Safe identity verification for remote employee onboarding
Identity verification at employee onboarding
By law, the employer needs to verify a new employee’s identity and retain certain personal data, such as a copy of the employee’s ID document. This ID document copy is typically captured during the verification process that takes place when onboarding the employee. Often the original ID document is copied using a copying machine. The printed or electronic copy then needs to be manually added to the employee’s file.
In the current corona situation, parts of this process (and in some cases even the entire process) are executed remotely. When you do your hiring and onboarding remotely, copies of ID documents are often sent by post or e-mail to a central HR administration desk for filing.
The risks of sending around ID document copies
The sending of copies of ID documents poses a risk. ID document copies may (unknowingly) stay behind on mobile phones, in mailboxes, or backed up to a cloud location. It is very difficult to automatically manage this process.
And there is an audit perspective as well: You may want to prove afterward that someone’s identity was verified, at a certain date and time, and specifying the name of the HR employee involved. This is impossible with a manual process.
How does the CheckedID process work?
Send an invite
The CheckedID API can be linked to a corporate HR system that supports employee onboarding. In the onboarding process, an identity verification (IDV) invite can be requested via the API. The invite is then shown as a link or a QR-code. The HR employee can send that link or QR-code via an e-mail to the candidate, together with instructions and the request to execute the IDV process.
Install the app
The candidate needs to download and install the free CheckedID app from the AppStore/Playstore. This native app is required for 2 reasons:
- First of all, it enables a closed process (just like a banking app), ensuring that no personal data at any point in the process can be accessed or tampered with.
- Secondly, the optical and electronic capturing (reading the ID document chip data via NFC) requires access to hardware components in the smartphone, that can only be achieved by a native app.
By clicking the received link or scanning the QR-code, the app automatically starts with the correct employer branding and settings. The candidate is then guided by the app to execute the IDV process. This includes optical capturing of the ID document, reading the ID document chip (if available) and making a selfie to ensure that the holder of the ID document is truly the owner of the document (see image). The selfie includes a liveness check to ensure the photo is taken from a living person.
After finishing these steps in the app, the data is sent via SSL protected connections to the secure CheckedID back-end for processing. The CheckedID servers are running on Azure, restricted to the European Union.
Processing includes ID document validation and (optional) verification of the rightful owner through biometric facial comparison. The ID document type, version and country are automatically detected based on the captured image. The app can automatically match any ID document in over 200 countries.
The result of each separate verification is recorded in a verification report which proves that the identification has taken place. This report can per customer be adapted, for instance by omitting certain personal data (e.g. personal number or a photo of the document and/or the candidate). The report is typically available within 10 to 15 seconds in a (secured) PDF format.
A safe and GDPR-proof customer portal
The CheckedID customer portal is a secure management environment that only authorized employees have access to. Administrator employees can, among other things, view transactions, add CheckedID users, reset passwords, manage invitations and request reports. Non-admin employees can manage their own invitations and request reports.
90%+ of CheckedID transactions are executed fully automatically within 10 to 15 seconds. In case CheckedID determines the result to be incorrect, the system automatically resends the data to a CheckedID employee for manual review. Depending on the time of day, this may take between 2 and 4 minutes. During very busy times, or if outside of CheckedID’s support timeframe (see the SLA), this may take longer.
From a GDPR perspective, our customers are the controllers of personal data and JanusID and our partners act as a processor or sub-processors. JanusID stores personal data for a default period of 7 days to process and to be able to respond to inquiries. On customer request, this period can be extended to a maximum of 28 days.
Test the CheckedID API for free
Do you have any questions about the CheckedID API? Feel free to contact the KPN API Store team.
If you want to find out how easy it is to execute the identity verification steps in the CheckedID app, they would be happy to set up a demo account for you.