Skip to main content

Digital Identity Glossary

The world of digital identity moves fast, bringing with it a complex range of technical standards and regulatory frameworks. For professionals managing authentication, security, and compliance, keeping track of this terminology can be a challenge. 

 

This glossary provides definitions for the core concepts driving the industry today. Use it as a practical reference to understand the technologies, processes, and regulations that impact your daily operations and product decisions. 

2FA (Two-Factor Authentication)  

A security process that requires users to provide two distinct forms of identification to verify their identity before gaining access to an account or system. 

Example: You must use 2FA to log in by entering your password and a mobile code.

 

3D Secure (3DS) 

An authentication protocol that adds an extra layer of verification to secure online card payments and reduce fraud. 

Example: The bank prompted a 3D Secure check to confirm the online ticket purchase. 

 

6th Anti-Money Laundering Directive (AMLD6) 

An EU directive that strengthens criminal liability and harmonizes the definition of money laundering offenses across member states. 

Example: The bank updated its compliance software to align with AMLD6 financial crime definitions. 

 

Address Verification System (AVS) 

A security system that verifies a user’s provided billing address against the address on file with their card issuer to prevent payment fraud. 

Example: The AVS check declined the payment due to a mismatched billing zip code. 

 

Advanced Electronic Signature (AES) 

A secure electronic signature that uniquely identifies the signer and can detect any subsequent changes to the signed data. 

Example: We signed the vendor contract using an AES to prevent future tampering.

 

Agent 

An entity or application that acts on behalf of a user or organisation to manage, store, or exchange digital identity credentials securely. 

Example: Your digital wallet acts as an agent to present credentials to verifiers.

 

AI Fraud Detection 

The use of artificial intelligence to analyze user behavior and detect fraudulent activities in real-time during onboarding or transactions. 

Example: The AI fraud detection system instantly blocked the transfer from an unusual location. 

 

Anti-Money Laundering (AML) 

A regulatory framework of laws and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. 

Example: The fintech startup ensured all its AML procedures met legal compliance requirements.

 

Anti-Money Laundering Regulation (AMLR) 

A unified EU regulation establishing a single, directly applicable rulebook for AMLR and counter-terrorist financing compliance across Europe. 

Example: The AMLR ensures banks across the EU follow identical anti-money laundering rules.

 

API (Application Programming Interface) 

A set of rules that allows different software systems, like identity verification platforms and core banking systems, to communicate securely. 

Example: We integrated Signicat's API for seamless identity verification during checkout.

 

Authentication 

 The process of verifying a returning user's identity when they log into a system or service. 

 Example: The app requires biometric authentication before granting access to the account. 

 

Authorisation 

The process of determining and granting the specific permissions or actions an authenticated user is allowed to perform. 

Example: While authentication let her log in, authorisation determined she could only view, not edit, the files. 

 
 

Biometric verification

A security process that verifies a person's identity using unique biological characteristics, such as facial features or fingerprints. 

Example: She used a quick facial scan for biometric verification to unlock her app. 

 

Biometrics 

The measurement and statistical analysis of people's unique physical or behavioral characteristics, used to securely identify individuals in digital environments. 

Example: Smartphones rely on biometrics like fingerprint scanners to keep data safe. 

 

Certificate 

An electronic document used to prove ownership of a public key to secure digital connections or logins. 

Example: The platform uses a digital certificate to ensure all customer data is encrypted. 

 

Customer Due Diligence (CDD) 

The process of identifying customers and assessing the risk they pose as a core requirement of AML compliance. 

Example: The bank performed CDD to verify the company's ultimate beneficial owners.

 

Digital identity 

The sum of all digital information and official attributes that uniquely represent a person online. 

Example: Your digital identity allows banks to verify who you are without meeting you in person. 

 

Digital Identity Wallet 

A secure digital application that stores and manages identity credentials, allowing users to authenticate and share data seamlessly. 

Example: He used his digital identity wallet to easily share his verified driver's license.

 

Digital Operational Resilience Act (DORA) 

An EU regulation aimed at strengthening the IT security and operational resilience of financial entities against cyber threats. 

Example: Under DORA, the institution upgraded its servers to withstand cyberattacks. 

 

Document Verification 

The automated process of validating the authenticity of identity documents like passports or ID cards to detect tampering or forgery. 

Example: Document verification ensures the uploaded ID card is genuine during onboarding.

 

eID (Electronic Identification) 

A digital solution used to securely prove an individual's or business's identity to access online services. 

Example: Citizens use their national eID to securely file tax returns online.

 

eIDAS

An EU regulation establishing standards for electronic identification and trust services across member states. 

 Example: The company's digital signatures are fully compliant with eIDAS regulations. 

 

eIDAS 2.0 

An update to the EU's trust services regulation that introduces the European Digital Identity Wallet for secure, cross-border identity sharing. 

Example: eIDAS 2.0 introduces a unified digital wallet for services across the EU.

 

Electronic signature 

Electronic data logically attached to a document, used by a person to indicate their agreement or signature.

Example: He used an electronic signature to quickly sign the rental agreement on his tablet. 

 

End-user 

The private individual who ultimately uses a product or service, such as the person signing a document. 

Example: The software was designed to be intuitive so the end-user could navigate it effortlessly. 

 

ePassport 

A biometric passport containing an embedded microchip that securely stores the holder's personal and biological information. 

Example: The NFC reader scanned her ePassport to instantly verify her identity. 

 

ETSI TS 119 461 

A European technical standard defining the policy and security requirements for remote identity proofing and verification services. 

Example: Our video verification tool strictly complies with the ETSI TS 119 461 standard. 

 

European Digital Identity Wallet (EUDI Wallet) 

A centralized EU initiative providing a secure wallet for citizens to store, manage, and share verified identity credentials across member states. 

Example: You can use the EUDI Wallet to seamlessly open a bank account abroad. 

 

Financial Action Task Force (FATF / GAFI) 

An intergovernmental body that sets international standards and policies to combat global money laundering and terrorist financing. 

Example: The country updated its laws to align with FATF cryptocurrency recommendations.

 

General Data Protection Regulation (GDPR) 

A comprehensive EU privacy law governing how organizations collect, process, and protect the personal data of European citizens. 

Example: To ensure GDPR compliance, the platform added a one-click data deletion feature.

 

Identity method 

 Simplified Definition: The specific electronic identity service chosen by a user to prove who they are. 

 Example: The platform supports multiple identity methods to accommodate users from different countries. 

 

Identity provider 

An organisation that supplies and manages digital identities (eIDs) for users to log into services. 

 Example: A national government agency acts as the identity provider when it issues official digital IDs to its citizens. 

 

Identity verification 

The process of confirming that an individual or organisation is exactly who they claim to be. 

 Example: Identity verification was completed by matching the user's selfie to their scanned passport. 

 

ISO/IEC 27001 

An international standard detailing the requirements for establishing, implementing, and maintaining an information security management system. 

Example: We achieved ISO/IEC 27001 certification to prove our commitment to data security.

 

Know Your Business (KYB) 

A mandatory due diligence process used to verify the legal existence, ownership structure, and legitimacy of a corporate entity. 

Example: The platform ran a KYB check to verify the vendor's registration details.

 

Know Your Customer (KYC)

The regulatory process of verifying a customer’s identity before granting access to financial services in order to prevent fraud. 

Example: The KYC process required the user to upload a photo of their government ID.

 

Liveness Detection 

An anti-spoofing technology used during biometric verification to ensure the sample is captured from a real, live person in real-time. 

Example: The app used liveness detection by asking the user to smile at the camera.

 

LOA (Level of Assurance) 

A standardised classification that represents the degree of confidence or certainty that a digital identity accurately represents the real-world person claiming it. 

Example: Accessing medical records requires a "High" Level of Assurance electronic identity.

 

Multi-Factor Authentication (MFA) 

A security mechanism requiring users to provide two or more independent verification factors to gain access to an account or system. 

Example: MFA keeps your account secure by requiring a secondary biometric scan. 

 

National identification number 

A unique number issued by a government to track citizens and residents for official and administrative purposes. 

 Example: You must provide your national identification number to apply for the government grant. 

 

Near Field Communication (NFC) 

A short-range wireless technology used to securely read encrypted data from the microchips embedded in ePassports and ID cards. 

Example: The app used NFC to read encrypted data directly from the user's ID chip. 

 

OAuth 2.0 

An industry-standard authorization protocol that allows third-party applications to securely grant limited access to user accounts without exposing their passwords. 

Example: The site uses OAuth 2.0 to let you log in via Google without sharing your password.

 

Onboarding 

The initial process of verifying a new user's identity when they sign up to become a customer of a service. 

Example: The streamlined onboarding process let the new customer securely open an account in minutes. 

 

One-Time Password (OTP) 

A randomly generated, temporary password used to authenticate a user for a single login session or transaction. 

Example: She entered the OTP sent via text message to complete her secure login. 

 

Optical Character Recognition (OCR) 

A technology that extracts readable text from images, scanned documents, or ID cards to automate data entry during onboarding. 

Example: The system uses OCR to instantly extract personal data from a scanned passport. 

 

Passwordless Authentication 

A security method that replaces traditional passwords with alternative verification factors like biometrics, magic links, or cryptographic keys. 

Example: Customers enjoy passwordless authentication by logging in with just a fingerprint.

 

Payment Services Directive 2 (PSD2) 

An EU directive that promotes open banking and mandates Strong Customer Authentication (SCA) to secure electronic payments. 

Example: Under PSD2, consumers can securely use third-party apps to track bank spending. 

 

Persona 

A specific, contextual digital identity or profile that a user creates to interact in certain environments, allowing them to separate personal, professional, or anonymous attributes. 

Example: She created a digital persona to separate her professional and gaming profiles. 

 

Politically Exposed Person (PEP) 

An individual holding a prominent public position who presents a higher risk of involvement in bribery or corruption. 

Example: The team performed enhanced background checks because the client is a PEP. 

 

Qualified Electronic Signature (QES) 

The most secure type of electronic signature under eIDAS, carrying the exact same legal validity as a handwritten signature in the EU. 

Example: The online mortgage agreement was finalized with a legally binding QES. 

 

Remote Onboarding 

The fully digital process of verifying a new user’s identity and granting them access to services without requiring a physical presence. 

Example: Remote onboarding lets customers open a bank account from home in minutes. 

 

SDK 

A software development kit providing the necessary tools and code to build applications for a specific platform. 

 Example: The developers used the provided SDK to quickly add identity verification to the mobile app. 

 
 

Self-Sovereign Identity (SSI) 

A digital identity paradigm that gives individuals absolute control over their personal data and how it is shared with third parties. 

Example: SSI ensures you get to decide who is allowed to view your personal data. 

 

Simple Electronic Signature (SES) 

The most basic form of electronic signature, suitable for low-risk agreements but offering limited legal assurance compared to AES or QES. 

Example: We used an SES to quickly sign the low-risk internal team charter. 

 

Single Sign-On (SSO) 

An authentication method that allows users to securely authenticate and access multiple different applications or services using just one set of login credentials. 

Example: SSO gives employees instant access to all apps with just one daily login. 

 

Software Agent 

An autonomous computer program designed to perform specific tasks, such as automated identity data retrieval or verification, on behalf of a user or larger system. 

Example: The software agent automatically retrieved and verified the compliance certificates.

 

Strong Customer Authentication (SCA) 

A security requirement under PSD2 that mandates the use of multi-factor authentication for electronic payments to reduce fraud. 

Example: To meet SCA requirements, the gateway verifies purchases via a mobile banking app. 

 

Timestamping 

A cryptographic process that proves a specific piece of data or document existed at a precise point in time without being altered. 

Example: Timestamping proved the contract was signed before the legal deadline expired.