New “Gold Standard” Digital Identification for Property Purchases
In what has been lauded as an “exciting milestone towards a truly digital conveyancing process”, HM Land Registry (HMLR) recently announced a new procedure for remotely verifying the identity of conveyancing clients in a bid to cut down on the number of fraudulent transactions.
The new Digital Identity Standard will enable individuals’ identities to be certified by commercial companies to a level of security sufficient for property transactions. In the event of fraud, conveyancers who adopt this process will be able to protect themselves from “recourse” claims from HMLR and any claims for compensation.
However, there is a fly in the ointment of progress, in that the proposed identity checks will only be available once commercially supportive products are on the market, and fears are, this will take months. And even then, if the individual does not have an up-to-date passport or European national identity card, the system will not work resulting in a two-tier system.
Reasons behind the proposed use of digital technology in ID verification
The Government and HMLR believe there is extensive demand across the conveyancing sector for more straightforward, convenient, and resilient solutions for identity verification. Because of various concerns surrounding the relative ease of money laundering and other fraudulent transactions, the scope for a higher standard using biometric and cryptographic technology cannot be ignored. Whilst also ensuring the conveyancer has certainty surrounding the discharge of their duty on ID verification in connection with land registration applications.
Unlike the current system, the new process cannot be fooled by fake images, and it is also designed to cope with changes to eyewear and hairstyles. The new system will not be mandatory, principally because of the lack of availability of compliant systems, but HMLR hope that more firms will be persuaded to adopt it because of the advantage of being able to claim “Safe harbour” by showing they followed compliant identification checks.
What is safe harbour?
A conveyancer who adopts the new approach will be deemed to have fulfilled their obligations to take reasonable steps to verify the individuals’ identity and reach “Safe Harbour”. This means that if the conveyancer can show they have followed all the steps described in the standard, HMLR will not pursue them or their firm if the transaction is found to be fraudulent on grounds that ID checks were not adequate.
Requirements of the Standard
Obtaining evidence of identity
A conveyancer must find out the person is who they say they are. To meet this requirement, the conveyancer must hold a form of evidence that can be checked by cryptographic security features within that evidence, for example, an electronically held photograph against which biometric facial recognition analysis can be made.
Acceptable forms of evidence meeting these requirements are:
- Biometric passports meeting the International Civil Aviation Organisation specifications for e-passports
- EU or EEA (European Economic Area) country identity cards following the Council Regulation (EC) No 2252/2004 standards and contains biometric information
- A UK biometric residence permit
Checking the evidence
The conveyancer must check that the evidence is not a forgery and is still current using an identity check provider, such as ThirdFort, to verify the documentary and cryptographic security features are genuine. The provider’s system must read the chip using Near Field Communication and then:
- Check the digital signature is correct for the organisation that issued the evidence
- Check the “signing key” belongs to the organisation and has not been revoked
- Extract the biometric data needed in requirement three below
It is important to remember that simply using a photograph of the document or the “Machine Readable Zone” does not meet the checking requirement.
Matching the evidence to the identity
The person presenting the information must match the photograph in the evidence provided. A conveyancer must use an identity provider to check the biometric information captured from a “liveness check” and that it matches biometric data in the chip within the evidence obtained.
To ensure this requirement is met, the identity check provider must:
- Use photographs or video of the individual presenting the information performing tasks which have been taken live as part of the checking process to confirm they are real (known as an enhanced “liveness test”).
- Be able to identify when someone is attempting to use a “presentation attack” also referred to as an anti-spoofing check.
- Ensure the individual’s biometric data is taken under controlled conditions that do not reduce or limit the accuracy of the type of biometric check being used. Things such as light, noise, and humidity can all impact on success rates for face biometrics.
- Use a biometric algorithm proven to be effective against recognised benchmarks such as the National Institute of Standard and Technology’s (NIST) face recognition test guidance
- Have a false match of a maximum rate of 0.01%
- Have a maximum non-false match rate of 1%
Obtaining evidence to ensure the transferor, borrower, or lessor is the same person or entity as the owner
The individual must be connected to the property by obtaining two examples from the following list of evidence:
- Bank or building society statements dated within the last three months
- Utility bills within the last three months
- Original mortgage statements from a recognised lender for the last twelve months
- Current UK or EEA photocard driving licences
- HMRC tax demands or self-assessment letters dated within the current financial year
- Insurance policy schedule for the property
- Current shotgun or firearms certificate/licence
- Credit cards bearing the Visa or Mastercard logo, Diners Club or American Express card, multi-function or debit card bearing the Visa or Maestro logo issued in the UK, and supported by an account statement less than three months old
- Copy of the agreement for purchase of the property
- Lettings agent agreement on headed paper
- Local authority building regulations sign-off for works undertaken to the property addressed to the individual
- Service charge demands addressed to the individual from a management company for the property
- Confirmation of a tenancy deposit scheme registration
If bank statements etc are to be relied upon, postal or online statements are acceptable providing, in the case of an online statement, it is evident it has been received or downloaded by the individual in question and refers to the subject property. Screenshots of online statements will not be considered satisfactory evidence.
Potential issues with a wholly digital identity verification process
- Because an individual has to prove their identity with a “liveness test” by a mobile phone app analysing their features and compares them with those embedded within their biometric passport, it is likely to be problematic for those who do not own a smartphone, or which is not equipped with the app. Neither will it work with an individual who does not have a current passport. These issues are more likely to adversely affect the elderly, many of whom do not have smartphones, and because of their age are not inclined to jet around the world.
- Individual lenders may not join the same scheme and have slightly different requirements.
- Even if the conveyancing firm can claim safe harbour, it may still affect their future insurance excess, and consequential rise in premiums thereafter.
This wonderful new “gold standard” system is predicted to form the basis of a government-wide digital identity scheme. Creating a national “trust framework” of digital identities suitable for a variety of purposes, with the potential for proving Covid-19 vaccination status on an individual basis.