Verifying identities – current status with a focus on insurance companies

My post entitled ‘Who am I? The changes occurring in the identity verification process’ provided an overview of the current state of identity verification in the context of digital services from insurance providers. It has been nearly three and a half years, so it is worth taking another look at this topic and explore the current developments. For this reason, I want to present to you here how the topic has developed in my eyes.

Here is a little recap: why is identity verification necessary and what procedures are there?

Identity verification is necessary for insurance providers in different processes and with different requirements regarding the level of security. Legal and security framework conditions stipulate that some form of identification or verification is necessary for every digital interaction between insurance providers and policyholders. The requirement can range from mere knowledge of the policy number to identification in accordance with the German Money Laundering Act (Geldwäschegesetz, GWG). In this post, I focus on the use cases where a match between the identity of the natural person and the data in the insurance provider’s database system is necessary. There are further nuances here, too.

The basis for most procedures is either the residence of the specific person or an identity document – in Germany usually a national identity card or passport.

Procedures are divided into asynchronous procedures (such as identification by an authorised third party, PostIdent or identification via PIN sent by post) and synchronous procedures (such as VideoIdent, SelfieIdent and eID).

New procedures for verifying a person’s identity with market relevance in the retail business have not been added in recent years, so I will spare myself describing the procedures in detail again here. However, the known procedures have been further developed and how much they are used has changed.

How is it being used differently now?

Identification by authorised third parties – often representatives if we are talking about insurance services – and PostIdent continue to be important procedures when it comes to concluding insurance policies. If the requirements for the level of security are not quite as high, for example, when registering for online services, the method of choice is often the identification via PIN sent by post, which is less time-consuming for policyholders – essentially a verification of the address – instead of PostIdent.

These asynchronous procedures continue to have great relevance; however, a stronger trend towards synchronous identity verification procedures can also be observed. The traditional VideoIdent, that is, a video chat with an agent who carries out the identification by verifying the security features of the ID document, is still the most important procedure when it comes to verifying a person’s identity for operations that are relevant to the Money Laundering Act.

However, SelfieIdent, in particular, which had just arrived in the insurance industry at the time of my last post, has seen strong growth for less critical use cases. In particular, the large providers NECT, IDNow and WebID Solutions have achieved strong penetration here in the insurance market in Germany. As a reminder: here, too, identification is based on the security features of the ID document and comparison with the facial features of the person to be identified on the basis of ‘selfie’ videos, in an automated manner – completely without the involvement of another person.

However, both procedures have recently also had to contend with a certain amount of image damage, owing to a report published by the Chaos Computer Club that proved how these procedures can be tricked. This led to gematik GmbH withdrawing approval for the electronic personal file procedure and some insurance providers also temporarily deactivating these procedures in all use cases.

Overall, however, there does not seem to have been a permanent shift away from these video-based procedures so far; even some implementations that had once been discontinued are now active again.

When I learned about these problems, I assumed that this would give a boost to the introduction of eID (that is, identification by means of an electronic identity card via an NFC interface). The procedure is already quite widespread in the public sector and in some cases the only authorised synchronous procedure, whereas I have not yet been able to observe an increase in its use in the insurance industry.

What other developments are there in the market?

As mentioned above, no new processes have emerged that are currently expected to have potential market relevance. The Bank-Ident system mentioned in the last post, which links the user to their own bank account, has not yet been able to establish itself in Germany, unlike in the Netherlands, for example. Although yes®, the initiative of the savings banks and the Volks- und Raiffeisenbanken, has been launched in the meantime, it has not been able to fulfil the expectations it had set itself.

A fairly fresh development (December 2022) in this regard is that yes® is merging with verimi, the ID wallet that was launched with well-known German companies as shareholders (including Allianz, Lufthansa, Deutsche Bank) and also fell short of user expectations. This should lead to a broad-based German service provider for verifying identities. However, success remains to be seen.

What happens next?

There are no new procedures that put pressure on the established ones, so we can assume that the digital, synchronous procedures in particular will continue to gain relevance. However, it is difficult to say whether the problems in connection with VideoIdent and SelfieIdent will actually lead to a switch to other procedures such as eID. At the moment, it seems to me that they have survived this ‘crisis’ almost unscathed, at least in the insurance industry, and therefore they are likely to remain the most important methods of digital identification in the next few years.

You can find more exciting topics from the adesso world in our previously published blog articles.

Also interesting:

• Online identity verification: a comparison of three identification methods