BSI starts work on ID and authentication standard


BSI has commenced work on PAS 499, a new standard for enhanced identity and authentication online.

Identity and authentication underpin all online transactions and recent legislative developments, ranging from the Electronic Identity, Authentication and Signatures Regulation (eIDAS) to the General Data Protection Regulation (GDPR), and financial services specific Payment Services Directive 2, have acknowledged the need for greater degrees of cyber security to be adopted. In order to provide greater clarity on how industry can best adapt to meet these regulatory challenges the MIDAS Alliance was formed to work with BSI on developing a standardised approach across industry.



PAS 499 gives recommendations for identity, validation, verification and authentication for online and services in this context. It covers privacy enhancing technologies (PET), personally identifiable information (PII), enrolment at different levels of assurance, strong authentication, anonymity and anti-money laundering (AML), liability, device identification, mutual authentication, and biometrics.

Andrew Churchill of the MIDAS alliance said: “Cybercrime and fraud are the fastest growing areas of criminal activity and vulnerabilities in identity and authentication practices account for much of this unwelcome growth.

“Adoption of enhanced identity and authentication techniques are essential to make secure the ever increasing number of online transactions and services that a successful digital economy needs. However if industry sectors adopt different approaches to achieve this, the resulting fragmentation will cause considerable discontent among businesses, the public sector and consumers.”

Related reading