FAQ

Hello, how can we help you?

About

Verimi is the new European, cross-industry identity and data service. Verimi helps you manage your personal data, offers you a single, easy access point to many different online services and lets you see who you have authorized to access your data. In addition to which, you can safely store sensitive documents digitally and connect to e-Government services. In the future, digital administrative procedures and secure payments will also be possible with Verimi.

With Verimi and a simple registration, you will be able to safely log-in into services offered by various companies and Government agencies. The use cases range from the safe log-in for flight bookings via verification of personal data with Government agencies to banking transactions. Verimi makes the need for registration forms and ever changing passwords a thing of the past. You can always keep an eye on whom you have made your data available to. Meanwhile, your data is encrypted at all times and remains on servers in Europe.

Everybody can use Verimi. All you need is your name, an email address and the creation of a unique password.

Verimi is free of charge for end users.

Verimi supports its business partners by providing data released by the users for a specific purpose. Verimi receives commissions from these partners for these services.

Verimi is the response to the European users strong awareness for data protection. We are therefore, exclusively building on the European data protection regulations. Verimi's partners need to follow the same principles. Verimi starts in Germany and plans to grow into a European identity and data service in the near future.

Verimi makes data privacy easy. Verimi lets you administer your data quickly and safely – at any time. A single registration will enable you to log into many digital services and applications with the Verimi log-in button – easily, conveniently and safely.

Verimi carries out continuous penetration tests by external institutions. A certification according to ISO 27001 is planned for the end of 2018. Internal privacy audits are held regularly. A data protection certification according to Art. 42 GDPR is also planned.

How to

With a single-sign-on, users instantly get access to the various online services and authorities connected to Verimi. You can specify what data is made available to the services and authorities, and conversely, gain transparency about what data is being used. You can also utilize Verimi as a storage space for sensitive personal documents.

You file your personal data with Verimi. You can then use the log-in to register with available Verimi partners. This is made possible with a link to the partner’s online services and your personal Verimi access information.

For documents that have a certain validity period, such as ID-cards, the expiration date is taken into account. The document will not be available after expiration. Users can also replace obsolete documents with current, verified versions and manually remove invalid documents. Users can furthermore replace outdated documents with current, verified versions and manually remove invalid documents.

All you need to register with Verimi is your name, email address and a password. The registration form can be found on the Verimi website. Alternatively, you can also register from a partner website. Your Verimi account will become available for use as soon as you have confirmed your email address.

You can precisely track which detail of your personal data has been made available to which partner under "My activities" in your Verimi account.

To update or supplement your data, click "My Profile" in the menu of your Verimi account,and manage your information under "My Data".

A list of online services available via Verimi can be found in the application. The list is continuously updated, new partners are successively added.

To add online services, click "My Verimis" in the menu of your Verimi account. This is where you can select new services and link them with your Verimi account.

You can provide individual settings for the access to your data whenever you link Verimi with a new service. Only you decide what data is shared with the service.

This function is planned for future updates. Data updates will not be sent to all partners automatically, but only selected ones.

At any time, you can check who you have made your data available to under "My activities" in your Verimi account. This will show a logbook with all the information about your personal data.

To cancel a connection between my Verimi account and an online service, click "My Verimis" in the menu of your Verimi account. This is where you can delete individual connections to services. The respective online service keeps the data you have shared initially according to the requirements of data protection.

To reset the password, click "Forgot password?" on the Verimi log-in page. This takes you to the section that will help you to log into your account again.

You will be provided with the PUK number when you activate the two-factor authentication. The PUK is being used to reset your account if you have forgotten your access PIN for the two-factor authentication. It is therefore important to note this PUK number and keep it in a safe place.

Verimi can be used with all common browsers. For increased safety and security, we always recommend using the latest browser version.

Currently, it is possible to integrate the data of a new identity card with video legitimation. The new identity card will then be eligable for integration to Verimi via the online function itself or by using the AusweisApp of the German authorities.

Cancelling a user account can be requested at any time. After confirming the cancellation, a timeperiod of six months begins. During this time, the account can be reactivated. After confirmation of the final deletion, the account including all associated data is irretrievably deleted.

Security

The operating model of Verimi separates the data from the key storage. Verimi manages the data, while encryption, decryption, and key management are performed by a certified trust center using hardware security modules (HSMs). Each user has an individual, hardware-protected key that Verimi has no access to. When the user account is deleted, the associated key is deleted from the trust center. A decryption of user data, even in system backups, is no longer accesible from this point on. <br> There is currently no plan to provide Verimi as open source. The security architecture is published as a white paper. Verimi is cooperating with various service providers in order to offer the product.

A two-factor authentication will principally always query two factors to ascertain the identity of a user. One of these factors includes a normally created password belonging to the account. The second factor could be a PIN that is entered on a linked mobile device (e.g. telephone or iPad). If this is entered correctly, the user has validated in a second step that he or she is the owner of the device in question. On suitable devices, this can also be conveniently ensured by way of a fingerprint or facial recognition (e.g. touch ID / face ID). The two-factor authentication required by Verimi for sensitive user data helps us provide much greater security than would be the case with a single password.

LoA means "levels of assurance", i.e. security level. The term derives from an international standard (ISO/IEC 29115) defining four security levels for the authentication of user identities on the internet. Level of assurance 1 (LoA 1) only requires minimal security measures and should thus only be used in situations where the possible damage due to misuse of the identification is negligible. Level of assurance 3 (LoA 3), which is used by Mobile Connect, amongst others, already requires two-factor authentication. Level 4 (LoA 4) calls for a personal proof of the user\'s identity. The Verimi platform permits all four levels of assurance, i.e. also video identification procedures ensuring LoA 4, for example.

In case of a theft of the log-in data to your Verimi account, there is always the possibility to block your account via the customer service. This also blocks the associated online services accessing your data. Users have the option of unlocking their Verimi account via a second channel and setting a new password.

The data is encrypted using the encryption algorithm AES and a key length of 256 bits.

We plan a security certification according to IS0 27001 until the end of 2018. The platform was developed together with research institutes and security experts of the partners involved. These parties have formulated, based on the necessary security requirements, the saftey measures that have been implemented. In addition, independent institutions have reviewed the platform (e.g., via penetration tests).

Data protection

Verimi protects user data by consistently implementing the IT protection goals of integrity, authenticity and availability. In this way, all user and connection data is encrypted for a specific session. Verimi provides a secure two-factor procedure for strong authentication of its users, which must be used at the latest when highly sensitive documents (e.g. ID documents) are made available. We guarantee the availability of our users\' data through geo-redundancy and intelligent scaling mechanisms within our backend. We are supported in the further development and maintenance of our security mechanisms by leading institutions from industry and science.

Storing the data on European servers means that the data and the manner in which it is stored are subject to European data protection regulations. This ensures a high security and data protection standard. Which is why Verimi stores all data on servers in Europe.

As a provider of trust services, Verimi is committed to giving users complete control over their data. Verimi has therefore fully integrated the requirements of the European General Data Protection Regulation (GDPR) into its services.

Verimi protects itself and its users against attacks from the internet on various levels. All user accounts are individually encrypted. This means that the user data would even be protected if the systems are hacked. In which case, the users can only access sensitive data by way of a two-factor authentication, comprising of a password or using a biometric factor like a fingerprint. Their own data can also be fully protected with this process. This will provide the password with even better protection from unauthorized access.

The operating model of Verimi separates the data from the key storage. Verimi manages the data, while encryption, decryption and key management are handled by a certified trust center. Verimi thus has no access to the key material of the user. In addition, all passwords of the user are not stored in visible text, but is also encrypted. In the case of using a two-step authentication, the private key material remains on the user's digital device.

The contracts Verimi enters into with all application partners regulate the use of the service and guarantee the high security and data protection standards. Inside the application, the users decide on an individual level which service providers/partners can access which data. The service providers do not know which other services a user sets up – every service provider is only provided with the data relevant to their services. This excludes the disclosure of one service provider\'s users data to another. This excludes cases where the user has given the wilful consent for the disclosure of data between partners i.e. for combined use cases.

The data is stored in an encrypted form on the platform, and made available to the service providers the user logs in to, however only with granted consent.

Verimi does not analyze which users log on to which service providers.

In the event of a business closure, all data will be deleted within 30 days.

Partner

The shareholders of Verimi include AllianzAxel Springer, the BundesdruckereiCoreDaimler, the Deutsche BahnDeutsche Bank mit der Postbank, the Deutsche TelekomGiesecke+DevrientHere Technologies, the Lufthansa as well as Volkswagen Financial Services. Coming from a wide range of different industries, the shareholders complement one another through their various clients and applications, as well as by their expertise with identification, security, financial and telecommunication technologies.

Verimi is designed as an open platform. The most important aspect is that partners need to stick to our data protection principles. We provide standard contracts as well as software development kits (SDKs) and interfaces (APIs) so that our partners can integrate their services with Verimi very easily. The initial experiences with Deutsche Bank, Bundesliga club <a href="https://www.eintracht.de/" target="_blank" class="link">Eintracht Frankfurt</a>, fin-tech start-up <a href="https://www.weltsparen.de/" target="_blank" class="link">Weltsparen</a> and others have shown how quickly, easily and safely Verimi can be integrated.

Verimi has developed a cross-industry log-in and data service. Interfaces (APIs) enable every digital service provider and partner to integrate this service in their own platform so that their customers can rely on the easy log-in and data administration with Verimi. In this sense, the service is essentially open for use by all conceivable partners irrespective of their industry. This may in the future also include Government agencies or other organizations that wish to exchange data with citizens or customers safely and in turn meet our stringent security and data protection requirements.

Mobile Connect is an open mobile industry standard that has been adopted by Telekom, Vodafone and Telefonica in Germany, amongst others. It identifies users via their mobile number and mobile device after the first registration. To register in an application or with a web portal, for example, the user will be sent a text message with a link. The ability of mobile providers to uniquely trace telephone numbers and devices makes for clear identification. Mobile Connect offers greater security than using different passwords. Verimi is a partner and will integrate Mobile Connect in its services.

The contractual integration of additional partners such as IT networks can be realized via the partner APIs of the open Verimi platform.

Emergency & Contact

Our customer service is available at service@Verimi.com by email and at the telephone number 0800 8374644 from 6am to 10pm on Monday to Friday and from 10am to 6pm on Saturdays, Sundays and nationwide public holidays.

In case of emergency, please contact our customer service via phone 0800 8374644 or email service@verimi.com.