What does Safe Harbour mean in the context of Digital Identity verification?
Safe Harbour is a new standard outlined in Practice Guide 81 by the government to ensure secure online verification of a client's identity for conveyancers.
The HM Land Registry introduced the first Digital Identity Standard on March 12, 2021, which provides a detailed list of requirements for conveyancers to follow when using digital services to verify a client's identity.
While conveyancers have the option to adopt this standard, those who comply with it will be granted Safe Harbour. This means that if a client turns out to be someone other than who they claimed to be, HMLR will not take any legal action against the conveyancer who followed the standard.
Digital Identity Standard sets out 4 specific requirements that must be met to attain Safe Harbour.
Requirement 1:
Obtain evidence that verifies the person you are representing is who they claim to be. To fulfil this requirement, you need to check cryptographic security features from the provided evidence.
The acceptable forms of evidence for this requirement include:
biometric passports meeting the International Civil Aviation Organisation (ICAO) specifications for e-passports,
identity cards from an EU or EEA (European Economic Area) country following the Council Regulation (EC) No 2252/2004 standards and containing biometric information (not supported through the Checkboard app),
and a UK biometric residence permit (not supported through the Checkboard app).
Requirement 2:
Ensure that the evidence provided by the client is not counterfeit and still valid.
One way to do this is by utilising an identity check provider such as Checkboard to verify the evidence, which involves using Near Field Communication (NFC) in addition to the following steps:
Verify that the digital signature corresponds to the organization that issued the evidence.
Confirm that the signing key belongs to the organization and has not been invalidated.
Extract the biometric information that is required for the third requirement.
Requirement 3
After completing Requirements 1 and 2, you need to verify that the evidence you obtained matches the identity of the person you are representing.
This can be done by comparing the biometric information obtained from a liveness check to the biometric information from the chip (NFC) checked in Requirement 2.
To meet this requirement, we will:
Conduct a liveness check using photographs or videos to confirm the person's identity
Detect presentation attacks to prevent anti-spoofing
Collect biometric information in controlled conditions that do not affect accuracy (such as adequate lighting and minimal noise)
Use a biometric algorithm that meets recognised benchmarks, such as the National Institute of Standard and Technology’s (NIST’s) face recognition vendor test guidance
Have a maximum false match rate (where the system incorrectly identifies the individual) of 0.01%
Have a maximum non-false match rate (where the system incorrectly rejects the individual) of 1%.
Requirement 4
Obtain evidence to ensure that the person or entity transferring, borrowing or leasing the property is the same as the owner. To connect the individual to the property, HMLR requires two types of evidence.
Thirteen different types of evidence are currently accepted to link the individual to the property, including utility bills, bank or building society statements dated within the last three months, local authority council tax bills for the current financial year, or original mortgage statements from a recognised lender for the last full year.
A comprehensive list of the accepted documents can be found in 3.4 Requirement 4: obtain evidence to ensure the transferor, borrower or lessor is the same person or entity as the owner.