Digital identity verification
As a bank, we are required to check the Identity Document (ID) of new, internal and external, employees for authenticity and validity. As a supplier, you want the Rabobank onboarding process for your candidate to run smoothly. That is why Rabobank works with Rabobank Identity Services (RIS) for identity verification.
RIS ensures that:
- there is less manual work for you as a supplier;
- it reduces the chance of errors;
- the data quality improves;
- we are compliant.
Below you can read more about how RIS works and how the data is collected and stored.
What is RIS?
Rabobank Identity Services is an identity verification platform, in which various services are available regarding identification and validation. It is a collaboration between the European technology company Signicat and Rabobank.
How does RIS work?
For new employees, performing the ID check is simple. As a supplier, when offering candidates, you provide their email address, which is used only for RIS. Once a candidate is selected, an email is automatically sent with a link to start the ID check.
The candidate will be guided to properly submit the photo of the ID. RIS checks the ID for authenticity and validity. The ID data is automatically entered into Fieldglass.
The advantage is that you, as the supplier, no longer have to enter the ID data manually. This reduces the chance of errors and leads to improved data quality.
In the below video you'll see the steps and the explanation on how the ID-scan works and what candidates experience. Please pause the video to read the information on the slides carefully.
As an accredited supplier, you join Rabobank HR's remote onboarding process. There is no cost associated with this ID verification process. More information on how data is collected and stored can be found below in the frequently asked questions.
Frequently asked questions from suppliers
RIS has a contract with vendor Signicat who provides the Onfido ID scanning service to RIS. The Onfido ID scanning service is a 3rd party product. Signicat has a partner contract with Onfido.
The retention period with Onfido is configurable by Rabobank HR. Currently, the retention period is three days. After three days, all acquired data is deleted by Onfido.
Rabobank performs an annual audit of Signicat and Onfido by reviewing their SOC2 reports.
Despite Onfido being based in London, data storage takes place in Ireland and the ID scan assessment is processed in Bulgaria. Onfido uses Amazon Web Services (AWS) for data storage. For Rabobank HR, AWS storage is configured to EU, primarily in Ireland. Backup storage is in Germany.
Signicat access is restricted to authorized employees of Signicat and protection of assets has been defined and implemented by Signicat compliant to the ‘Access Control policy’.
Onfido access is restricted to authorized employees and material subcontractors (agents who review ID scan when AI gives unclear or consider).
Signicat has established an Assets Management Policy ISP004, to maintain control. This policy describes how assets requiring protection are identified and classified based on protection considerations related to confidentiality, integrity and availability. In addition, Signicat has established an ISP007 access control policy. This establishes common requirements for access control in Signicat. This ensures that access controls are implemented with consistency and high quality.
Onfido has implemented an information security framework based on Zero Trust principles. Access policies are based on device, status and user information. Device and user credentials are key controls, as are firewalls, a Zero Tolerance approach to critical and high-risk vulnerabilities, pen testing, daily security scans and robust logical access controls. Onfido employs an in-depth security strategy.
Amazon Web Services (AWS) uses a Security Policy, these security processes are contractually recorded.
As Rabobank, we are not allowed to have a copy of the ID of an external employee, unless they come from outside the EEA or Switzerland. A check is made on the authenticity and validity of the ID proof. Data that Rabobank is required to register on the basis of Art. 34.8.2 Collection Guidelines 2008 is read into Fieldglass. Therefore, no copy of the ID proof is kept at Rabobank.
The Citizen Service Number will not be not read in.
More information?
If you have other questions regarding the identity verification process, feel free to reach out to us via mail.