Skip directly to:Main content

Digital identity verification: Rabobank Identity Services

As a bank, we are required to check the Identity Document (ID) of new, both internal and external, employees for authenticity and validity. As a supplier, you naturally want the Rabobank onboarding process for your candidate to run efficiently. That's why Rabobank works with Rabobank Identity Services (RIS) for identity verification.

RIS ensures that:

  • there is less manual work for you as a supplier;
  • it reduces the chance of errors;
  • the data quality improves;
  • we are compliant.

Below you can read more about how RIS works and how the data is collected and stored.

What is RIS?

Rabobank Identity Services is an identity verification platform, in which various services are available regarding identification and validation. It is a collaboration between the European technology company Signicat and Rabobank.

How does RIS work?

For new employees, performing the ID check is simple. As a supplier, when offering candidates, you provide their email address, which is used only for RIS. Once a candidate is selected, an email is automatically sent with a link to start the ID check.

They are then guided to properly submit the photo of the ID. RIS checks the ID for authenticity and validity. The ID data is automatically entered into Fieldglass.

The advantage is that you, as the supplier, no longer have to enter the ID data manually. This reduces the chance of errors and leads to improved data quality.

As an accredited supplier, you join Rabobank HR's remote onboarding process. There is no cost associated with this ID verification process. More information on how data is collected and stored can be found below in the frequently asked questions.

Frequently asked questions from suppliers

  • How is the cooperation with RIS contracted?

RIS has a contract with vendor Signicat who provides the Onfido ID scanning service to RIS. The Onfido ID scanning service is a 3rd party product. Signicat has a partner contract with Onfido.

  • What is the data retention period?

The retention period with Onfido is configurable by Rabobank HR. Currently, the retention period is three days. After three days, all acquired data is deleted by Onfido.

Rabobank performs an annual audit of Signicat and Onfido by reviewing their SOC2 reports.

  • Where is the data stored?

Despite Onfido being based in London, data storage takes place in Ireland and the ID scan assessment is processed in Bulgaria. Onfido uses Amazon Web Services (AWS) for data storage. For Rabobank HR, AWS storage is configured to EU, primarily in Ireland. Backup storage is in Germany.

  • Who has access to (personal) data?
  1. Signicat access is restricted to authorized employees of Signicat and protection of assets has been defined and implemented by Signicat compliant to the ‘Access Control policy’.
  2. Onfido access is restricted to authorized employees and material subcontractors (agents who review ID scan when AI gives unclear or consider).
  • Which security measures are in place to ensure that (personal) data is safe?
  1. Signicat has established an Assets Management Policy ISP004, to maintain control. This policy describes how assets requiring protection are identified and classified based on protection considerations related to confidentiality, integrity and availability. In addition, Signicat has established an ISP007 access control policy. This establishes common requirements for access control in Signicat. This ensures that access controls are implemented with consistency and high quality.
  2. Onfido has implemented an information security framework based on Zero Trust principles. Access policies are based on device, status and user information. Device and user credentials are key controls, as are firewalls, a Zero Tolerance approach to critical and high-risk vulnerabilities, pen testing, daily security scans and robust logical access controls. Onfido employs an in-depth security strategy.
  3. Amazon Web Services (AWS) maintains a Security Policy, of which an overview of security processes is available.
  • Is a copy of the ID kept at Rabobank?

As Rabobank, we are not allowed to have a copy of the ID of an external employee, unless they come from outside the EEA or Switzerland. A check is made on the authenticity and validity of the ID proof. Data that Rabobank is required to register on the basis of Art. 34.8.2 Collection Guidelines 2008 is read into Fieldglass. Therefore, no copy of the ID proof is kept at Rabobank.

  • What happens to the Citizen Service Number?

The Citizen Service Number will not be not read in.

More information?

If you have questions about this identity verification process, please send us an email via Vendormanagement.