South African identity and biometrics company Ideco has launched an identity assurance ecosystem that is designed to deliver fraudproof identity authentication confirmed with a digital certificate of authenticity, says Ideco CEO Marius Coetzee.
Built on Ideco’s Identity 4.0TM three-way digital key-sharing system, the ecosystem is designed to facilitate identity assurance and eliminate the complexity and risk associated with traditional verification processes.
The Identity-as-a-Service (IDaaS) platform provides identity verification in real time for financial compliance to manage large financial transactions and secure banking services, communications, healthcare, education and social protection.
“Fraud causes South African organisations in the medical sector to lose up to R15-billion a year, and identity fraud is possibly the biggest governance, risk and compliance challenge facing local organisations,” Coetzee says.
Organisations can use the service to capture the credentials and biometric data of a consumer at a point of contact. The data, photo and fingerprints are captured in a customisable template defined in the application programming interface (API) and communicated securely to Ideco’s cloud-based back-end service for processing.
The IDaaS ecosystem validates the data in real time against multiple trusted national databases, including those of the Department of Home Affairs, and generates a seal of authenticity that serves as proof of customer identity and digitally signs the certificate in compliance with the Electronic Communications and Transactions Act No 25 of 2002.
“This certification meets all regulatory requirements and is supported by the National Centre for Certified Identities. The commercial service is hosted securely in the cloud, with the APIs delivered through the MuleSoft enterprise service bus.
The IDaaS ecosystem, first released in 2016, has been piloted by a major South African enterprise, in part to assess customer acceptance, highlights Coetzee.
Although the service is made available to clients as a shared service, Ideco guarantees full protection of information. Personal information is secured using customercentric cryptography, which makes the system fully compliant with the Protection of Personal Information Act.
The service achieved a high level of acceptance once clients understood the value of the process, and the benefits of owning their digital identities using the nuID mobile application (app) linked to the ecosystem,” he adds.
The nuID app is hosted securely in the cloud and access to identity data is enabled by the owner of the data – the consumer being identified – using a mobile phone. Citizens will, in future, maintain their credentials on the new dedicated and secure portal at www.nuid.me.
This service can be embedded in any customer-facing transaction or point-of-sale application to eliminate the risk of identity-related fraud using the service APIs. The Ideco IDaaS ecosystem and the nuID app also pave the way for a future in which certified digital identification using a mobile device supports secure services and transactions.
“We expect to see the private sector driving this transition in response to the need to clamp down on identity fraud,” Coetzee concludes.