Ensuring safe ID management is essential for data protection compliance and online business transactions. VERIMI, together with Fraunhofer AISEC and COREengineering, is publishing a white paper which is transparently outlining their security set-up and contributing to the public discourse of security and data protection.
VERIMI is gradually launching its ID and data platform
Blog Posts10th April 2018
Technology, Banking, Platforms
The new identity and data platform VERIMI has been successfully launched as part of a phased approach in Germany. The first partners supporting the single sign-on service via the green VERIMI Button are Deutsche Bank and Bundesdruckerei. Apart from the simplified login, one of the main features currently offered by VERIMI is the video ident process, which offers its customers the opportunity to legitimate and store their ID Card or Passport via the platform for future use. In addition, functionalities such as the qualified electronic signature, payment services and the management of personal documents will offer the user the possibility to identify and authenticate via governmental services. VERIMI is designed as a central and cross-industry platform, allowing the user to transfer already existing partner data into the profile as well as to use VERIMI to register a partner’s account. Most importantly, the user remains in control of the data at any given point in time, by allowing the user to decide, which data can be shared with partner service providers.
The security of identity data increasingly exposed by leaving traces while using applications or internet-based services. Even though this is part of the business relationship between users and providers in theory, the storage of sensitive identity data is surrounded by high uncertainty. The provided customer data builds the digital identity, which is being used by service providers to collect and analyse information and thus, create customized offerings and advertising. As a matter of fact, service providers are not inclined to guarantee the highest data security level, because data collection and usage is the key determent in its business models itself. In order to maintain data security, the overarching technology-architecture paradigm becomes a crucial part, including evaluation of Perimeter Networks and Zero Trusted Networks. Hence, the pros and cons of the perimeter security approach and Zero Trusted Network Architecture are being evaluated. Having the paradigmatic requirements changes on one side, regulatory authorities are needed to strengthen customer data by introducing legislative initiatives such as the IT Security Act, the European Payment Services Directive II (PSD) and the General Data Protection Regulation (GDPR). As the sovereignty of the individual digital identity is becoming crucial to its users, stakeholders must find new guidelines to adapt their security architectures.