Hello, how can we help you?
What is Verimi?
Verimi is the new European, cross-industry identity and data service. Verimi helps you manage your personal data, offers you a single, easy access point to many different online services and lets you see who you have authorized to access your data. In addition to which, you can safely store sensitive documents digitally and connect to e-Government services. In the future, digital administrative procedures and secure payments will also be possible with Verimi.
How can VERIMI benefit me?
With Verimi and a simple registration, you will be able to safely log-in into services offered by various companies and Government agencies. The use cases range from the safe log-in for flight bookings via verification of personal data with Government agencies to banking transactions. Verimi makes the need for registration forms and ever changing passwords a thing of the past. You can always keep an eye on whom you have made your data available to. Meanwhile, your data is encrypted at all times and remains on servers in Europe.
Who can use Verimi and how can I get started?
Everybody can use Verimi. All you need is your name, an email address and the creation of a unique password.
Is there a fee for using Verimi?
Verimi is free of charge for end users.
Which business model is Verimi based on?
Verimi supports its business partners by providing data released by the users for a specific purpose. Verimi receives commissions from these partners for these services.
Verimi as a European solution - what does that mean?
Verimi is the response to the European users strong awareness for data protection. We are therefore, exclusively building on the European data protection regulations. Verimi's partners need to follow the same principles. Verimi starts in Germany and plans to grow into a European identity and data service in the near future.
What makes Verimi different from other online data privacy solutions?
Verimi makes data privacy easy. Verimi lets you administer your data quickly and safely – at any time. A single registration will enable you to log into many digital services and applications with the Verimi log-in button – easily, conveniently and safely.
Verimi carries out continuous penetration tests by external institutions. A certification according to ISO 27001 is planned for the end of 2018. Internal privacy audits are held regularly. A data protection certification according to Art. 42 GDPR is also planned.
How does VERIMI work?
With a single-sign-on, users instantly get access to the various online services and authorities connected to Verimi. You can specify what data is made available to the services and authorities, and conversely, gain transparency about what data is being used. You can also utilize Verimi as a storage space for sensitive personal documents.
How does the VERIMI log-in work for online services?
You file your personal data with Verimi. You can then use the log-in to register with available Verimi partners. This is made possible with a link to the partner’s online services and your personal Verimi access information.
What does Verimi do about invalid or old data - e.g. when a driver's licence is withdrawn?
For documents that have a certain validity period, such as ID-cards, the expiration date is taken into account. The document will not be available after expiration. Users can also replace obsolete documents with current, verified versions and manually remove invalid documents. Users can furthermore replace outdated documents with current, verified versions and manually remove invalid documents.
How can I register?
All you need to register with Verimi is your name, email address and a password. The registration form can be found on the Verimi website. Alternatively, you can also register from a partner website. Your Verimi account will become available for use as soon as you have confirmed your email address.
How can I check my data and find out what information is stored from me?
You can precisely track which detail of your personal data has been made available to which partner under "My activities" in your Verimi account.
Where can I enter my data?
To update or supplement your data, click "My Profile" in the menu of your Verimi account,and manage your information under "My Data".
Which online services are available for use with VERIMI?
A list of online services available via Verimi can be found in the application. The list is continuously updated, new partners are successively added.
How can I add online services?
To add online services, click "My Verimis" in the menu of your Verimi account. This is where you can select new services and link them with your Verimi account.
How do I manage the release of my data?
You can provide individual settings for the access to your data whenever you link Verimi with a new service. Only you decide what data is shared with the service.
Can I send data updates to selected partners only?
This function is planned for future updates. Data updates will not be sent to all partners automatically, but only selected ones.
Where can I see who is using my data?
At any time, you can check who you have made your data available to under "My activities" in your Verimi account. This will show a logbook with all the information about your personal data.
How can I cancel connections with online services again? And will they keep my data?
To cancel a connection between my Verimi account and an online service, click "My Verimis" in the menu of your Verimi account. This is where you can delete individual connections to services. The respective online service keeps the data you have shared initially according to the requirements of data protection.
What can I do if I have forgotten my log-in data? How can I reset my password?
To reset the password, click "Forgot password?" on the Verimi log-in page. This takes you to the section that will help you to log into your account again.
What do I need the PUK number for?
You will be provided with the PUK number when you activate the two-factor authentication. The PUK is being used to reset your account if you have forgotten your access PIN for the two-factor authentication. It is therefore important to note this PUK number and keep it in a safe place.
Which browsers do I need in order to use Verimi?
Verimi can be used with all common browsers. For increased safety and security, we always recommend using the latest browser version.
To what extent can a new identity card be integrated?
Currently, it is possible to integrate the data of a new German identity card using the AusweisApp (eID) and PIN. As an alternative, the German ID card can also be verified with Verimi using video legitimation.
How can I delete my user account?
Cancelling a user account can be requested at any time. After confirming the cancellation, a timeperiod of six months begins. During this time, the account can be reactivated. After confirmation of the final deletion, the account including all associated data is irretrievably deleted.
Why is Verimi safe?
The operating model of Verimi separates the data from the key storage. Verimi manages the data, while encryption, decryption, and key management are performed by a certified trust center using hardware security modules (HSMs). Each user has an individual, hardware-protected key that Verimi has no access to. When the user account is deleted, the associated key is deleted from the trust center. A decryption of user data, even in system backups, is no longer accessible from this point on. <br> There is currently no plan to provide Verimi as open source. The security architecture is published as a white paper. Verimi is cooperating with various service providers in order to offer the product.
How does a two-factor authentication work?
A two-factor authentication will principally always query two factors to ascertain the identity of a user. One of these factors includes a normally created password belonging to the account. The second factor could be a PIN that is entered on a linked mobile device (e.g. telephone or iPad). If this is entered correctly, the user has validated in a second step that he or she is the owner of the device in question. On suitable devices, this can also be conveniently ensured by way of a fingerprint or facial recognition (e.g. touch ID / face ID). The two-factor authentication required by Verimi for sensitive user data helps us provide much greater security than would be the case with a single password.
What is LoA 1-4?
LoA means "levels of assurance", i.e. security level. The term derives from an international standard (ISO/IEC 29115) defining four security levels for the authentication of user identities on the internet. Level of assurance 1 (LoA 1) only requires minimal security measures and should thus only be used in situations where the possible damage due to misuse of the identification is negligible. Level of assurance 3 (LoA 3), which is used by Mobile Connect, amongst others, already requires two-factor authentication. Level 4 (LoA 4) calls for a personal proof of the user's identity. The Verimi platform permits all four levels of assurance, i.e. also identification with the eID procedure using the German ID ensuring LoA 4, for example.
What happens if the log-in data is stolen?
In case of a theft of the log-in data to your Verimi account, there is always the possibility to block your account via the customer service. This also blocks the associated online services accessing your data. Users have the option of unlocking their Verimi account via a second channel and setting a new password.
How exactly is the data encrypted?
The data is encrypted using the encryption algorithm AES and a key length of 256 bits.
How is Verimi certified?
We plan a security certification according to IS0 27001 until the end of 2018. The platform was developed together with research institutes and security experts of the partners involved. These parties have formulated, based on the necessary security requirements, the saftey measures that have been implemented. In addition, independent institutions have reviewed the platform (e.g., via penetration tests).
How exactly does Verimi protect my data?
Verimi protects user data by consistently implementing the IT protection goals of integrity, authenticity and availability. In this way, all user and connection data is encrypted for a specific session. Verimi provides a secure two-factor procedure for strong authentication of its users, which must be used at the latest when highly sensitive documents (e.g. ID documents) are made available. We guarantee the availability of our users\' data through geo-redundancy and intelligent scaling mechanisms within our backend. We are supported in the further development and maintenance of our security mechanisms by leading institutions from industry and science.
What is the advantage of European servers?
Storing the data on European servers means that the data and the manner in which it is stored are subject to European data protection regulations. This ensures a high security and data protection standard. Which is why Verimi stores all data on servers in Europe.
To what extent is Verimi compliant with the European General Data Protection Regulation (GDPR)?
As a provider of trust services, Verimi is committed to giving users complete control over their data. Verimi has therefore fully integrated the requirements of the European General Data Protection Regulation (GDPR) into its services.
How is the data protected against attacks from the internet?
Verimi protects itself and its users against attacks from the internet on various levels. All user accounts are individually encrypted. This means that the user data would even be protected if the systems are hacked. In which case, the users can only access sensitive data by way of a two-factor authentication, comprising of a password or using a biometric factor like a fingerprint. Their own data can also be fully protected with this process. This will provide the password with even better protection from unauthorized access.
Does Verimi know the credentials of the user?
The operating model of Verimi separates the data from the key storage. Verimi manages the data, while encryption, decryption and key management are handled by a certified trust center. Verimi thus has no access to the key material of the user. In addition, all passwords of the user are not stored in visible text, but is also encrypted. In the case of using a two-step authentication, the private key material remains on the user's digital device.
Which personal data do partners gain acces to, and what are they allowed to do with it?
The contracts Verimi enters into with all application partners regulate the use of the service and guarantee the high security and data protection standards. Inside the application, the users decide on an individual level which service providers/partners can access which data. The service providers do not know which other services a user sets up – every service provider is only provided with the data relevant to their services. This excludes the disclosure of one service provider\'s users data to another. This excludes cases where the user has given the wilful consent for the disclosure of data between partners i.e. for combined use cases.
What happens with the data shared by the user?
The data is stored in an encrypted form on the platform, and made available to the service providers the user logs in to, however only with granted consent.
Is the user tracked?
Verimi does not analyze which users log on to which service providers.
Can the stored data be destroyed in compliance with data protection regulations even in the event that Verimi has to cease business operations?
In the event of a business closure, all data will be deleted within 30 days.
Who are Verimi's shareholders and what value do they offer?
The shareholders of Verimi include Allianz, Axel Springer, the Bundesdruckerei, Core, Daimler, the Deutsche Bahn, Deutsche Bank mit der Postbank, the Deutsche Telekom, Giesecke+Devrient, Here Technologies, the Lufthansa as well as Volkswagen Financial Services. Coming from a wide range of different industries, the shareholders complement one another through their various clients and applications, as well as by their expertise with identification, security, financial and telecommunication technologies.
What does a company need to do to become a Verimi partner?
Verimi is designed as an open platform. The most important aspect is that partners need to stick to our data protection principles. We provide standard contracts as well as software development kits (SDKs) and interfaces (APIs) so that our partners can integrate their services with Verimi very easily. The initial experiences with Deutsche Bank, Bundesliga club <a href="https://www.eintracht.de/" target="_blank" class="link">Eintracht Frankfurt</a>, fin-tech start-up <a href="https://www.weltsparen.de/" target="_blank" class="link">Weltsparen</a> and others have shown how quickly, easily and safely Verimi can be integrated.
What does "open platform" mean?
Verimi has developed a cross-industry log-in and data service. Interfaces (APIs) enable every digital service provider and partner to integrate this service in their own platform so that their customers can rely on the easy log-in and data administration with Verimi. In this sense, the service is essentially open for use by all conceivable partners irrespective of their industry. This may in the future also include Government agencies or other organizations that wish to exchange data with citizens or customers safely and in turn meet our stringent security and data protection requirements.
What is Mobile Connect and how is it linked with Verimi?
Mobile Connect is an open mobile industry standard that has been adopted by Telekom, Vodafone and Telefonica in Germany, amongst others. It identifies users via their mobile number and mobile device after the first registration. To register in an application or with a web portal, for example, the user will be sent a text message with a link. The ability of mobile providers to uniquely trace telephone numbers and devices makes for clear identification. Mobile Connect offers greater security than using different passwords. Verimi is a partner and will integrate Mobile Connect in its services.
To what extent can Verimi as an identity management tool be used in an IT network?
The contractual integration of additional partners such as IT networks can be realized via the partner APIs of the open Verimi platform.
Emergency & Contact
How can I contact the Verimi team in person?
Our customer service is available at service@Verimi.com by email and at the telephone number 0800 8374644 from 6am to 10pm on Monday to Friday and from 10am to 6pm on Saturdays, Sundays and nationwide public holidays.
What do I do in an emergency, e.g. if my access data has been stolen?
In case of emergency, please contact our customer service via phone 0800 8374644 or email firstname.lastname@example.org.