (ZertES; VZertES):

        • The checksums must be signed using certificates from providers recognized in Switzerland. [4] The certificates of numerous foreign providers (eg Adobe Sign, DocuSign) are generally not legally valid in Switzerland. [5]
        • Anyone who wants to sign with QES must also be personally identified in advance at a verified registration office and receive secure means of access with which they can release (i.e. sign) a signature in the future.

        There is an exception for identification for financial intermediaries (e.g. banks): A QES can also be issued online using video identification. Here it is legally argued that identification takes place via video chat “among those present”. However, the signature is only valid between the parties. Reusability in other business relationships is excluded.

        In typical implementations, the user goes through a video interview and approves the signature using an SMS code. In this way, contracts with great evidential value can be concluded at a distance. The disadvantage compared to the simple methods is that the identification and signature are expensive (~ 20 CHF) and that the hurdle for the user is quite substantial. It takes 10 to 15 minutes to complete the process.

        As attractive as the advantages of QES are, their widespread use is unfortunately not very common today. A negligible proportion of the population has the option of permanently using a qualified signature. The ad-hoc method via video identification is reserved for financial intermediaries and is also time-consuming and expensive.

        Summary

        In summary, the status quo is as follows:

        • Docusign and similar processes have at most a ceremonial value.
        • Qualified procedures (QES) are legally resilient, but time-consuming and expensive for users.
        • Advanced procedures (FES) are a compromise and their usefulness needs to be assessed case by case. They cannot be used for all types of contracts.

        The optimal solution, which – similar to a handwritten signature – is easy to use for all types of contract, does not yet exist. Digitization only works for a specific application, weighing costs and benefits as well as legal requirements.

        Outlook

        The central problem for the evidential value of digital signatures is the link to a natural person. The physical registration and video process are tedious and expensive, and pre-registration has only proven to be useful for a few people.

        However, there is a silver lining on the horizon. Identification methods based on artificial intelligence (KI or AI) offer “substantial” security, and in combination with manual controls even “high” security. These highly automated processes enable faster and more convenient usage of qualified electronic signatures. The regulators in Switzerland and the EU seem to see this in a similar way. There is well-founded hope that the legal security of qualified signatures can be combined with a user-friendly process in the foreseeable future.

        The development remains dynamic and we hope to see significant progress in 2022.

         

        Authors:

        Dr. Martin Eckert (Partner MME) linkedin

        Dr. Thorsten Hau (CEO fidentity) linkedin

         

        Footnotes:

        [1] The Internet protocol HTTPS, which is used when surfing the Internet uses asymetric encryption. The content is encrypted and signed using exactly the same methods.

        [2] An attack requires 10 to the power of 64 years of computing time. For comparison: the universe has only existed for 10 to the power of 10 years.

        [3] https://www.fedlex.admin.ch/eli/cc/27/317_321_377/de#art_14

        [4] The following four providers are currently recognized: Swisscom (Switzerland) AG, QuoVadis Trustlink Switzerland AG, SwissSign AG and the Federal Office for Information Technology and Telecommunications.

        [5] Only if the foreign suppliers integrate certificates from suppliers recognized in Switzerland into their products can the corresponding products possibly meet the requirements of a QES under Swiss law.

        fidentity ready for growth with successful financing round

        Press release

        fidentity simplifies automated online identification (KYC) via identification documents and a liveness check. With fidentity, AML-compliant onboarding is completely automated and always available. Banks and regulated financial service providers rely on fidentity to manage their AML risks while offering an online experience on par with any neo-bank. With the fresh capital, fidentity will expand its product leadership and invest in further growth in Switzerland and Europe.

        The financing round was completed with Spicehaus Swiss Venture Fund as lead investor and several experienced angel investors.

        «We are pleased to have reached an important milestone for fidentity with this financing round. Our goal is to make our solution even better known and to show that compliance and an excellent user experience are not mutually exclusive. With Spicehaus we have gained a partner with a lot of experience in our target market! », Says Thorsten Hau, CEO of fidentity. «fidentity combines compliance and technology in a fascinating way to create an extremely customer-friendly solution. We are very happy to support fidentity. ” adds Heidi Kunz, Investment Manager at Spicehaus Partners AG.

        Focus on growth in Switzerland and Europe

        The potential in Switzerland for modern KYC is still great and the development is very dynamic as established financial service providers continue to digitize their business processes at great speed.

        fidentity plans to expand to Europe for 2022. In a first step, the focus is on the countries bordering Switzerland. Thorsten Hau: “Our solution has proven itself a thousand times over in Switzerland and we look forward to soon being present in Europe, too.”

        About fidentity

        fidentity was founded in 2016 in Bern and has been active in the Swiss market since the beginning of 2017. The fintech company offers financial service providers a web solution for finma-compliant online identification of natural persons. Using state-of-the-art technology, which is completely developed in-house in Switzerland, fidentity resolves the tension between simplicity for the end user, regulatory security, and a flexible integration. The strong growth in the past financial year clearly shows that smooth identification is an essential component in the technology portfolio of financial service providers.

        About Spicehaus

        Spicehaus Partners AG is a Swiss venture capital investor. Behind Spicehaus are the two founders Teddy Amberg and Daniel Andres. Together they have more than 25 years of experience in institutional business (Partners Group, BNP Paribas). In addition, as entrepreneurs, they founded and helped build companies themselves. Teddy Amberg helped set up the Swiss fintech startup CreditGate24, which is now the largest Swiss peer-to-peer lending platform. Daniel Andres co-founded the trading company dakuro. So far, the two partners have invested in 20 startups and have been involved in some of the largest Swiss exits: MOVU (bought by Baloise) and Bexio (bought by Mobiliar). Spicehaus Partners AG acts as investment advisor for the Spicehaus Swiss Venture Fund. The fund invests in Swiss startups that are driving digitalization.

        App installs are blindingly expensive

        Management summary
        Users are easily lost during onboarding if they are required to invest a lot of effort into an untested value proposition. Small steps that align effort and perceived value are state of the art.
        Native app users are the most valuable customers but they are also the most expensive in terms of acquisition cost. A sound customer acquisition strategy focuses on value and cost and optimizes for life time profitability.

        Cost of app installs

        Native app users have the best metrics in terms of customer engagement and retention. But assuming that you get the lowest acquisition cost from forcing customers into your native app very early in their life cycle is the wrong conclusion.
        Your customers typically engage with you for the first time somewhere on the web. They see an advertisement or a google search leads them to your offering. From here, it is your task to convert as many visitors to paying customers as possible. The way to track this is your cost per acquired customer or simply your spending on advertising per new customer. You will learn that a new customers costs you anywhere from CHF 500 to CHF 2000 in paid advertising. With a strong brand you will pay less because you get people to look for you, which is “free” (i.e. you don’t have to pay google to be found).
        Next, you look at each step it takes a user to become your customer. Where you lose a lot of leads, you optimize.
        If you do this thoroughly, you will find out that the app stores are a black hole. You send well qualified traffic to the app download and there you lose 90% of your traffic because consumers shy away from the cognitive load of downloading and installing and then finding the app on their device. There are just too many distractions available during all the steps they have to take.
        The cost for traffic and the mediocre conversion work together to make it “blindingly expensive to drive native app installs.”
        fidentity is here to help you with the problem of losing customers during app install. With fidentity you can perform mandatory compliance steps right in the web browser, which creates a much leaner conversion funnel for the user with no distractions. Our customers have told us that conversion has doubled with a switch to our web based KYC service. Think about the math for a moment: You can literally cut your acquisition cost in half.
        And what good is it, if I have less committed leads and lose them later, after KYC? Very simple: If your onboarding journey is a journey of small steps instead of steep cliffs, you will lose fewer customers and thus your overall funnel will be more efficient. Your customer acquisition cost will go down.

        about fidentity

        fidentity provides software for compliant digital customer identification according to finma rules. The user just takes a selfie and scans their ID document. This can take place on any cell phone in the standard browser without app. Using artificial intelligence (AI), fidentity checks the authenticity of the documents and extracts all data. The identification is completed in real time and all relevant documentation is provided to the financial intermediary in real time. fidentity is audited according to the ISAE300 standard.
         
        fidentity – simple, secure, flexible

        Revision of finma circular 2016/7 with little practical relevance

        Managment summary

        finma now permits a way to perform digital identification without video or bank transfer. The chosen technology (reading an NFC chip) is technically sound but of limited practical relevance since it is limited to passports.

        Background

        finma just released a draft update of the current circular on online and video identification. In the circular, finma lays out the procedures that have to be followed to identify a natural person in compliance with the Swiss anti money laundering act. The current draft amends the aspect of the circular concerned with online identification, i.e. the identification process without a video interview. In the current circular, online identification must be combined with a bank transfer. Only then, is an online identification sufficient to open a new bank account (i.e. the person is considered to be fully identified). According to the draft, it is now possible to replace the bank transfer with the scan of an RFID chip of a compliant government issued document. 

        Analysis

        From a technical standpoint this is a very sound approach, since RFID chips on most current passports (not all) are as secure as the chip on a payment card. It is possible to verify that the chip was issued by a government and that the information on it has not been changed. This verification is cryptographically sound, i.e. there is no reasonable way to fake the chip or the data on it. On the downside, there are several practical hurdles to using this technology for onboarding purposes:

        1. Swiss ID cards don’t have a chip. Passports do, but in our experience, they are used in around 1% of the onboarding cases.
        2. To read the data from the chip, reading the machine readable zone (MRZ) of the document beforehand is necessary because the password to access the chip is encoded in the MRZ. So there is always an additional step for the user.
        3. National ID cards of other countries are less standardized than travel passports. For example, German ID cards (the „Perso“), which are as widely used as the Swiss ID cards, require an additional key to access the data which is in the visual zone of the document.
        4. Reading the chip data is only possible with a native app on the device, requiring the user to install an app.
        5. As of today, signature law has not been updated and therefore qualified signatures (required for consumer credit cases) are still not possible.

        Almost as an aside, the notes which accompany the draft contain another important clarification: Declarations of beneficial ownership do not require a hand written signature. In digital terms this means that there is no requirement for a qualified signature (which in turn would have required video ident or personal presence per current law). This is relevant in so far, as it opens up many transactions to video-free identification procedures, especially in the b2b domain, where beneficial ownership is often a crucial point to be established. 

        Outlook

        In summary, the update is of limited immediate relevance for identification and onboarding scenarios in the financial services industry. However, looking into the future, there is considerable potential in this approach:

        1. Mid- to long-term, the Swiss ID card will get an NFC chip (not yet in 2021 but probably some time before 2025) and with 10% yearly renewal rate, every Swiss citizen should have an NFC-capable document in their wallet by 2035.
        2. With a change in the digital signature legislation, allowing qualified signatures in combination NFC would make video obsolete and could make digital signatures much more usable.
        3. Moving from probabilistic to (almost) deterministic security features is a paradigm shift with substantial long term impact on the digital identification landscape.

         Links: finma information on the draft

        about fidentity

        fidentity provides software for compliant digital customer identification according to finma rules. The user just takes a selfie and scans their ID document. This can take place on any cell phone in the standard browser without app. Using artificial intelligence (AI), fidentity checks the authenticity of the documents and extracts all data. The identification is completed in real time and all relevant documentation is provided to the financial intermediary in real time.
        fidentity is audited according to the ISAE300 standard.

        fidentity – Compliant Onboarding – Fast and Convenient

         

        No installation needed

        Integrate fidentity seamlessly into your existing business process

        fidentity offers an interface to retrieve customer data instantly – as JSON file or prepared in a PDF. Furthermore the scan is analyzed by our artificial intelligence engine and the resulting metrics are immediately available

        Get in touch to learn more or try fidentity yourself

        Give feedback to your customer

        Do not let the customer lose time unnecessarily with your service – otherwise you will lose the customer

        The usability of the fidentity service is constantly being improved by UX experts. Nevertheless, it sometimes happens that the customer does not use the service according to the rules.

        fidentity notifies the customer immediately in case of obvious errors and thus protects the customer from unnecessary loss of time.

        Get in touch to learn more or try fidentity yourself