What is the PVID standard?

Since the health crisis, the French government has been working to secure the economy and support business development. Remote identity verification has thus become a major stake in France and Europe. It is within this fragile digital landscape that the PVID standard was created to regulate remote identity verification systems.

What exactly is the PVID framework?

Established by ANSSI (the French National Agency for Information Systems Security) in March 2021, PVID is a reference text and an acronym for “Prestataire de Vérification d’Identité à Distance” (Remote Identity Verification Provider). Its purpose is to define technical certification standards to promote solutions dedicated to cybersecurity. The PVID certification thus guarantees trust and reliability for remote identity verification services. They must achieve the same purpose as in-person identity verification. The list of rules and recommendations to be followed allows for the compliance and certification of companies with remote identity verification systems.

In a context where identity thefts number in the millions, the main challenge of PVID is to prevent fraud during remote authentication. As fraudsters use increasingly sophisticated techniques, such as deepfakes, the risk of digital identity theft is a real threat.

The PVID can thus be compared to a "security visa" to protect companies and their customers. Banks and financial institutions were the first to adopt high-performance solutions certified by ANSSI. Today, all companies whose sector of activity involves a customer onboarding process are concerned by the PVID standard.

The PVID standard revolves around two levels of assurance:

• Substantial Level: This involves rigorous checks, including identity document verification and the use of robust methods to ensure that the user is who they claim to be. This level guarantees reliability comparable to face-to-face verification and is suitable for medium-risk transactions.
• High Level: This requires very strict verification measures and achieves the reliability level of issuing an ID card at a town hall or police station. This level is reserved for very high-risk transactions, where security is paramount, such as in the financial or government sectors.

PVID standard: How to Comply?

The PVID certification is a label of quality and trust issued by ANSSI. It is an official recognition that the critical remote identity verification services of a provider comply with the framework’s requirements. Achieving this compliance will not only help fight identity fraud but also gain customer trust. Find out in this article how to prevent identity fraud.

Obtaining PVID certification involves three steps:

1. Prepare and submit a dossier to ANSSI: Once received, a certification officer is appointed to handle the request.
2. Define an evaluation plan in collaboration with accredited auditors: They perform various tests on the robustness of the biometric aspect and the effectiveness of the service concerning identity documents.
3. Issuance of the certification by ANSSI: This attests to the service's compliance if the entire audit process has been positive.

Note that PVID certification is valid for two years.

PVID standard: Choosing the Right Facial Biometrics Solution for Compliance

Within the PVID standard, facial biometrics play a central role in identity verification. Choosing a leading provider offering a robust solution is key to ensuring compliance.

The preferred route is ISO 30107-3 certification, which attests to the reliability of a facial biometrics solution against identity theft attempts. Unissey, a remote facial biometrics verification solution, has held this certification since early 2024.

Moreover, with increasingly sophisticated AI-based fraud, the facial biometrics solution must prove its effectiveness against these digital attacks. Find out in this article how deepfakes are challenging remote identity verification.

‍