AutomatID provides a drop-in solution for Android and iOS apps to perform identity verification of the user.
The identity verification performed by AutomatID can happen in the following ways:
- through an electronic, NFC-enabled identity document (Electronic Passports and European Identity Cards)
- (Android only) through a contactless payment card (credit/debit card)
When using an identity document, the following two factors are evaluated together:
- the cryptography features of the document
- a liveness check of the user, to ensure that they are the legitimate owner of the document that is used
Through the NFC reading capabilities of modern smartphones, the document data is acquired and cryptographically validated. The user is then asked to perform a liveness check, where their facial features are acquired through the smartphone camera and compared with the user photo that was read from the document through NFC and that is signed by the Issuing entity (e.g. government authority).
The payment card verification allows you to verify that the user is in physical possession of a specific payment (credit/debit) card. To do so, you will need to provide in advance the data (PAN, expiration date) of the card that you expect the user to possess. AutomatID will ask the user to read that card through NFC with their smartphone, and it will cryptographically verify that the read card data match the card data you provided. This feature is only available on Android because of Apple restrictions upon the NFC API when interacting with payment cards.
To use the payment card verification feature, since you will be dealing with payment card data, you (more precisely, the entity that will publish the app on the store) must either:
- be the issuer of the payment cards that will be read
- be PCI-DSS certified