German eID Verification

Enhance customer onboarding and ensure secure identity verification with the German eID Verification solution.

German eID Verification is an eIDAS-compliant onboarding solution that enables an effortless user experience while adhering to the highest identity verification security standards. It is based on a Notified German electronic identification (eID) scheme under the eIDAS framework, which enables a High Level of Assurance (LoA) for user identification.

The solution is fully compliant with identity verification requirements under the German AML regulation (GwG Abschnitt 3 § 12 (1) 2.) and is both a convenient and reliable alternative to conventional methods of user onboarding.

How it works

The German eID Verification process commonly includes the following steps:

  1. An applicant enters a 6-digit PIN linked to their eID card and reads the NFC chip on their mobile device.
  2. Once the PIN is confirmed, Sumsub automatically checks the validity of the eID, ensures that it has not been reported as either lost or stolen, and extracts the user data that is required for onboarding purpose from the NFC chip.

📘

Note

If the applicant is using their eID Card for the very first time, they will be asked to firstly input their unique 5-digit PIN (Activation PIN) and select a permanent 6-digit PIN, which will be used for future onboardings.

5-digit PIN activation flow

The eID Verification activation journey looks as follows:

  1. An applicant starts the eID Verification process within the application and Sumsub initializes the verification flow.
  2. The applicant enters their 5-digit activation PIN.
  3. If the PIN is correct, the applicant selects and enters their permanent 6-digit PIN.
  4. The applicant repeats the 6-digit PIN that will be used for future onboardings.
  5. The 6-digit PIN is hashed and stored within the NFC chip of the eID card.

6-digit PIN verification flow

The main flow of the eID Verification includes the following:

  1. An applicant initiates verification within the application and Sumsub initializes the verification flow.
  2. The applicant enters their 6-digit PIN.
  3. The applicant scans their ID card via the device’s NFC functionality and the system reads the stored information.
  4. The entered PIN is sent to the eID card’s NFC chip.
  5. The NFC chip hashes the entered PIN and compares it with the hashed PIN value that is stored within the eID card.
  6. If the PIN is correct, the system checks whether the eID Card is valid and has not been reported as lost or stolen.
  7. Once these security checks are successful, Sumsub extracts the applicant's personal data stored within the NFC chip and displays the success verification screen to the applicant.

eID Verification requirements

To be verified using the Sumsub German eID Verification solution applicants will need:

  • An NFC-enabled mobile device.
  • A supported identity document.
  • Stable internet connection.

Documents supported for eID Verification

The Sumsub German eID Verification solution supports the following identity document types:

  • German Identity Card (Personalausweis): ID
  • eID Card for EU/EEA citizens (Unionsbürgerkarte): UB
  • German Residence Permit (Elektronischer Aufenthaltsstatus): AR, AS, AF

📘

Note

Verification using the eMRTD (Electronic Machine Readable Travel Document) is currently permitted only for physical/in-person identification.

Personal identification numbers types

There are several possible identification number types that are applied within the German eID Verification depending on the situation:

  • 5-digit PIN (Activation PIN) — the Personal Identification Number (PIN) is used during the very first verification attempt to activate the eID Card and set up a permanent 6-digit PIN. It is sent to the user via mail by their local authorities together with their eID Card.
  • 6-digit PIN — the Personal Identification Number (PIN) is used to unlock the NFC chip on the eID Card and extract the personal data required for verification. It holds the same validity period as the eID Card. To change the 6-digit PIN, the user should contact their local authorities.
  • 6-digit CAN — the Card Access Number (CAN) is required when the user incorrectly enters their 6-digit PIN twice in a row. It is printed on the bottom right corner of the front side of the eID Card.
  • 10-digit PUK — the Personal Unblocking Key (PUK) is used to unlock the eID Card when the user enters an incorrect 6-digit PIN three times in a row. It is sent to the user via mail by their local authorities together with their eID Card. The PUK can be used no more than ten times.

Unsuccessful attempts

The following may lead to the unsatisfactory results of the eID Verification:

  • The eID card has expired.
  • The eID card has been reported as lost or stolen.
  • The user has lost or forgotten the required identification or unblocking key(s).
  • The 10-digit PUK code has been used more than 10 times.

In these cases, the applicant is displayed an applicable rejection screen and is asked to perform further actions shown on the application interface.

Get started

To start conducting German eID Verification:

  1. Integrate with the Sumsub iOS and/or Android mobile SDK.
  2. Set up a verification level and add German eID as a verification option.
  3. Use the Sandbox mode to test your integration and go live with Production.

Review verification results

To check the verification results, navigate to the Applicant Data tab of a particular applicant who passed eID verification and scroll down to the Extracted data section. There will be the following information extracted during the check:

  • Country
  • Document type
  • First name
  • Last name
  • Date of birth
  • Address
  • Place of birth
  • Valid until
  • Birth name (if available)
  • Nationality (if available)
  • Type
  • Service and card-specific ID