TLDR: Thirdfort's SDK securely submits ID checks to third-party providers ReadID and Iproov. ReadID verifies passport authenticity using cryptographic keys and validates data by comparing passport chip and document info, client-provided data, digital signatures, signing keys, expiry dates, and the machine-readable zone (MRZ). Pass/fail results indicate the validity and consistency of these elements during the NFC ID check process.
Data Sources
Checks are submitted through the SDK (Software Development Kit) in the Thirdfort app. This SDK sends the information securely to our third-party providers – ReadID and Iproov. This is the sole way that Thirdfort inputs checks into the system.
What data sources are used by the system to verify ID?
For the NFC journey our third-party provider ReadID verifies the authenticity of the passport by checking the cryptographic key. This key is compared to the key the passport issuer has provided. This is the key data source used to verify authenticity.
System Outputs
There are numerous different outputs and reports that can be generated by an Enhanced NFC ID Check, however, the key metrics that outputs are returned against (and what a pass/fail would mean) are detailed below:
Chip & Document Validation
This is where ReadID compares the information provided by scanning the passport photo page and the information provided by an NFC chip.
- If it passes, this means the information is identical.
- If it fails, this could mean there is a difference between the results from the two sources.
Data Comparison
This compares the information provided by the passport scan and chip, to the information the client provided at the beginning of the app journey, their name and DOB.
- If it passes, this means that this information is sufficiently similar (the pass rate is 80%)
- If it fails, this means there is a significant divergence between the two sources.
Digital Signature
This is a country-specific unique identifier. Any government body that issues NFC-enabled passports will have a digital signature.
- If this passes, this means that ReadID has verified the signature as being identical to that of the issuing authority.
- If it fails, this will typically mean that there has been some problem with reading the signature or the digital signature may not have been provided with the anticipated result.
Signing Key
This is a unique identifier, or private key, within an NFC-enabled passport. This unique identifier contains all the information that is held within the passport, but in an encrypted format.
- If this passes, that means the signing key has been validated by ReadID.
- If this fails, that typically means that some aspect of the NFC chip has gone wrong.
Expiry Date
This checks the expiry date of the passport.
- If this passes, that means the passport is in date.
- If this fails, that typically means the passport has expired.
MRZ
This is the machine-readable zone (MRZ), which is the bottom two rows of text, numbers and symbols and the bottom of a passport photo page. This is designed to be scanned by a computer and presents all of the information present on a passport.
- If this passes, that means that we were able to scan the MRZ and extract the relevant information.
- If this fails, that typically means that something has gone wrong during the scan.
This article is based on accessing Thirdfort directly via our portal. If you access Thirdfort via a partner or reseller, functionality may differ.