The purpose of this documentation is to provide a better understanding of the GiroIdent 2.0 (KYC) service and support for implementing it in the customers' own ecosystem. This serves as a companion to the API Swagger documentation which can be found here.

GiroIdent is designed to rely on the finAPI OAuth 2.0 Standard for authorizing applications and users. The GiroIdent services can only be used with a valid access user token. To learn more about authentication and obtaining such a token please refer to the the “Getting Started (pre-requisites)” section in this documentation.

Introduction

The GiroIdent Service is based on a set of Checks. As a partner application, the recommended integration of these checks is as follows:

  1. Partner application calls GiroIdent service Create Check with the relevant parameters. GiroIdent returns a GiroIdent Redirect URL.

  2. Partner application sends (redirects) the user to “Web Form Redirect URL".

  3. The user follows GiroIdent UI and grants GiroIdent access to her bank account.

  4. The GiroIdent UI will optionally redirect the user to a result URL if configured by the partner application (via query parameters appended to the Redirect URL).

  5. The partner application checks the GiroIdent result using the Get Check service and displays the result.

Variants and Features

Basis

Plus

GwG (§14)

GwG Total (§12)

Successful bank account login by the user

x

x

x

x

Matching user name with account holder name(s)

x

x

x

x

SCHUFA Identity Check: matching user name, address, birthday with persons know to SCHUFA

x

x

x

SCHUFA proven Identity (2): user details match a person known to SCHUFA with verified identity.

x (1)

x (1)

IBAN verification: user IBAN matches the account the user logged in.

x

x

SCHUFA Account Check: User details and IBAN are matching account details known to SCHUFA.

x (1)

x (1)

Successful micro-payment from the user account

x

(1): SCHUFA Account check results are provided by default, the SCHUFA proven-identity_evaluation is only provided if the Account Check was not successful.

(2): GiroIdent Plus uses SCHUFA Identity Check variant “Standard”, and does not return “proven identity” information; GwG and GwG Total use the variant “Premium”, which includes “proven identity”.

GiroIdent Predefined Identity Check (KYC) Flows

GiroIdent Basis

draw.io

Variants:

  • if the user has not provided an IBAN or BLZ on the API, he will be asked to select a bank in the webform.

  • If the user already created for using finAPI Access or DI, step 1 and 5 are not relevant. If additionally a bank import has been executed in the scope of Access, no redirect URL will be provided, and step 3 will be skipped.

Initiate a new GiroIdent Basis check

Validates the user identity based on the provided first- and last name, by performing the following steps:

  1. First and last names are provided. Optionally IBAN, BLZ.

  2. User performs a bank login, after being redirected by the client application to the URL provided by GiroIdent. GiroIdent retrieves bank account details.

  3. Using an advanced SCHUFA algorithm, GiroIdent calculates the similarity between the name provided and bank account information.

Query the GiroIdent Basis check result

For the given check (-id), status for the check process, and results for the user name validation is provided.

GiroIdent Plus

draw.io

Initiate a new GiroIdent Plus check

Validates the user identity based on the provided user details by performing the following steps

  1. First user details are provided. Optionally IBAN, BLZ.

  2. User performs bank login, after being redirected by the client application to the URL provided by GiroIdent. GiroIdent retrieves bank account details.

  3. Using an advanced SCHUFA algorithm, GiroIdent calculates the similarity between the name provided and bank account information.

  4. The SCHUFA Identity Check (Basic variant) validates the provided user details.

Query the GiroIdent Plus check result

For the given check (-id), status for the check process, and results for the user name and identity validation is provided.

GiroIdent GwG (§ 14 GwG - Vereinfachte Sorgfaltspflichten)

draw.io

Initiate a new GiroIdent GwG check

Validates the user identity based on the provided user details incl. an IBAN by performing the following steps:

  1. First user details are provided. Optionally IBAN, BLZ.

  2. User performs bank login, after being redirected by the client application to the URL provided by GiroIdent. GiroIdent retrieves bank account details.

  3. Using an advanced SCHUFA algorithm, GiroIdent calculates the similarity between the name provided and bank account information.

  4. The provide IBAN is validated against the received account information.

  5. The SCHUFA Bank Account Check plus IBAN is used to validate the user input.

  6. Only if the Account Check was not positive: The SCHUFA Identity Check (Plus variant) validates the provided user details.

Query the GiroIdent GWG check result

For the given check (-id), status for the check process, and results for the user name and identity validation is provided.

GiroIdent GwG Total (§ 12 GwG), i.e. SCHUFA MyConnect

FinAPI offers the complete KYC flow according to § 12 GwG in partnership with SCHUFA.

The end-to-end customer flow ensures full AML compliance, including a Qualified Electronic Signature as per the legal requirements.

finAPI Verifies the proven identity of the end-user (Name, Address, DOB, Bank account) by using finAPI access to bank account capabilities and Schufa data. Additionally, it allows the end-user to perform a “reference bank transfer” as requested by the § 12 GwG.

For more information on the SCHUFA MyConnect flow, please reach out to us via support@finapi.io


draw.io

Initiate a new GiroIdent GwG Total check

Validates the user identity based on the provided user details by performing the following steps:

  1. First user details are provided. Optionally IBAN, BLZ.

  2. User performs bank login, after being redirected by the client application to the URL provided by GiroIdent. GiroIdent retrieves bank account details.

  3. GiroIdent provides in the state REDIRECT_PAYMENT a second redirect URL to execute a small payment. User initiates a small amount payment, after being redirected by the client application to the URL provided.

  4. Using an advanced SCHUFA algorithm, GiroIdent calculates the similarity between the name provided and bank account information.

  5. The SCHUFA Bank Account Check plus IBAN is used to validate the user input.

  6. Only if the Account Check was not positive: The SCHUFA Identity Check (Plus variant) validates the provided user details.

Query the GiroIdent GWG check result

For the given check (-id), status for the check process, and results for the user name and identity validation is provided.