For purposes establishing proof of identity for transacting business with any government agency and private entities, the presentation of the PhilID or PSN shall constitute sufficient proof thereof, subject to proper authentication. Provided,that when authentication cannot be performed without any fault on the part of the cardholder or holder of a PSN, the PSA shall ensure that he or she will not be a disadvantaged or prejudiced thereby.
In case of online authentication, the PSA shall perform authentication of the PSN of an individual submitted by any requesting entity, in relation to his or her biometric information or demographic information. The requesting entity shall conform with the standards and guidelines set by the PSA, in consultation with DICT to ensure the security, efficiency, and integrity of the authentication process.
Modes of National ID Authentication
There will be two modes of authentication: online and offline authentication.
For Online Authentication:
For online authentication, the following information will be used to validate the identity of the registered person:
- PSN and biometric information
- PSN and demographic information
- PSN, biometric and demographic information
The requesting entity shall choose the suitable mode(s) of authentication, which may involve the use of multiple factors such as but not limited to, demographic information, biometric information, one-time password (OTP), and PhilID, for a particular service or transaction as per its requirement. PSA shall provide guidelines on authentication assurance levels based on international standards and best practices.
In exceptional cases to be determined by PSA, where the PSN cannot be provided, the biometric and demographic information may be used to authenticate the registered person’s identity.
For Offline Authentication:
For offline authentication, the presentation of the PhilID and the matching of the data stored in the QR code will be used to validate the identity of the registered person for transactions and services as mentioned under the PhilSys Act.
The PhilSys may return a Yes/No response or demographic data including the photograph, depending on the use case.
Any requesting entity shall obtain the consent of the registered person before collecting his or her identity information for the purposes of authentication. It shall inform the registered person submitting his or her identity information the following details namely: (a) the nature of the information that may be shared upon authentication; and (b) the users to which the information received during authentication may be put by the requesting entity. Provided, that the information requested shall only be used for the purpose for which it was requested.
Where the identity of the registered person is authenticated and established, the entity may request for PhilSys to provide the former’s personal data for a legitimate, expressed, and specific purpose. Provided,that the registered person was informed of the specific personal information that shall be disclosed and the use of such personal information that shall be limited to the specific purpose prior to such disclosure thereof.Provided further, that the individual shall have given his or her prior consent to such disclosure of personal information. Provided finally, that said disclosure of personal data is covered by a data sharing arrangement between the requesting party and the PSA.