Identity proofing with 360 Identities
Boost client conversion while preventing fraud
Certified Swiss identity proofing service provider (IPSP) via NFC chip reading for customer onboarding and KYC workflows
Last update: 15 July 2026
Topics
Authentication server
Authorization server
Biometrics
Cryptography
Device fingerprinting
Device onboarding
Digital fraud prevention
Digital identities
Digital onboarding CDD
E-banking access
Fraud intelligence
Identity and access management (IAM)
Identity proofing
Injection attack detection (IAD)
Liveness detection
NFC chip reading
Public Key Infrastructures (PKI)
Presentation attack detection (PAD)
Sole control
Transaction authentication
"360 Identities completely eliminates digital identity fraud by relying solely on the digital chip in the ID, rather than on its vulnerable physical surface. We create a biometric anchor that connects and protects people and devices, including AI agents."
Fully automated identity proofing compliant with ETSI standards.
360 Identities is fast (< 3 minutes) and fully automated ("self-service") without human interaction. It performs unattended remote digital identification through biometric chip capture under ETSI TS 119 461, AMLA's RTS on Customer Due Diligence and FINMA Circular 2016/7 Margins 32-39 ("Online identification").
Radio frequency identification (RFID) with NFC chip reading.
The Near Field Communication (NFC) protocol enables data exchange within a range of 4 cm and is set to become the new gold standard for remote identity proofing. Most passports worldwide have an NFC chip that can be read (here). By 2030, biometric chips will also feature in most Swiss and European ID cards.
Liveness detection with zero tolerance for fraud (APCER = 0%).
Instead of investing resources in AI-powered tools to detect fraud only after it has occurred, block attackers as early as during identity verification. Combine identity document checks with a liveness detection component to create a tamper-proof biometric anchor as a baseline across all your channels and devices.
Prevent fraud 100% by sorting out fake customers from day one.
We draw on best-in-class email intelligence and screen billions of fraudulent emails right at client origination. 360 Identities completely prevents identity fraud by relying solely on the digital chip in an identity document, and not its high-risk printed surface.
Use geolocation tools to avoid dealing with sanctioned regions.
Blind reliance on customer self-declarations no longer meets regulatory expectations.
Verify both the customer's identity and their actual location by capturing the IP address. Spot discrepancies in location and ensure you don't provide goods or services to prohibited areas.
Authenticate people, their AI agents, and critical transactions.
360 Identities secures mission-critical transactions such as authenticating customers and AI agents, digital signatures, payments, and KYC workflows using a biometric anchor certified to ZertES and eIDAS - giving you the highest level of trust offered on the market.
Pricing models
Up to 1,000 identifications per year
CHF 4.00 per applicant
- Minimum: CHF 1,200 p.a.
- Support CHF 280 / hour
- No monthly usage fee
Up to 10,000 identifications per year
CHF 3.00 per applicant
- Minimum: CHF 3,000 p.a
- Support CHF 280 / hour
- No monthly usage fee
Over 10,000 identifications per year
CHF 2.00 per applicant
- Minimum: CHF 6,000 p.a.
- Support CHF 280 / hour
- No monthly usage fee
What is identity signal integrity
If it is indeed true that "personality is an unbroken series of successful gestures" (The Great Gatsby), then digital identity is an unbroken series of successful authentications and verifications between machines.
We believe that viewing digital identity as a continuous stream of trustworthy signals - rather than a one-time pass/fail check - is a more faithful implementation of the principles of the zero trust architecture.
Identity signal integrity is the confidence that the totality of identity attributes relating to the initiator of a digital transaction are trustworthy.
Identity signals include:
- Network environment and IP address
- Device footprint
- Login credentials
- Authentication and session tokens
- Expected user behaviour
What is the business context for identity proofing and how can you integrate
The business context for the identity proofing with 360 Identities could be the need to conduct an electronic transaction that requires strong customer authentication, such as when a user wishes to generate a qualified electronic signature (QES) on a digital signature platform such as 360 Signatures (here), also operated by 360core, in order to sign a contract with a signature equivalent to the handwritten signature, or open a bank account digitally.
In general, 360 Identities can be integrated into customer user journeys, business processes, and workflows in several ways:
- Deeplink or QR code in a web or mobile application: The applicant is presented with a deeplink or QR code starting the identity proofing process including guidance for downloading 360 Identities on a common marketplace
- App-to-App: if already installed, 360 Identities can be launched via a relying party’s own app
360 Identities gives identity assurance
The data points returned by 360 Identities can be used by relying parties (that is, relying on the accuracy of the identity information) to issue legally valid qualified electronic signatures (for example to sign a document or authenticate an AI agent) or to generate other certificates such as electronic seals (typically used to certify the integrity of important emails, digital documents such as invoices, or submissions to authorities).
Generally, the identity assurance issued by 360core can be used for any online transactions where a digital identity is associated with an electronic document, an email, a webform or any other important data exchange:
Business contexts for 360 Identities include:
- Customer authentication
- AI agent authentication
- Signatories management
- Age verification
- Onboarding and KYC workflows
- Ongoing due diligence
- Transaction authentication
What is the output of 360 Identities for relying parties such as financial institutions, online marketplaces, government agencies, AI agents
The output of 360core’s identity proofing process (“export payload”) or, in data protection terminology, the full scope of its personal data processing activity, comprises the following collected and validated identity attributes of online users ("applicants"), derived from the input of their digital identity document and the biometric selfie liveness video.
Data points returned by the API of 360 Identities
1. Connection data - Captured from network
- IP address, VPN signals of the ID holder
- Mobile device footprint of the ID holder
- Web browser information of the ID holder
2. Passport data: Textual (DG1, DG11) - Captured from chip
- Document code / type: National or ordinary passports (PP), Emergency passports (PE), Diplomatic passports (PD), Official and service passports (PO), Refugee passports (PR), Alien and non-citizen passports (PT), Stateless passports (PS), Laissez-passer passports (PL), Military passports (PM)
- Issuing state or organization: Three-letter ISO 3166 code, in addition to special codes as outlined in ICAO 9303 Part 3, Section 5 (here)
- Document or passport number: Nine-digit alphanumeric string as given by the issuing state or organization to uniquely identify the document
3. Personal data: Textual (DG1, DG11) - Captured from chip
- First name, middle name, last name: The full name of the holder, as identified by the issuing state or organization
- Date of birth: The document holder’s date of birth as recorded by the issuing state or organization
- Gender: Female (F), Male (M), Unspecified (<)
- Nationality: Three-letter ISO 3166 code representing the holder's nationality
- Place of birth: Field optionally used for the city and state of the holder’s birthplace
- Optional personal data elements: Optional data elements (such as personal identification numbers given to holders by the issuing state or organization) accommodate the diverse requirements of issuing states and organizations while maintaining sufficient uniformity to ensure global interoperability
4. Personal data: Imagery (DG2, DG5) - Captured from document surface, chip, selfie video
- Image of the physical identity document: Captured through OCR (in jpeg format)
- High-quality portrait of the holder at date of document issue: Captured from DG2, DG5 (if available)
- 4 high-quality audit images of the holder at date of document capture: Captured from the selfie liveness video
- Signature: The holder's signature or usual mark captured from the NFC chip
5. Document data: Textual (DG1, DG11) - Captured from chip
- Date of issue: Date in accordance with the Gregorian calendar
- Authority or issuing office: Used to indicate the issuing authority or issuing organization and, optionally, its location
- Date of expiry: Date in accordance with the Gregorian calendar
- Optional document data elements: This field may include (i) necessary endorsements as to entitlements which attach to a visa such as 1. the maximum authorized duration of stay, 2. conditions related to the granting of the visa, 3. the date of issue if different from the "Valid from" date, and 4. record of any fees paid; (ii) an optional signature or authorization which may be the signature of the issuing officer or an official stamp
Quick start
Product features of 360 Identities - Version 1.0.13
Business logic
- Attribute and evidence collection: Extraction of identity attributes from the physical identity document’s visual inspection zone (VIZ) and machine readable zone (MRZ)
- Attribute and evidence validation: Determine the freshness, reliability, and consistency of the collected identity attributes including, where available the validity of the supporting identity document
- Validation of the electronic machine readable travel document's (eMRTD) country signing certificate through the ICAO PKD (Public Key Database)
- Binding to applicant: Liveness detection through a video selfie in order to verify that the applicant is the legitimate passport holder and not a bad actor using spoofs presented to the camera
Usability
- Dedicated app: 360 Identities is available for download in the App Store or on Google Play
- Desktop and mobile version
- Clear UI optimized specifically for reading NFC chips: Tutorials help users adapt to this new technology
- In-context user guidance: A short explanatory video demonstrates how to scan an ID using NFC to boost conversion
- Language support: All workflows including emails in 4 languages (EN, DE, FR, IT)
- Technical Support Hotline: Support in EN, DE, FR, IT during office hours (+41 44 700 28 88)
- Productivity connectors: Integration into the eSignatures solution
360 Signatures (here), our DMS
360 Documents
(here), our financial-grade CRM
360 Relationships
(here), and
360 Screenings
(here), a background checks tool
Regulatory
- Comply with Art. 3 AMLA ("Verification of the identity of the customer"): "When establishing a business relationship, the financial intermediary must verify the identity of the customer on the basis of a document of evidentiary value"
- Comply with Art. 5 AMLA ("Repetition of the verification of the identity of the customer"): "If doubt arises in the course of the business relationship as to the identity of the customer or of the beneficial owner, the verification of identity [...] must be repeated"
- Audit-proof retention of the captured evidences for 10 years in accordance with OR Art. 958f
- Automated identity or age verification: One-time video ID check to qualify for QES signatures (operating hours: 24/7/365)
Security
- Data residency: All data is kept exclusively in Switzerland
- Privacy: Compliance with the Swiss Federal Act on Data Protection - FADP (here) and the EU's General Data Protection Regulation - GDPR (here)
- Full data portability: Art. 28 FADP and Art. 20 GDPR
- Information security: ISO 27001 certified data centres located in Switzerland in compliance with FINMA requirements
- Document retention policy: Uploaded identity documents and selfies are kept for 30 days and then deleted
- Ransomware protection: Regular 3-2-1 offline, offsite backup of your documents in Switzerland
Compliance hub
Related Reading
AMLA (2026) Draft Regulatory Technical Standards on Customer Due Diligence under AMLR 28(1) (here)
Gary Archer, Judith Kahrer, Michał Trojanowski (2025) Cloud Native Data Security with OAuth (here)
Frank Arretz (Hrsg.) (2022) Digitale Authentifizierung (here)
Alan Calder, Steve Watkins (2019) IT Governance: An International Guide to Data Security and ISO 27001/ISO 27002 (here)
Kévin Carta (2024) Biometric Data Injection Attacks on Facial Recognition used in Remote Identity Proofing (here)
Comité européen de normalisation (CEN) (2024) TS 18099:2025 (2025) Biometric data injection attack detection (here)
Biometric Update (2026) 2026 Injection Attack Detection Market Report and Buyer’s Guide (here)
ENISA (2021) Remote ID Proofing - Analysis of methods to carry out identity proofing remotely (here)
ENISA (2022) Remote Identity Proofing: Attacks & Countermeasueres (here)
ENISA (2024) Remote ID Proofing Good Practices (here)
ETSI (2026) ETSI TS 119 461 Electronic Signatures and Trust Infrastructures (ESI); Policy and security requirements for trust service components providing identity proofing of trust service subjects (here)
ETSI (2026) ETSI TS 119 431-1 Electronic Signatures and Trust Infrastructures (ESI); Policy and security requirements for trust service providers; Part 1: TSP services operating a remote QSCD / SCDev (here)
ETSI (2026) ETSI EN 319 401 Electronic Signatures and Trust Infrastructure (ESI); General Policy Requirements for Trust Service Providers (here)
FINMA (2021) Circular 2016/7 Video and online identification. Due diligence requirements for client onboarding via digital channels (here)
FINMA (2026) FINMA publishes guidance on managing digital fraud risks (here)
ICAO (2021) Doc 9303 - Machine Readable Travel Documents (here)
Internet Engineering Task Force (2003) RFC 3647: Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (here)
ISO 25456 Information technology - Biometrics - Biometric data injection attack detection (here)
ISO 27000:2018 Information technology - Security techniques - Information security management systems - Overview and vocabulary (here)
ISO 27001:2022 Information security, cybersecurity and privacy protection - Information security management systems - Requirements (here)
ISO 27002:2022 Information security, cybersecurity and privacy protection - Information security controls (here)
ISO/IEC 27005:2022 Information security, cybersecurity and privacy protection - Guidance on managing information security risks (here)
ISO 27017:2015 Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services (here)
Ev Kontsevoy, Sakshyam Shah, Peter Conrad (2023) Identity-Native Infrastructure Access Management (here)
Eve Maler (2026) Mastering Digital Identity (here)
NIST (2025) NIST SP 800-63 Digital Identity Guidelines (here)
Gilit Saporta, Shoshana Maraney (2022) Practical Fraud Prevention. Fraud and AML Analytics for Fintech and eCommerce (here)
Swisscom Trust Services (2026) Why must the evidence and log data be archived for a long time? (here)
André Tanner, Robert Iliev (2025) Kommentierung zu Art. 3 GwG (here)
Phillip J. Windley (2023) Learning Digital Identity (here)
Phil Windley
(2026) Dynamic Authorization - Adaptive Access Control
(here)
