In a virtual landscape where remote identity verification is becoming critical, knowledge of regulatory and standards frameworks is essential. That’s where the ANSSI reference system comes in, a compass designed to identify Remote Identity Verification Providers (RIVPs ) whose online authentication and identification solutions are sources of quality and trust.
What is PVID?
It stands for“Prestataire de Vérification d’Identité à Distance“. A PVID is a company specializing in remote identity verification, some of whose solutions comply with the strict criteria set out in the repository of the same name, designed by ANSSI. To become a PVID, a service provider must obtain PVID certification for its solution, attesting to its high level of effectiveness in the fight against identity and document fraud.
Among the multitude of identity verification services on offer in France, PVID certification is a guarantee of quality, reliability and trust, awarded exclusively to service providers whose highly secure solutions have been validated and approved by the French agency in charge of information systems security.
The Namirial group has been awarded PVID certification by ANSSI for its Netheos ID MAX product!
What's at stake for companies?
By choosing an ANSSI-certified PVID, you can be sure that your identity verification process uses a service that meets the highest standards of information security. This is particularly important in sensitive areas such as finance, healthcare and government services. If this is your case, be sure to choose certified partners who can provide your organization with peace of mind thanks to proven, recognized services.
What is the PVID standard?
PVID standard: definition and challenges
This standard has been drawn up by ANSSI, the Agence Nationale de la Sécurité des Systèmes d’Information, the national authority responsible for “defining technical certification standards in order to evaluate and promote solutions dedicated to cybersecurity”.
The repository has been designed to establish a strict framework of trust for remote identity verification services. Its purpose? Ensure that the service providers offering these services respect a high level of security and reliability in their identification processes.
This framework is made up of technical and operational requirements that service providers must meet in order to be recognized by ANSSI.
Make an appointment with one of our experts to find out how Netheos solutions can help you verify the identity of your users, securely and without loss of conversion.
What was the background to the creation of the ANSSI PVID standard?
The National Agency’s development of the repository comes at a time when remote identity verification has become a common and essential practice, but not without its risks. With the multiplication of online interactions and transactions, the need for mechanisms capable ofensuring the effective protection of users’digital identities is imperative.
Created in March 2021, PVID is a“security visa” that reflects a set of pre-designed normative requirements to clearly identify reliable service providers in the field of identity verification.
The purpose of this standard is to certify that the service providers in question have adopted advanced security strategies to counter online fraud and identity theft.
These threats are all the more pronounced in the digital context, where fraud vectors are varied and sophisticated. In addition to traditional document counterfeiting, fraudsters use more sophisticated techniques such as physical masks or the creation of deepfakesdesigned to fool recognition tools. Such practices increase the risk of digital identity theft compared to in-person verification, both in terms of the quantity and quality of possible fraudulent attempts.
ANSSI’s primary objective in introducing the PVID is to distinguish the most secure solutions from the host of services on offer for remote identity verification. The growth of such services has given rise to a competitive market in which it is difficult for users to distinguish between secure and less reliable offerings. The standard then serves as a quality benchmark for the general public, businesses and public authorities.
To better respond to different needs, PVID provides two levels of security:
- Substantial level: At this level, reliability is judged to be similar to that obtained through in-person verification. Providers need to consider an attacker profile with moderate capabilities and resources to perpetrate fraud.
- High level: This level requires reliability comparable to that of an identity document issued by a competent authority. Here, service providers need to guard against attackers with a high potential level of resources and technical knowledge.
When should you use a PVID-certified service provider?
Calling on a service provider certified to the Remote Identity Verification Service Standard (PVID) established by ANSSI is relevant in several situations where identity verification plays a critical role. Here are a few examples of scenarios in which your company could benefit from partnering with such a service provider:
- Qualified electronic signature creation: When you want to offer your customers the option of signing documents electronically with a qualified electronic signature, verifying their identity is a necessary step to comply with European regulations (eIDAS). A certified PVID provider ensures that identity is verified to the highest standards.
- Opening financial accounts online: Banks and financial institutions offering online account opening must comply with strict anti-money laundering and counter-terrorist financing (LCB-FT) regulations. A certified PVID provider can guarantee that the remote identification process complies with these regulatory constraints.
- Digital customer onboarding secure PVID: If your company provides services that require a remote login process with strong authentication (e.g. e-health services, utilities, etc.), using a certified PVID provider will help you guarantee the integrity and legitimacy of registered identities.
- Identity validation for real estate or notary transactions: In transactions requiring a high level of trust and formal identification, as in the real estate or notary sector, the services of a certified PVID provider are essential to validate the parties involved.
- Authentication for public contracts: When submitting bids for public contracts, verifying the identity of bidders may be a requirement. A certified PVID service provider will help you meet compliance criteria.
Webinar
Find out more by downloading our free white paper entitled “Find out all about ANSSI PVID certification”
How to obtain PVID certification
What is PVID certification?
PVID certification is ANSSI’s official recognition that the services of a remote identity verification provider comply with the requirements of its standards. This certification is therefore a mark of quality and confidence for the providers of these critical services.
How to obtain PVID certification from ANSSI?
To obtain ANSSI certification, a service provider must follow a methodical and rigorous 9-step process:
File submission
The first step is to prepare and submit an application to the National Agency. This file must demonstrate how your practices, infrastructures and procedures meet the requirements of the standard.
File acceptance
ANSSI will assess your application to ensure that it meets all the prerequisites without reservation. If your application is accepted, you can move on to the next stage.
Definition of Evaluation Plans
In collaboration with certified auditors, you will draw up an evaluation plan detailing how and when the various components of your service will be evaluated.
Biometrics audit
A specialized audit is carried out to ensure the reliability and robustness of remote identity verification technologies such as AI facial recognition, in order to measure their resistance to identity theft attempts: deepfakes, physical masks, etc…
Security Audit
An in-depth assessment of the robustness of information systems is carried out. This can include an analysis of firewalls, cryptographic protocols and other data protection devices.
Compliance Audit
An audit is carried out to check that your organization complies with all applicable legislation and regulations, including in particular the GDPR.
Receipt of Audit Reports
Detailed audit results are sent to the Agence française. The agency will review them to ensure that the audits have been carried out correctly, and that the results confirm compliance with the requirements of the standard.
Document fraud audit
A specific document fraud audit is carried out to assess the service provider’s ability to detect falsified or counterfeit identity documents, a crucial aspect of identity verification.
Final Certification Decision
After careful examination of the audit reports and the responses to any shortcomings, ANSSI will make the final decision on certification.
If the decision is positive, and the entire audit process has been satisfactory, the service provider will officially receive certification, validating the compliance of its services with the security and reliability standards set by ANSSI. This certification is valid for 2 years.
PVID certification: 2023 status report
In December 2023, of the 10 service providers who applied to ANSSI, only 4 were certified by the agency: Namirial for its Netheos product, Docapost AR24, Ariadnext-IDnow and Ubble. It should be noted that the other 5 service providers are still in the process of certification.
Namirial is PVID certified for its Netheos product.
Eight years ago, Netheos was the first French player to analyze ID documents using machine learning (AI). 🤖
For the past 4 years, we have been working to improve the user experience of our identity verification solutions (Facematch) by iteratively integrating feedback from our customers. 👨💻
Today, after passing all the audits with flying colors, Namirial is officially a Remote Identity Verification Provider, and has been awarded the ANSSI security visa for its Netheos product. It joins the prestigious ANSSI list of PVID-certified service providers.
This certification underlines the technological choices, infrastructure and experience we have been developing for many years. It also testifies to the quality of service, security and robustness of our trust solutions, tried and tested by numerous financial institutions.
Make an appointment with one of our experts to find out how Netheos solutions can help you verify the identity of your users, securely and without loss of conversion.
Netheos ID MAX: the PVID solution from Namirial
Our most secure remote identity verification solution, Netheos ID MAX, now includes the certified path.
-
Video capture of identity document
Capture is live: the user frames his document, which he must have in his possession.
-
Checking the authenticity of identity documents
Manipulations are required to verify that the title is authentic by detecting embossing, inks and holographic visual effects.
-
Passive facial recognition
At this stage, live detection is passive and transparent for the user: no action is required.
-
Active facial recognition
To reinforce identity control, active liveliness detection is required: the user must speak 3 random digits, which appear on the screen.
-
Sent for analysis
The final verification is carried out by a human operator who, with the help of Artificial Intelligence, checks the authenticity of documents and videos. At Netheos, this service is staffed by anti-fraud experts based in France and available 24/7. We guarantee a final result in less than 5 minutes.
- eIDAS Qualified Electronic Signature (QES): complete guide
- All you need to know about Digital Identity and its European portfolio
- KYC remediation: definition and importance
- Easily increase the conversion of your digital customer onboarding
Fill in the form and we will contact you as soon as possible.
You can discover :
- How we can meet your specific needs and expectations
- A personalized demo, allowing you to appreciate the fluid experience we offer
- Customer feedback and case studies of similar companies that have integrated our solutions
- Advantages, benefits and value according to your use case