September 29, 2021

What is the PVID benchmark?

Globe icon

What is PVID?

As part of the fight against identity fraud, the French National Agency for Information Systems Security (ANSSI) has set up the PVID (Remote Identity Verification Providers) standard, which provides a framework for remote identity verification systems. Indeed, the fight against identity theft is more than ever at the heart of the concerns of the State, which wishes to help companies to offer more secure identification systems to their users. The implementation of this standard is therefore a real boon for companies wishing to operate in a more secure manner, at various levels. 


Why set up this benchmark?

The PVID repository responds to a demand that has been growing in recent years and whose need has become all the more present with the arrival of Covid and remote operations, i.e. the possibility of verifying the identity of one's remote contact in a more secure manner. Indeed, whether it is a question of sending a registered letter online, a secure document, having a customer sign a contract remotely or other, identity verification is required. It allows first of all to avoid recipient errors, but also, and above all, to fight against fraud. 

Online scams are becoming more and more numerous. They concern private individuals, in particular with phishing methods which are now well known to the general public, but also companies which may be faced with the theft of money or documents for example. Identity theft and fraud can have serious consequences and repercussions at different levels, which is why companies must offer an online identification system that is sufficiently effective to protect themselves and their users. This raises the question of what the characteristics of an effective identification system are, and this is precisely what the PVID standard proposed by the French National Agency for Information Systems Security addresses.


What is in this text?

The PVID standard is a reference text proposed by the French National Agency for Information Systems Security (ANSSI) in order to provide a framework for remote identity identification services. Its primary objective is to allow the identification of providers of remote identity verification services with a substantial or high level of guarantee. 

Two versions available to the public

Although the PVID standard is now sufficiently mature to be applied and to offer companies certification by the National Agency for Information Systems Security after they have submitted their file for evaluation, the text is in fact quite recent. The health crisis and above all the containment have accelerated things since many companies have adapted their services to be able to remain active even at a distance. Electronic signatures and the sending of documents have thus become tools that are used much more frequently and that therefore had to be regulated as quickly as possible. Thus, a first version of the PVID repository with a call for comments was published in November 2020. A first definitive version of the PVID repository can now be found on 1 March 2021.

A precise process to be followed

In this reference framework, various information is listed, the aim of which is to enable the certification and compliance of various remote identification services. The official document made available by the French National Agency for Information Systems Security details 

  • General description of the remote identity verification service
  • Evaluation of remote identity verification providers
  • Requirements to be met by the provider (risk assessment and treatment, remote identity verification policies and practices, remote verification service activities, information protection, provider organisation and governance, quality and service level).

Companies and other service providers offering an identity identification system can therefore refer to the PVID reference framework to find out about all the recommendations suggested by the National Agency for Information Systems Security.


Two levels of coverage depending on need

The PVID repository allows for the implementation of two different levels of safeguards of the eIDAS regulation: the substantial level and the high level. 

The substantial level of guarantee makes it possible to substantially reduce the risk of identity theft or alteration. The service in question must then guarantee an equivalence in terms of reliability with a physical face-to-face meeting that would be carried out in the context of access to a public or private service with presentation of proof of identity. In other words, the service must be able to withstand a moderate potential attack. 

The high level of guarantee prevents any risk of identity theft or alteration. The service in question must then guarantee an equivalence in terms of reliability with a physical face-to-face meeting that would be carried out within the framework of the issuance of an identity document. In other words, it must resist a high potential attack.


How to implement the PVID standard?

The implementation of the PVID standard depends above all on the willingness of the company to follow the recommendations of the National Agency for the Security of Information Systems and to offer a quality and secure service to both its employees and its customers. While the PVID standard therefore describes the various stages involved in achieving a sufficient level of security, the National Agency for Information Systems Security also proposes the certification of service providers.

The company can in fact send an evaluation request to the National Agency for Information Systems Security, which will then carry out various checks to ensure that the company is compliant. It can then issue a form of certification that allows the company to ensure that it has a secure system, but also to let its customers know that the tools it uses enable it to fight identity fraud more effectively. 


Why comply with the PVID standard?

PVID compliance and certification of companies will not only help to combat identity fraud and thus limit the risk of theft, for example, but also to gain the confidence of its customers. A company can therefore choose to implement PVID-compliant tools, but it can also call on a service provider who has the necessary skills to provide a PVID-compliant identity identification system. This allows companies with limited financial and/or technical resources to benefit from a secure identity identification system.

At Archipels, we intend to provide professionals with identification and identity fraud prevention tools that are effective and of course compliant with the PVID standard. Our partners can thus benefit from our expertise and guarantee their clients the use of remote services that meet the standards set by the French National Agency for Information Systems Security.


Find out more about Archipels decentralized identity solutions :
I want to be recontacted

NOs 6 Latest blog posts

November 2, 2023
Proof of age to access certain websites
What are the best ways to verify that an Internet user is of legal age?
May 23, 2023
The European digital identity: when will it be available?
If the project dedicated to the creation of a European digital identity is on the right track, there are still a number of steps to take before we can benefit from it.
February 15, 2023
Notarizing on blockchain to transform the public sector?
Notarization on blockchain, thought as a method of recording certified data in a secure and transparent way, answers critical issues.
November 16, 2022
In the age of e-wallets, digital identity at the heart of UX
On the occasion of the publication of the AIS white paper, we take a look at the state of the art of digital identity management systems around the world, the technology standards that underpin them and the latest trends.
September 20, 2022
Food labels: certifying on Blockchain to fight fraud?
According to a recent EUIPO study, the rate of counterfeiting of PGI / PDO products would reach 10.3%. How does blockchain help fight fraud?
August 4, 2022
Evidentiary value of the Blockchain: what you need to know!
Blockchain is a universal evidentiary mechanism and will soon be recognized in law in all its evidentiary value making the verification of data in customer journeys compliant with legal provisions.
Archipels logo

Products

Archipels CertifyArchipels VerifyArchipels ConnectConnect ratesCertify rates

Receive the Archipels newsletter!

Digital identity recap.

Thank you! Your submission has been received!
Oops, something went wrong!

2024 Archipels

Privacy statementCookie settingsLegal notice