[[:guide_de_parametrage|Français]] | [[:en:guide_de_parametrage|English]] ---- ====== Process Configuration ====== A **process** defines what you want to expose to your end users: * Identity verification methods * Additional documents to collect * Other parameters and validation rules ➔ To create a new process: * Click on the **Processes** tab * Then click on **Add a process** **✏️ The process creation is done in 8 steps:** 1️⃣ General information 2️⃣ Remote identity verification methods 3️⃣ Information input 4️⃣ Documents to be sent to the business service 5️⃣ Selection of validation rules 6️⃣ Settings 7️⃣ User interface customization 8️⃣ Finalization ====== General Information ====== In this step, you can: ✅ Name your process ✅ Define expiration times ✅ Add preliminary information \\ {{:en:generalinformation.png?1000|}} \\ === 📌 Process Name === **Required** field. --- === ⏳ Expiry Time === - **Non-started enrolment**: time before the user begins their enrollment - **Started enrolment**: time allowed for the user to complete the process - **End of enrollment processing**: maximum time to process the file //If the allocated time for the first two delays is exceeded, the file status will switch to CANCELED. For the third one, it will be marked as FAILED.// \\ ⚠️ A cron job runs every 15 minutes to update statuses. This means that the status update can occur up to 15 minutes after the expiration time. --- === 🗄️ Active database retention duration in ID360 for enrollments (in minutes) === Not editable **86400 minutes** (= 2 months). Duration before the file is archived. This also defines how long you can access uploaded identity documents, selfies, and supporting documents from the admin platform. ⚠️ A cron job runs once a day to switch files to DELETED. This means the status update may happen up to 24 hours after the expiration. --- === 🔄 Do not display final screen of identity verification === By default, the user must click "Continue" to be redirected to your business website. To skip this step and redirect automatically, check this box. {{ecranfinal_en.png?400%}} --- === 📱 Enable SMS redirection === If you do not allow identity document upload on desktop, users will need to switch to their mobile phone. They can scan a QR code, receive an email, or receive an SMS if this box is checked. --- === 🛡️ Enable the antivirus === Antivirus is a requirement for some clients based on their internal security policies (PGSSI). This is an optional paid feature. If you're interested, contact your Customer Success Manager. --- === 🚦 The user must wait until the processing is complete in the final step before returning to the business website === Mandatory checkbox : this option must be checked to enable **retry mechanisms** within the journey. The user has an initial attempt and can make up to 3 retries. --- === ⏱️ Maximum waiting time === Defines the maximum waiting time for the user before moving to the next step at the end of the process (even if processing isn’t complete). Max duration: 30 minutes. --- === 🏷️ Company name displayed at the end of the process === Company name that will be shown at the end of the process, before redirection. If left empty, the name of the company associated with the process will be displayed. --- === 📑 Proof slip generation mode === - **Full**: includes all extracted data, MIE results, and all document checks - **Age proof**: anonymous report limited to age verification only --- === 📜 Getting prior information accepted === Display your custom T&Cs before finalizing the process. {{acceptinginfo.png}} User side: {{cgu_propre_user_en.png?300%}} ====== Remote Identity Verification Methods ====== We offer two levels of identity verification: • **Substantial**: equivalent to an in-person identity check. • **Non-substantial**: provides a high level of probative value depending on configuration. --- It is possible to select multiple verification methods within the same process, allowing the user to choose the identification method that suits them best. //⚠️ **Note**: an exception applies – it is not possible to combine **PVID** and the **customizable online process** in the same configuration.// ===== PVID / Customizable Online Process ===== PVID and the Customizable Online Process are two identity verification methods offered with different levels of control. * User awareness of the actions to be performed * Consent collection and Terms of Use * ID document capture and verification * Selfie capture and verification depending on the selected process ℹ️ **Customizable Online Process specificity**: the holder check is *not mandatory*, unlike with PVID. ℹ️ **PVID specificity**: a human operator reviews the documents when automated results are successful. --- For testing purposes, to bypass the human review step, you must enable the following option in the process configuration: **"The user must wait, in the final step, for the end of processing before returning to the business site."** ===== L'Identité Numérique La Poste ===== This verification method relies on the use of the mobile app “Identité Numérique La Poste”. * Enter the phone number * Push notification sent via the “Identité Numérique La Poste” app * Authentication using the secret code of the Digital Identity ===== FranceConnect+ ===== FranceConnect+ allows the user to authenticate using existing official accounts. Authentication is done with the username and password of the selected platform. ===== SPID ===== The Sistema Pubblico di Identità Digitale (SPID) is the Italian standard for digital identity. Issued by certified providers (postal services, banks, telecom operators, etc.), it provides each citizen with a unique identifier, protected by multi-factor authentication. ===== Focus on the customizable online journey ===== {{customizable_process.png}} **Check font type**: A font check of the MRZ band is available. However, if the photo of the identity document provided by the user is of insufficient quality, this check may result in a higher number of failures (KO) and cause a slight increase in processing time. --- **Detection of monochrome**: If the uploaded identity document is monochrome, it will be rejected. --- **Detection of alteration and modification of the photo of the title**: This check detects anomalies (wave patterns, RF, pasted photos). --- **Extraction and control of information**: The MRZ is automatically corrected, and the checksum verification is performed. --- **Detection of attack by presentation**: If the uploaded or captured photo comes from a screen, it will be rejected. --- **Allow document upload**: * On smartphone: The user can scan or upload their document. * On PC: The user must upload their document. 💡 For the selfie, it is recommended to use a smartphone for better image quality. --- **Verify the existence of both sides of the document**: If two sides are required and only one is provided, the file will be marked as KO. ===== Additional Configurations and Available Controls ===== **This person must act on behalf of a legal entity** • If the identity is listed in the KBIS: * Step 1: Identification of the natural person * Step 2: Collection of the KBIS • If the identity is not listed in the KBIS: * Step 1: Identification of the natural person * Step 2: Collection of the KBIS + Mandate + Copy of the ID document of the mandator 📌 Verification zones: MANAGEMENT, EXECUTIVE, ADMINISTRATION, CONTROL, ASSOCIATES OR MEMBERS //The mandate being a non-standardized document, it is only collected by ID360.// --- **Capture the identity document if a MIE is selected** * Step 1: Identification via FranceConnect(+) or La Poste Digital Identity * Step 2: - On PC: Upload of the identity document - On smartphone: Upload or capture of the identity document 📎//This document is only collected, with no additional verification.// --- **Enable rear camera usage** Allows a helper to assist the user during selfie capture by activating the rear camera. --- **Visual control of documents** Allows visual verification to check if the document matches a known template. 🔧 Currently being improved; it is not recommended to check this option. --- **Split the address on identity documents** The address will be split into street number, street name, postal code, and city. {{:adresse_decoupee.png?323×137|}} 🏡 To ensure an up-to-date proof of address, it is preferable to request a separate proof rather than relying on the ID document address. ====== Enable User Data Entry ====== By enabling this feature, the user will be required to manually enter the desired information. {{saisie_informations_en.png?800%}} --- **Example** If you configured the collection of email address and mobile phone number (with SMS verification), the user will input these values and receive a code by SMS. {{mail_phone.png?500%}} For your information, the OTP code can be sent a maximum of 3 times, at a rate of one send per minute. --- 🔧 If your use of ID360 relies entirely on our APIs and the end user is never redirected to the ID360 identification URL, this feature allows you to compare collected data. For example, if you expect Mr. Y to be onboarded, you can use ID360 API calls to ensure that the extracted identity matches Mr. Y and not Mr. Z. The entered last name is compared with both the birth name and the usual name. 🔧 If you still want to perform such checks while redirecting the user to the ID360 identification URL—without letting them modify the expected data, an API method is available to push this data into the system (see: Developer Guide). ===== String Comparison in ID360 ===== 🔧 The algorithm used is a fuzzy matching. ID360 uses a **three-step approach** to compare strings. The goal is to enable reliable comparisons even when strings contain accents, special characters, or linguistic variations. ==== 1. Unidecode Step ==== The first step is to **remove accents and diacritical marks** to standardize the comparison. This allows words to be compared as if they were written using only standard ASCII characters. **Example:** * élodie → elodie Thus, *élodie* and *elodie* will be considered **identical** at this stage. ==== 2. Generic Transliteration Step ==== Once accents are removed, ID360 applies a **generic transliteration**. This process converts non-ASCII characters (such as letters specific to certain languages) into their most common Latin alphabet equivalents. The original language of the word is **not** taken into account here — only a standard transliteration is applied. **Examples:** * weiß → weiss * düker → duker This step makes it possible to harmonize strings originating from different languages without knowing the linguistic context. ==== 3. Precise Transliteration Step ==== The final step performs a **contextual transliteration**, taking into account the **original language of the text**. For identity documents (passports, national ID cards, etc.), the language used corresponds to the **issuing country of the document**. As a result, some letters are transformed differently depending on the language. **Examples:** *For Germany (DE)* : * Jörg → Joerg * Düker → Dueker *For France (FR)* : * Jörg → Jorg * Düker → Duker This language-aware transliteration provides a **comparison more faithful to the document’s context**. ==== Notes ==== * Specific transliteration rules depend on the **country of origin**. * European countries are generally less affected by these differences, but **Germany** is a notable exception, as its rules are frequently used in official documents. * Other countries may apply their own conventions depending on their civil registry standards or national requirements. ==== Summary ==== ID360 compares strings through a progressive process: - **Character normalization** (removal of accents) - **Universal transliteration** (generic conversion of non-ASCII characters) - **Contextual transliteration** (conversion adapted to the document’s language) This method ensures a **robust, consistent, and linguistically accurate comparison**. ====== Documents to Be Returned to the Business Service ====== A list of complementary documents is available. These documents can be extracted and verified by ID360: * Profile photo * Vehicle registration certificate * Health insurance card * Social Security proof * KBIS extract * Payslip of a French employee * Proof of address * Bank account details (RIB) from French banks * Property tax notice from the French government * Income tax notice from the French government --- If you would like more details on data extraction and both unitary and cross-check verifications, please request the following document: **“ID360-Inf-Documentation on Extractions and Verifications”** --- You may also add other types of documents not listed above. Below is an example of adding a diploma: {{freeDoc.png?500%}} ⚠️ These custom documents are only collected — no data extraction or verification will be performed. ==== Digiposte ==== **Enable the Digiposte button**: This citizen digital vault allows users who have an account to easily provide documents. Some documents may be certified because they are directly uploaded by a trusted issuer (e.g., employer for payslips). By enabling the Digiposte button, you allow users who have an account to import one or more documents from their personal digital vault. ==== MiTrust ==== **Enable the MiTrust button**: As a data intermediary, MiTrust connects users to trusted data sources such as banks, telecom operators, or government authorities. MiTrust stands out for its ability to minimize shared data, transmitting only the information necessary for a given transaction. Currently, the documents managed by MiTrust within ID360 are: the income tax notice, the property tax notice, and the proof of address. ====== Control Selection ====== This section allows you to customize all the checks you wish to perform on identity documents or on data retrieved from External Identity Modules (EIMs). ===== Identity Document ===== If your process includes either **PVID** (Dynamic Identity Verification Process) or the **Custom Online Process** by Docaposte, the following checks are available: {{validations_selection.png}} **By selecting only “Extract and verify the document,” the system will extract the data from the identity document. You can then choose the relevant checks for your use case, including:** **Allow address to be used**: the address from the identity document will be stored in the Identity block. We recommend requesting a proof of address if you need a verified address (document must be issued no more than 3 months prior to submission). --- **Verify issuance date against MRZ**: Compares the issuance date as it appears visually on the document (typically from the VIZ – visible image zone) with the one extracted from the MRZ. --- **Verify issuance date against the first 2 digits of the MRZ (for French passports)**: Compares the visually read issuance date (from the VIZ) with the one inferred from the first 2 digits of the MRZ. --- **Verify birth date against MRZ**: Compares the birth date shown on the document (VIZ) with the one read from the MRZ. --- **Verify MRZ validity**: Ensures that the checksums in the Machine Readable Zone are valid and that the MRZ follows international standards. --- **Verify last name against MRZ**: Compares the last name as it appears on the identity document (typically from the VIZ – visible image zone) with the one extracted from the MRZ. --- **Verify last name against 2D-DOC**: Compares the last name from the 2D-DOC (if available) with the one extracted from the MRZ. --- **Verify document number against MRZ**: Compares the document number from the VIZ with the one extracted from the MRZ. --- **Verify document number against 2D-DOC**: Compares the document number from the 2D-DOC (if available) with the one extracted from the MRZ. --- **Verify first name against 2D-DOC**: Compares the first name from the 2D-DOC (if available) with the one extracted from the MRZ. --- **Verify gender against 2D-DOC**: Compares the gender from the 2D-DOC (if available) with the one extracted from the MRZ. --- **Verify document type against 2D-DOC**: Compares the document type (passport, ID card, residence permit, driver’s license) from the 2D-DOC with the one extracted from the MRZ. --- **Verify first names against MRZ**: Compares the first names as seen on the document image (VIZ) with those extracted from the MRZ. --- **Verify document number presence in both VIZ and MRZ**: Checks that the document number is present both in the VIZ and in the MRZ. --- **Verify document was not issued in the future**: Checks that the issuance date is prior to today’s date. --- **Verify document was not issued on a Sunday**: Checks that the document was not issued on a Sunday. --- **Verify document has not expired**: Verifies that the document is still valid, considering a 15-year validity for adults and 10 years for minors, with some exceptions depending on the issuing country. \\ The validity period is 15 years for national identity cards issued since 2004.Example: a card issued in 2008 is valid until 2023. For cards issued before 2004, ID360 also applies a 15-year validity period. --- **Verify document number is not on the blacklist**: Checks whether the document number is listed in a configurable blacklist (to reject known fraudulent documents). ===== Digital Identity ===== If your process includes **FranceConnect+** and/or **La Poste Digital Identity**, make sure to check the option **"Extract digital identity"** so that we can populate the **Identity** block with the retrieved data. {{digital_identity.png?500%}} ===== Profile ===== If you have selected fields in the **Information Entry** step, this is where you must configure the consistency between the data entered and the data extracted from the identity document. ===== Supporting Documents ===== You can extract and verify the authenticity of the documents using various checks, depending on the type of document provided. It is also possible to verify the document by cross-checking the extracted data with the fields you have selected. ===== Holder Control ===== **Active liveness check**: The user must complete two random challenges (e.g., turn their head left/right, open their mouth…) to confirm they are not a deepfake. **Passive liveness check**: The user must take a photo of their face. **Biometric facial comparison with the ID document**: The user must take a selfie. The extracted face will be compared to the photo on the ID document. **/!\ On a PC, the user can use their device’s camera. However, we recommend redirecting the user to their mobile device for better photo quality and a more intuitive experience.** ====== Settings ====== ==== Authorized identity documents ==== As part of the customizable online process of Docaposte, or in the case of collecting an identity document associated with an EIM (such as La Poste Digital Identity), you can select the authorized identity documents (National Identity Card, Passport, Residence Permit, and Driving Licence in card format). ==== Protection level against injection attacks level ==== As part of a **passive** liveness check, the user will need to take a picture of their face. Three levels can be configured: * Disabled: only presentation attack detection will be enabled * Intermediate: if the user is on a Chromium-based browser, we can verify that no video stream is injected; control is inactive on Firefox. * Advanced: if the user is on a Chromium-based browser, we can verify that no video stream is injected; if the user is on Firefox, they will be instructed to change browser. ==== Default country (dial code) for phone numbers ==== Country code suggested by default when a number must be entered for receiving an OTP by SMS, as well as when switching from a landline or tablet to a mobile phone. ==== Authorized proofs of life ==== As part of an **active** liveness check, the user must complete challenges configurable at this level. ==== Name to display in the SMS ==== If the sender’s name should differ from the company name in ID360 when sending an OTP by SMS, or when switching from a landline or tablet to a mobile phone, it should be entered here. ===== Interface Customization ===== ID360 allows interface customization: the logo, button colors, and text colors can be adapted to your graphic charter. ===== Applications Allowed to Use the process ===== **The application** refers to your **business application** and is used to configure the **credentials** to be deployed on the server. **Important**: Make sure to select the appropriate application from the list of “Applications allowed to use this process.” Multiple applications may have been created beforehand, and it’s possible to authorize one or more to use this process. Once this step is complete, click **Validate** to finalize the configuration.