The IDV Code of Practice Section 3 consists of Sections 14 to 18. Please find in the following information how 2Shakes meets each section:
Centrix SmartID matches information provided by individuals in real-time against trusted online databases. SmartID uses a method know as an Application Programme Interface (API) to allow the 2Shakes application to securely send client information that is verified directly against the source data systems. This means data is matched against the most up-to-date information available.
The SmartID service in 2Shakes has on average successfully verified an individual’s identity and address in over 85% of cases. In a further 10% of cases the identity was successfully verified with just the address needing to be verified manually. (Figures as at April 2020).
All information in 2Shakes is securely protected on Microsoft’s world-class Azure cloud platform. 2Shakes have resilient geo-redundancy across two data centres in Australia, maintaining data sovereignty since the information is in a 5-eyes country but not subject to the Patriot Act in the USA.
2Shakes has completed NZ Department of Internal Affairs 105 questionnaire on secure cloud computing for government. The system has also undergone security assessments from MBIE and ACC, as well as an ACC Privacy Impact Assessment. This again provides an independent confirmation that we are storing client information safely and securely online.
Access to 2Shakes is restricted by users’ names and passwords with optional 2-Factor Authentication.
All information transmitted from 2Shakes to Centrix is securely encrypted using industry standard protocols.
Electronic ID Verification can be completed by either the individual customer or the reporting entity entering the information into 2Shakes.
With the Send IDV Email option, ID information is collected remotely by sending the customer a unique URL link contained in an email. They click on the link, enter the required information, and consent to t being verified.
With the I’ll Do the IDV-Electronic option, the customer provides the reporting entity with the required information (through any means, including email, phone or in person). They also must provide consent for the information to be electronically verified. The reporting entity then enters the customer information for verification in 2Shakes, as well as confirming the verification has been consented.
2Shakes always carries out either a Passport or Driver License verification via DIA or NZTA respectively. No electronic ID Verification can be completed successfully in 2Shakes without either of these two documents being electronically verified. Before the issuing of a Driver License or Passport, DIA and NZTA ensure they have linked the document to the actual individual, including a photograph that includes the biometric link.
2Shakes also includes additional measures that also link the person to their claimed identity. Depending on how 2Shakes has been configured, additional links to the individual can come from:
2Shakes reminds reporting entities that the responsibility to ensure the information provided relates to the individual they are dealing with, ultimately rests with the reporting entity. If needed, the reporting entity should consider additional steps such as (but not limited to) meeting in person, video and/or telephone calls, or any other steps they wish to take to satisfy their AML Programme.
Any additional steps taken can be recorded in 2Shakes under Notes & Files for future review and audit purposes.
The following Government sources are used as the primary identification method:
The Passport or Driver License must be electronically verified for the ID Verification to succeed.
If the Passport or Driver License cannot be verified electronically, 2Shakes reverts the ID verification to Manual, and allows the reporting entity to record ID verification steps (including scanned files) in Notes & Files, and to mark the ID Verification as Done.
Along with a verified Driver License or Passport, SmartID completes the ID and address verification rules (see s15 above) using a comprehensive set of databases (as allowed for by the Credit Reporting Privacy Code 2004). These verification steps use the following Government and private, reliable, independent sources:
To comply with the code of practice while using 2Shakes, you can:
You can also insert similar text to the following, in your AML Programme:
As per the New Zealand Department of Internal Affairs Amended Identity Verification Code of Practice 2013. 2Shakes Limited is a reliable and independent method of carrying out Electronic Identity Verification. 2Shakes checks name, date of birth, address and PEP status from independent and reliable electronic sources. 2Shakes automatically matches on name to ensure that no person with this name has been identity checked before.
a. Depending on circumstances, 2Shakes can reliably and independently be used to:
i. Carry out an electronic Politically Exposed Person (PEP) check via Centrix, or
ii. Be used to record a PEP check result carried out in another system.
b. 2Shakes Limited electronic ID verification complies with Part 3 of New Zealand Department of Internal Affairs Amended Identity Verification Code of Practice 2013. Details of how 2Shakes Limited meets this code of standard, including the criteria outlined in section 17, are described here.
c. Details around the methods that can be used to supplement electronic identity verification are given here.
NB: You should always obtain independent expert and/or legal advice in relation to your AML Programme and how you as a reporting entity comply with the legislation.