How are these checks input into the system?
Checks are submitted through the SDK (Software Development Kit) in the Thirdfort app. This SDK sends the information securely to our third-party providers – ReadID and Iproov. This is the sole way that Thirdfort inputs checks into the system.
What data sources are used by the system to verify ID?
For the NFC journey our third-party provider ReadID verifies the authenticity of the passport by checking the cryptographic key. This key is compared to the key the passport issuer has provided. This is the key data source used to verify authenticity.
What are the outputs from the system and what do these mean?
There are numerous different outputs and reports that can be generated by an Enhanced NFC ID Check, however, the key metrics that outputs are returned against (and what a pass/fail would mean) are detailed below.
Chip and document validation
This is where ReadID compares the information provided by scanning the passport photo page and the information provided by an NFC chip.
• If it passes, this means this information is identical.
• If it fails, this could mean that there is some sort of divergence between the results from the two sources.
Data comparison
This compares the information provided by the passport (both scan and NFC chip) to the information the user provided at the beginning of their app journey (Name and DOB).
• If it passes, this means that this information is sufficiently similar (the bar is 80% match).
• If it fails, this means there is a significant divergence between these two sources of information.
Digital Signature
This is a country-specific unique identifier. Any governmental body that issues NFC-enabled passports will have a digital signature.
• If this passes, this means that ReadID has verified the signature as being identical to that of the relevant issuing authority.
• If it fails, this will typically mean there has been some problem with reading the signature or the digital signature may not have provided the anticipated result.
Signing Key
This is a unique identifier, or a ‘Private Key’ within an NFC–enabled passport. This unique identifier contains all the information that is held within the passport, but in an encrypted format.
• If this passes, that means the signing key has been validated by ReadID.
• If it fails, that typically means that some aspect of reading the NFC chip has gone wrong.
Expiry Date
This checks the date of expiry of the passport.
• If it passes, that means the passport is in date.
• If it fails, that typically means that the passport is expired.
MRZ
This is the ‘Machine Readable Zone’ which is the bottom two rows of text as you can see in this specimen document. This is designed to be scanned by a computer/device and presents all the information on the passport but in the best format for electronic devices to scan.
• If this passes, that means that we were able to scan the MRZ and gather all relevant information.
• If it fails, that typically means that something has gone wrong with the scan.
What providers do we work with?
For the Enhanced NFC ID Check Thirdfort works with two key providers:
ReadID
Provides the NFC (Near Field Communication) scanning technology that makes the check Safe Harbour compliant. Their software is used in the initial part of the journey to facilitate the user’s ability to scan their passport.
ReadID also provides Thirdfort with access to the digital signatures required to verify the NFC enabled
document as authentic.
iProov
Provides the facial biometric technology used to compare and verify whether users interacting with
the Thirdfort app and undertaking the Enhanced NFC ID journey are genuine individuals, and that they match to the passport provided.