Conformity assessment for eIDAS | identity Trust Management GmbH | identity Giro

Certificate SRC.00040.TSP.08.2020 Certificate SRC.00040.TSP.08.2020 // Amendment 1 Certificate SRC.00040.TSP.08.2020 // Amendment 2
Type of certificationConformity Assessment (eIDAS)
SRC certificate registration numberSRC.00040.TSP.08.2020
Valid fromAugust 27, 2020
Valid untilAugust 26, 2022
Certificate holderidentity Trust Management GmbH (formerly identity Trust Management AG)
Certified productidentity Giro
The audit includesThe conformity assessment of the identity management service identity Giro according to Regulation (EU) No. 910 / 2014 by the according to ISO 17065 accredited conformity assessment body of SRC and the following amendments for the conformity assessment:

  • Amendment 1: Integration of verimi and remediation of non-conformities identified in the initial conformity assessment.
  • Amendment 2: Conversion of identity Trust Management AG into identity Trust Management GmbH, termination of cooperation with the partner yes.
DescriptionThe identity Trust Management GmbH offers the identity management service identity Giro, which can be used by trust service providers as part of their trust service for the issuance of qualified certificates. Therefore, identity Trust Management GmbH is contractually bound as a commissioned third party for the identification process. As part of the process, already existing personal data is reused by identity Trust Management GmbH.

Identity Giro offers natural persons a way to identify themselves via an already existing account at a Payment Service Provider (PSP), usually a retail bank. At the time the user registers for an account at a PSP, the PSP is obligated to identify the user according to legal regulations (in Germany: According to Geldwäschegesetz (GwG)). Identity uses this collected identification data for its identification process.

During the process identity Trust Management GmbH asks for confirmation of the identity of the natural person from a PSP (subsequent use of personal data) and forwards this confirmation to the cooperation partner who commissioned the identification.

For the identification process the user has to choose a PSP first, which is cooperating with identity and where he has an already existing account. The cooperation partner at which the user wants to identify himself transmits the identification request – along with the identification data provided by the user – to the PSP and to identity Trust Management GmbH. In the following step, the PSP initiates a two-factor authentication of the user. Upon successful execution, the PSP shares its identification data of the user with identity. Identity compares the data set provided by the PSP with those provided by its cooperation partner. If both data sets are matching, identity Trust Management GmbH confirms the identity of the user to its cooperation partner.

SRC confirms, that the identity management service identity Giro is operated by identity Trust Management GmbH compliant to the requirements of Regulation (EU) No. 910 / 2014.