Identity verification

Know Your Customer

Organisations with PII data on EU citizens have been tasked with bringing their workflows up-to-speed in order to align internal practices with the new General Data Protection Regulations (GDPR) coming into force. Large organisations, in particular, need to ensure that the handling and dissemination of customer data follows a workflow that protects the security of individual’s information. Before an organisation can address individual’s GDPR requests, case handlers and frontline staff need to ensure that the customer they’re communicating with is, in fact, who they say they are. The need for identity verification is a critical prerequisite in the fulfilment of GDPR-relevant requests.

Ensuring Compliance

Civica's Case Management Platform is specifically designed to manage and report on cases originating from GDPR related requests, such as:

  • Subject Access Requests 
  • Individual Rights Requests 
  • Disclosure Requests 
  • Incident or Breaches

Correctly confirming the identity of an individual is an absolute must. This is exceedingly important when customers submit a subject access request (i.e., a request for information). Erroneously compromising customer data by sharing it with another party can cause a wide variety of regulatory and compliance issues. Therefore, it is critical that an identity verification process be both accessible yet stringent.

Integrated Customer Verification

The Case Management platform integrates the identity verification process into multiple case types across different stages, such as part of an initial assessment or when a new right request is submitted. In the latter scenario, customers are asked to provide their email address, mobile number or a reference number so that their details can be matched in the Case Management platform. Email and SMS text message validations are performed as verification measures. Civica strives to ensure that ease-of-use is a core feature of all of our solutions. This is also true in the Case Management platform, where frontline users and case handlers are provided with a straightforward path to managing cases. Intuitive “What’s next” and “What’s done” panels guide your staff from one stage to the next, including requester identity verifications.

Initial Assessment Verification

The initial assessments of new cases provides an opportunity for case handlers to ensure they have enough information to be sure of the requester’s identity. Verifying identity is initiated when the platform asks the case handler whether the customer’s identity has been:

  • Provided: Select an identification type from a configurable drop-down list;
  • Not Required: Complete a text entry box explaining why identity verification is not needed for this case; or, 
  • Not yet Provided: Select how customer identity verification should be secured.

If not yet provided, the case handler can opt to verify the customer’s identity through:

  • Documentation: Requester can be asked to electronically submit an identification document;
  • Telephone: The case handler can verify the customer via telephone; or,
  • EMail, SMS or by post: A verification link is sent to the requestor wherein the requestor can follow online instructions to verify his/her identity.

The first two options are often pursued when the organisation does not know—or does not have a working relationship with—the customer. Verification via email, SMS or post is typically done when there is a history between the parties, but confirmation is needed to ensure that the requester is genuine.

Effective Communication

Civica's Case Management platform operates under the premise that effective communication facilitates understanding, transparency and overall efficiency. This applies to all parties and relationships, whether internal (e.g. between case management colleagues) or external (e.g. between the organisation and its customers).

Internally, frontline staff and power users can easily collaborate and share information when working on GDPR related cases. The Case Management platform automatically notifies stakeholders whenever the need arises, such as when a new case is assigned or when a customer submits identity verification documents. Externally, the Case Management platform acts as a fully self-contained environment in terms of communications. Emails can be composed and sent directly from within the platform — automated features proactively create ID verification links and enable case handlers to quickly send emails to customers using personalised template content. The seamless integration of identity verification features within a highly collaborative and workflow-centric environment means that your organisation is less likely to encounter GDPR compliance issues. Comprehensive audit trails coupled with secure data delivery features result in a case management framework that prioritises data security, transparency and regulatory compliance.