The German eID Verification is both an eIDAS and GwG-compliant onboarding solution based on a notified national electronic identification scheme that is governed by the Federal Office for Information Security (BSI).

It works by simply having the user enter their personal identification number (PIN) and reading the NFC chip on the identity document via their mobile device. This enables exctracting comprehensive identity data stored on the chip, while the eID card itself is instantly checked for validity and ownership legitimacy. The result helps businesses bring only trusted customers onboard in compliance with the national AML/CTF regulations and simultaneously enabling a seamless verification experience for the end-users.

📘

Note

This technology is commonly known as the AusweisApp2 application, however, with Sumsub's SDK integration, no external app downloads are required.

How it works

The German eID Verification process commonly includes the following steps:

1. An applicant enters a 6-digit PIN linked to their eID card and reads the NFC chip on their mobile device.
2. Once the PIN is confirmed, Sumsub automatically checks the validity of the eID, ensures that it has not been reported as either lost or stolen, and extracts the user data that is required for onboarding purpose from the NFC chip.

📘

Note

If the applicant is using their eID Card for the very first time, they will be asked to firstly input their unique 5-digit PIN (Activation PIN) and select a permanent 6-digit PIN, which will be used for future onboardings.

5-digit PIN activation flow

The eID Verification activation journey looks as follows:

1. An applicant starts the eID Verification process within the application and Sumsub initializes the verification flow.
2. The applicant enters their 5-digit activation PIN.
3. If the PIN is correct, the applicant selects and enters their permanent 6-digit PIN.
4. The applicant repeats the 6-digit PIN that will be used for future onboardings.
5. The 6-digit PIN is hashed and stored within the NFC chip of the eID card.

6-digit PIN verification flow

The main flow of the eID Verification includes the following:

1. An applicant initiates verification within the application and Sumsub initializes the verification flow.
2. The applicant enters their 6-digit PIN.
3. The applicant scans their ID card via the device’s NFC functionality and the system reads the stored information.
4. The entered PIN is sent to the eID card’s NFC chip.
5. The NFC chip hashes the entered PIN and compares it with the hashed PIN value that is stored within the eID card.
6. If the PIN is correct, the system checks whether the eID Card is valid and has not been reported as lost or stolen.
7. Once these security checks are successful, Sumsub extracts the applicant's personal data stored within the NFC chip and displays the success verification screen to the applicant.

eID Verification requirements

To be verified using the Sumsub German eID Verification solution applicants will need:

• An NFC-enabled mobile device.
• A supported identity document.
• Stable internet connection.

Documents supported for eID Verification

The Sumsub German eID Verification solution supports the following identity document types:

• German Identity Card (Personalausweis): ID
• eID Card for EU/EEA citizens (Unionsbürgerkarte): UB
• German Residence Permit (Elektronischer Aufenthaltsstatus): AR, AS, AF

📘

Note

Verification using the eMRTD (Electronic Machine Readable Travel Document) is currently permitted only for physical/in-person identification.

Personal identification numbers types

There are several possible identification number types that are applied within the German eID Verification depending on the situation:

• 5-digit PIN (Activation PIN) — the Personal Identification Number (PIN) is used during the very first verification attempt to activate the eID Card and set up a permanent 6-digit PIN. It is sent to the user via mail by their local authorities together with their eID Card.
• 6-digit PIN — the Personal Identification Number (PIN) is used to unlock the NFC chip on the eID Card and extract the personal data required for verification. It holds the same validity period as the eID Card. To change the 6-digit PIN, the user should contact their local authorities.
• 6-digit CAN — the Card Access Number (CAN) is required when the user incorrectly enters their 6-digit PIN twice in a row. It is printed on the bottom right corner of the front side of the eID Card.
• 10-digit PUK — the Personal Unblocking Key (PUK) is used to unlock the eID Card when the user enters an incorrect 6-digit PIN three times in a row. It is sent to the user via mail by their local authorities together with their eID Card. The PUK can be used no more than ten times.

Unsuccessful attempts

The following may lead to the unsatisfactory results of the eID Verification:

• The eID card has expired.
• The eID card has been reported as lost or stolen.
• The user has lost or forgotten the required identification or unblocking key(s).
• The 10-digit PUK code has been used more than 10 times.

In these cases, the applicant is displayed an applicable rejection screen and is asked to perform further actions shown on the application interface.

Compliance overview

The German eID Verification is based on a national electronic identification (eID) scheme that is governed by the Federal Office for Information Security (BSI).

The solution has been notified under the eIDAS framework (Regulation (EU) No 910/2014), which defines the use of electronic identification and trust services, as adhering to the highest identification standards by providing a High Level of Assuranc (LoA), and is considered equivalent to in-person customer onboarding. As a result, it is recognized as a compliant identification method by national AML/CTF regulatory requirements in all member states of the European Union, including the German AML framework (GwG § 12 (1) 2).

Get started

To start conducting German eID Verification:

1. Integrate with the Sumsub iOS and/or Android mobile SDK.
2. Set up a verification level and add German eID as a verification option.
3. Use the Sandbox mode to test your integration and go live with Production.

Review verification results

To check the verification results, navigate to the Applicant Data tab of a particular applicant who passed eID verification and scroll down to the Extracted data section. There will be the following information extracted during the check:

• Country
• Document type
• First name
• Last name
• Date of birth
• Address
• Place of birth
• Valid until
• Birth name (if available)
• Nationality (if available)
• Type
• Service and card-specific ID

📘

Note

According to German AML regulation, when the customer is being verified through the use of an electronic proof of identity, instead of the 'Type', 'Number', and 'Issuing authority' of the identity document, the 'Service and card-specific ID' as well as the fact that the identification was carried out on the basis of an eID should be captured (GwG Abschnitt §8 (2)).