German eID Verification

Transform your customer onboarding experience with the German eID Verification solution.

The German eID Verification is Sumsub’s NFC-based customer onboarding solution designed specifically for the local market as one of the most well-recognized electronic verification methods across both organizations and their end-users.

It is based on a notified national electronic identification (eID) scheme known as the German eID, established and governed by the Federal Office for Information Security (BSI), which enables businesses to verify their customers at a High Level of Assurance (LoA) simply by leveraging their identity document and Strong Customer Authentication (SCA) for data sharing. As a result, the solution covers over 40% of the country's adult population, as it successfully represents all citizens with an electronic eID card.

The German eID Verification works by simply having the applicant enter their 6-digit Personal Identification Number (PIN) and reading the NFC chip on the identity document via their mobile device. This enables extracting comprehensive identity data stored on the chip, while the eID card itself is instantly checked for validity and ownership legitimacy.

The result helps businesses bring only trusted customers onboard in compliance with both the German Geldwäschegesetz (GwG) and eIDAS regulatory requirements, all through an effortless user verification experience.

📘

Note

This solution is commonly known as the AusweisApp2, however, with Sumsub's SDK integration, no external app downloads are required.

Use cases

User onboarding, which is both compliant with the Customer Due Diligence requirements under the BaFin AML framework (GwG Abschnitt 3 § 12 (1) 2.) and offers increased customer conversion rates as well as lower operational costs in comparison to conventional identity verification methods.


This use case is particularly relevant for the following BaFin-regulated businesses in Germany:

  • Banking institutions
  • Neo-banking institutions
  • Cryptocurrency trading companies
  • Gaming operators
  • Credit institutions
  • Payment service providers
  • Insurance companies
  • Asset management companies
  • Brokerage firms

Solution benefits

  • Efficient Onboarding. Streamlines the identity verification process, reducing barriers between new clients and your business.
  • Compliance. Ensures full compliance with both German and eIDAS regulatory requirements for customer onboarding.
  • Security. Enhances the level of user identity verification security by leveraging the Personalausweis national eID scheme.
  • User Experience. Provides a seamless and user-friendly onboarding experience; no need for applicants to install additional applications on their device.
  • Seamless integration. Delivers an effortless product implementation experience for Sumsub clients via our lightweight Mobile and Web SDK frameworks.

How German eID Verification works

The German eID Verification process commonly includes the following steps:

  1. An applicant enters a 6-digit Personal Identification Number (PIN) linked to their eID card and scans the NFC chip on their mobile device.
  2. Once the PIN is confirmed, Sumsub automatically checks the validity of the eID, ensures that it has not been reported as either lost or stolen, and extracts the applicant data that is required for onboarding purposes from the NFC chip.

📘

Note

If the applicant is using their eID card for electronic verification for the very first time, they will be asked to firstly input their 5-digit transport PIN and select a unique 6-digit PIN, which will be used for future onboardings. Applicant confirms the 6-digit PIN; if it matches, the PIN is activated for electronic verification.

5-digit PIN journey

The eID Verification activation journey looks as follows:

  1. An applicant starts the eID Verification process within the application, and Sumsub initializes the verification flow.
  2. The applicant enters their 5-digit transport PIN.
  3. The applicant selects and enters a unique 6-digit PIN.
  4. The applicant repeats the 6-digit PIN that will be used for future verification attempts.
  5. The 6-digit PIN is hashed and stored within the NFC chip of the eID card.

6-digit PIN journey

The main flow of the eID Verification includes the following:

  1. An applicant initiates verification within the application, and Sumsub initializes the verification flow.
  2. The applicant enters their unique 6-digit PIN.
  3. The applicant scans their eID card via the device’s NFC functionality, and the system reads the stored information.
  4. The entered PIN is sent to the eID card’s NFC chip.
  5. The NFC chip hashes the entered PIN and compares it with the hashed PIN value that is stored within the eID card.
  6. If the PIN is correct, the system checks whether the eID card is valid and has not been reported as lost or stolen.
  7. Once these security checks are successful, Sumsub extracts the applicant's personal data stored within the NFC chip and displays the success verification screen to the applicant.

eID Verification requirements

To be verified using the Sumsub German eID Verification solution, applicants will need:

  • An NFC-enabled mobile device.
  • A supported identity document.
  • Stable internet connection.

Documents supported for eID Verification

The Sumsub German eID Verification solution supports the following identity document types:

  • German Identity Card (Personalausweis): ID
  • eID Card for EU/EEA citizens (Unionsbürgerkarte): UB
  • German Residence Permit (Elektronischer Aufenthaltstitel): AR, AS, AF

📘

Note

Verification using the eMRTD (Electronic Machine Readable Travel Document) is currently permitted only for physical/in-person identification.

Personal Identification Numbers and Key types

There are several identification and unblocking number types:

  • 5-digit Transport PIN — the Personal Identification Number (PIN) is required during the very first electronic verification attempt using the eID card. During this process, the code should be changed to a unique 6-digit PIN. It has the same validity period as the eID card. The Transport PIN is sent to the applicant via mail by their local authorities together with the eID card.
  • 6-digit PIN — the Personal Identification Number (PIN) is required to unlock the NFC chip on the eID card and extract the personal data required for electronic verification. It has the same validity period as the eID card. This PIN is selected by the applicant during their first electronic verification attempt. To change the 6-digit PIN, the applicant should contact their local authorities.
  • 6-digit CAN — the Card Access Number (CAN) is required to continue with the verification process when the applicant incorrectly enters their 6-digit PIN twice in a row. It has the same validity period as the eID card. It is printed on the bottom right corner of the front side of the eID card (next to the expiration date).
  • 10-digit PUK — the Personal Unblocking Key (PUK) is required to unblock the eID card when the applicant enters an incorrect 6-digit PIN three times in a row. It is sent to the applicant via mail by their local authorities together with their eID card. The PUK can be used ten times.

Unsuccessful attempts

The following may lead to unsatisfactory results of the eID Verification:

Scenario

Applicant Rejection Type

eID card has expired.

FINAL

eID card has been reported as lost or stolen.

FINAL

5-digit transport/activation PIN is incorrect.

RETRY

6-digit PIN is incorrect.

RETRY

CAN is incorrect.

RETRY

6-digit PIN has been entered incorrectly three times.

RETRY

10-digit PUK is incorrect.

RETRY

10-digit PUK has been entered over ten times.

FINAL

eID card has been digitally altered or tampered.

FINAL

NFC chip belongs to a different eID card.

FINAL

Device is unable to scan the NFC chip of the eID card.

FINAL

Unknown/unexpected error.

RETRY

Compliance overview

The German eID Verification is based on a national electronic identification (eID) scheme, governed by the Federal Office for Information Security (BSI), in compliance with the Act on Identity Cards and Electronic Identification (Personalausweisgesetz, PAuswG) and the Residence Act (Aufenthaltsgesetz).

The solution has been notified under the eIDAS framework (Regulation (EU) No 910/2014), which defines the use of electronic identification and trust services, as adhering to the highest identification standards by offering a High Level of Assurance (LoA), and is considered equivalent to in-person customer identification. As a result, it is recognized both as a compliant onboarding method according to the national AML/CTF regulatory requirements in all member states of the European Union (EU) as well as the German Federal Financial Supervisory Authority (BaFin) framework regarding the identification of natural persons (GwG § 12 (1) 2. and GwG § 12 (1) 4.).

Get started with German eID Verification

To start conducting German eID Verification:

  1. Integrate with the Sumsub iOS and/or Android mobile SDK.
  2. Set up a verification level and add German eID as a verification option.
  3. Use the Sandbox mode to test your integration and go live with Production.

Review German eID Verification results

To check the verification results, navigate to the Applicant Data tab of a particular applicant who passed eID verification and scroll down to the Extracted data section. The following information will be extracted during the check:

  • Country
  • Document type
  • First name
  • Last name
  • Date of birth
  • Address
  • Place of birth
  • Valid until
  • Birth name (if available)
  • Nationality (if available)
  • Type
  • Service and card-specific ID

📘

Note

According to German AML regulation, when the customer is being verified through the use of an electronic proof of identity, instead of the 'Type', 'Number', and 'Issuing authority' of the identity document, the 'Service and card-specific ID' as well as the fact that the identification was carried out on the basis of an eID should be captured (GwG Abschnitt §8 (2)).

German eID Verification FAQ

Find the most frequently asked questions about German eID Verification.

Does the German eID Verification offer a compliant alternative to the Video Identification service according to the BaFin regulations?

Yes, the solution is compliant with both Geldwäschegesetz §12 (1) 2. and §12 (1) 4. regarding the identification of natural persons.

What percentage of the German population is currently using eID cards?

According to most recent estimates, around 40% of the national population have a valid eID card, while 36% have successfully activated it.

What are the main security features of the German eID Verification solution?

  1. Unique identification numbers and keys. The applicant is assigned randomly generated 5-digit (Activation/Transport) PIN, 6-digit (Access) CAN, and 10-digit PUK (Unblocking) codes by the governing authorities at the time of the identity card creation and sent to the applicant via postal services together with the eID card. Furthermore, upon the initial usage of the eID card, the end applicant selects a 6-digit PIN, which is used for subsequent eID authentication sessions.
  2. Digital certificate validation. The digital certificate stored within the eID card is validated against the central eID authentication server every single time a applicant attempts a verification using their eID card to ensure that the identity document is authentic and valid.
  3. Lost and Stolen Identity Document check. The eID card is checked against the Lost and Stolen Identity Document Register, which is maintained by the Federal Police authorities, every single time a applicant attempts a verification using their eID card to ensure the document ownership and validity.

Which languages does the eID Verification solution support?

You can find the information about all supported languages here.

Why is the applicant’s biometric data not returned as a result of the verification?

Biometric data extraction from the NFC chip of the eID card is currently limited to government institutions and law enforcement agencies using the Electronic Machine Readable Travel Document (eMRTD) during physical/in-person identification. At the same time, the eID system is designed according to the requirements of the German AML framework, which does not require biometric data for remote applicant onboarding (GwG Abschnitt 3 § 11 (4) 1.).

What is the Service-specific ID data field?

This ID is a uniquely generated value which demonstrates that the verification has been completed via an eID system using a valid German Identity Card.

Why does the solution not return the Type, Number, and Issuing authority of the identity document?

According to the German AML regulation, when the customer is being verified through means of electronic identification, these fields are required to be captured. Instead, the Service and card-specific ID will be generated and stored, as well as the fact that the identification was carried out on the basis of an eID (GwG Abschnitt §8 (2)).

Why is Nationality an optional data field?

eID cards released before 2019 do not store this information.

Which devices are compatible with the German eID Verification solution?

NFC-equipped and enabled smartphones that have the respective operating systems:

  • Android operating system: Android 5.0 or later
  • iOS operating system (iPhones): iOS 13.0 or later