Since July 2023, Polish citizens have been able to use a new type of identity document called mDowód, which is recognized on par with a plastic card. Since September 1, banks are required to accept mDowód in the mCitizen app. In practice, this means that banks need a system that allows customers to digitally verify their identity at the bank’s branches.
We have developed a set of tools to make it easier for banks to implement identity verification using mDowód:
We have embedded them in the Eximee Dashboard, one of the Eximee Low-Code Platform modules.
The identity verification process proceeds securely according to the following scenario:
The ministry provides a website to transfer and display customer data. So why do banks need a dedicated solution that follows the above scenario?
First – security. A customer must have no doubts about what data is pulled from the application and to whom it is shared.
In the case of the mWeryfikator application, a customer provides their data to an unknown person (whose identity is not verified or logged in any way) using a publicly available solution.
In a bank that uses the Eximee mObywatel Component, before confirming the transfer of data, a customer:
and all operations performed by an employee are logged and subject to audit.
Second – convenience. Customer data is immediately available in integrated banking systems and can be processed without having to rewrite it from a document.
Customer data can be used by unauthorized persons who have access to the system.
The Eximee mObywatel Component can be embedded in the bank’s systems (in this case, Eximee Dashboard), which can only be accessed by authorized employees with specific roles.
Employees may abuse collecting customer identity data.
Every action taken by employees, along with details about the customer data they’ve acquired and the context in which it was obtained, is meticulously recorded in the audit log. It provides a basis for analyzing employee operations and enables the detection of non-standard activity.
The data read from mDowód may not be consistent with the data stored in the bank’s customer registry.
The component integrates with banking systems and verifies the received data with the bank’s customer registry.
It allows employees (or the system!) to instantly compare data from different documents and detect any inconsistencies or the need for updates.
During a single visit to a bank branch, an employee may have to enter customer data several times.
Often, a customer wants to handle several matters in one visit to the branch, and each matter requires authorization or data retrieval.
In order for customers not to have to perform the mDowód authorization procedure several times, we have equipped Eximee mObywatel Component with a customer identity cache that stores data during the logged-in employee’s session. Data stored in a cache can be retrieved by various banking systems.
The core process flow of the authentication process is unified (it stems from the ministry’s guidelines). However, individual implementations differ in:
In the first example, the bank used the Eximee GUI component and Eximee API, which includes an audit log and customer identity cache. In this scenario, the bank does not prepare any elements on its own. All they need to do is obtain the BackSystem application from the ministry, which Eximee integrates with.
The bank already has a customer identification system (equivalent to Eximee mObywatel API). It decided to extend it to support mDowód. Eximee provides the mObywatel Component, consisting of:
The Eximee mObywatel Component can be embedded in different systems (e.g., any branch system), so the bank does not need to create a separate mObywatel verification service for each.
Your bank can leverage our ready-made mDowód solutions and expand them with additional functions, as needed. If you’re interested in what we can achieve together, schedule a meeting and let’s talk: https://eximee.com/book-a-meeting/#book-a-meeting