Identity Verification Forms
What you need to complete and send us
By default, in 2Shakes we can verify NZ Drivers Licenses for you.
To give your clients the option to use a NZ Passport, you need to complete the following two forms:
If you also want to be able to verify people with Australian ID documents, you also need to complete the following:
There is lots more information below to help fill these forms in, which is worth looking at! For example, both the DIA and DVS forms must be typed, and your Privacy Policy must refer to the Privacy Act 2020.
NB: It is really important to say that with very few exceptions, an NZ address will still only verify with an NZ ID, and an Australian address will still only verify with an Australian ID. So people of one nationality living in the other country will be fine for ID, but not necessarily address.
Once you have the forms filled in please just email them through to support@2shakes.co.nz and we can get them all processed, thanks. That normally takes two weeks, and we will let you know when done.
Overall Tips
The DIA Agency and DVS forms must be typed.
Every part of both these forms must be typed, other than the signature. Also, please do check your forms for grammatical errors, they can be particular with applications.
We will check the forms before submitting to help ensure that your forms have the best chance of being accepted.
Since the forms are PDFs, the fields can be type using free PDF software like Acrobat.
You must have a Privacy Policy in place since you deal with personally identifiable information, and it must reference the Privacy Act 2020. Please send us your Privacy Policy (or a web link to it) with the other forms.
If you are worried about your Privacy Policy, we have put together some resources below that might help you.
Don’t forget to sign all the forms you are submitting before sending them to us.
Centrix Form Tips
We have pre-ticked AML/CFT Act 2009.
Remember to tick any other access purposes that your business needs.
DIA Form Tips
Remember: The form needs to be typed then signed.
Q1. If your business also has a trading name, please put this alongside the registered name.
We strongly advise you to put your business’s website address down. If you don’t have a website but you have a Facebook page for your business or something similar, feel free to put that web address down.
If you don’t have a website or social media page for your business, please put N/A for website address.
Q4. In your answer, do mention that you are a reporting entity under AML/CFT Act and are required to carry out Customer Due Diligence to meet the Act.
Q5. If you don’t have a Privacy Policy or the other policies mentioned, we recommended that you do create them. Your Privacy Policy must reference the Privacy Act 2020.
Q6. Like Q5. we recommend you have the documented plans.
Q7. This question is required. Briefly outline details of your security and risk management practices.
You may like to consider the following:
Do you have password policies in place and renew passwords regularly?
Do you use two factor authentication (2FA)? (NB: 2FA is mandatory in 2Shakes, as well as other software such as Xero).
Do you protect your business’ data and your customer’s?
Do you limit staff access to sensitive information on a ‘need to know’ basis?
Do you only collect data that is required to carry out business activities?
Do you regularly make secure, offsite backups or back up to the cloud?
Are staffed trained and aware of their responsibilities regarding risk management and security procedures?
DVS Form Tips
Remember: The form needs to be typed then signed.
Also, your Privacy Policy must be available as a link on your website - the form has a field to add the link.
The General Information on Page 2 much be completed with a summary of what your business does, and why you need access. E.g. We are an Accounting/Bookkeeping/Tax Agent/Legal/Real Estate Practice that needs to meet AML requirements.
The Australian DVS form already has the consent section completed with the wording your clients will agree to during the Biometric ID Verification process.
Privacy Policy Help
Question 5 of the DIA form asks if you have a Privacy Policy and to attach it to the form or provide a URL. If you don’t have one, we recommend you create one.
When creating a privacy policy, you may like to consider:
What client information do I collect?
What do I use this information for and why do I need it?
How long do I need to keep this information?
Who has access to this information?
Including a link to the 2Shakes policy in your own
See opposite for helpful resources.
Privacy Policy Resources
You can use the tool on the Privacy Commissioner’s website to help create your own privacy statements
Lawyers Kindrik Partners have a template for a privacy policy
If you are a member of a professional institute or professional body, you will have access to resources that will help you create a privacy policy
Business.govt.nz provide tips on what customer and employee information you should be keeping and ways to protect personal data
Digital.govt.nz has guidance information on privacy and and key privacy concepts
Info Security Policy Help
You are not required to send this policy in with your forms. You will need to provide this if asked.
You may like to consider:
What do you do to protect your business’s sensitive information
What is your plan when you have a breach
Who has system access
How will staff know how to comply with company information security policy
See opposite for helpful resources.
Info Security Policy Resources
Stuart Dillon-Roberts has written some articles with some great information on security policies and establishing an incident management plan. He has also provided helpful templates and checklists!
Connect Smart have a NZ SME toolkit to help businesses create security policies.
CERT NZ has guidelines on creating a cyber security policy for your business
Digital.govt.nz has information on security that is aimed at Government agencies, but it does also have some information on cloud service risk assessments
Risk Management Policy Help
Again, you are not required to send this policy in with your forms. You will need to provide this if asked.
If you don’t already have a risk management policy and are thinking about creating one for your business, you may like to consider:
What are the risks that my business could face?
How can I mitigate these risks?
How will staff know how to respond to these risks?
See opposite for helpful resources.
Risk Management Policy Resources
CERT NZ has several tips for businesses creating risk assessment policies
Digital.govt.nz has several resources specifically for the public sector, but they may help you understand many aspects of risk management in relation to your business.
Additional 2Shakes Privacy & Security Information
We would also like to mention that 2Shakes places the protection of data and the privacy of information as a top priority in the design and operation of our solution. We adhere to the principal of Privacy by Design – which means that Privacy and protection of data were designed into our solution from the beginning rather than added on at the end.
2Shakes was developed to meet the New Zealand Governments strict requirements for Privacy and Security, this means:
NZ Privacy Act requires that you only collect information that you need.
When you onboard with 2Shakes the fields and selections you make only ask for required information.
We have also designed our sign up process in a way that prevents inadvertent sharing of private information like IR numbers across different signing parties.ACC Privacy Assessment 2Shakes has passed a privacy assessment completed by NZ ACC.
This provides an independent confirmation that we deal with client private information appropriately.DIA 105 Questions 2Shakes has completed NZ Department of Internal Affairs 105 questionnaire on secure cloud computing for government.
This again provides an independent confirmation that we are storing client information safely and securely online.
Your information is stored securely on Microsoft’s world-class Azure Platform. Dual Australian data centers provide
geo-redundancy, and ensure data is in a trusted Five Eyes (FVEY) territory outside the U.S. Patriot Act.
See our Data Protection & Privacy Page for more information.