A new era in electronic communication services

The Regulation of the Information Technologies and Communications Authority on the Process of Verifying the Applicant’s Identity in the Electronic Communications Sector was published in the Official Gazette.

With the Communiqué, the procedures and principles regarding the process to be applied in order to verify the identity of the applicant in case the documents regarding the subscription agreement, number porting, operator change, qualified electronic certificate, registered e-mail and SIM change applications are issued electronically were regulated.

With the regulation, the applicant’s transactions are carried out with safe and effective methods, preventing suspicious transactions involving security risks such as forgery and fraud, taking into account national and international standards, using national resources to the maximum extent, observing national security and public order requirements and emergency needs, and consumer rights and obligations. intended to protect their interests.

Accordingly, the operator or service provider will be able to present the transactions within the scope to the applicant securely in electronic environment through face-to-face channels, its own website, mobile applications or similar channels. Applicant’s identity verification process, e-Government Gateway, document with “near field communication” feature in accordance with the International Civil Aviation Organization (ICAO) 9303 standard, visual verification by artificial intelligence or authorized means, Republic of Turkey Identity Card (TCKK) and PAdES ( Advanced electronic signature) will be created through face-to-face channels, by means of video image acquisition methods that will be specific to the transaction, together with the applicant’s identity document.

The operator is responsible for keeping the identity verification information of the applicants in the information systems using encrypted or mathematically non-reversible methods, encrypting them while transferring them for authentication purposes, protecting them against the purpose of the transaction, unauthorized accesses or changes to be made in an uncontrolled manner contrary to the principle of separation of duties, and the actions taken in the information systems. will take measures to ensure the confidentiality, security and integrity of transaction records regarding all processes.

Artificial intelligence will be used

The identity verification of the applicant can be done through the e-Government Gateway, as well as by means of artificial intelligence or visual authentication with an authorized person. Video authentication will be done in real time and without interruption. Identity information, including the photo on the applicant’s identity document, will be obtained by “near field communication” method. During video authentication, techniques to detect the viability of the applicant will be used. In order to confirm the presence of the applicant presenting the ID, camera images will be taken from different angles in a bright environment where the applicant’s face can be seen fully and clearly, with his eyes open. The operator/service provider will compare the face of the applicant present in the live image with the photo on the identity document using artificial intelligence or by the operator/service provider official.

In face-to-face transactions, identity verification will be possible by creating PAdES-LTV (electronic signature format) with PDF. Alternatively, the identity can be verified by taking the video image to be specific to the process together with the applicant’s identity document.

In case of identity verification face-to-face, the applicant will first declare his contact number or e-mail address. By sending a one-time password or link to this number or e-mail address, it will be confirmed that the declared contact information has been used.

For all procedures within the scope of the regulation, the operator will fulfill the obligations in the relevant legislation regarding the issuance of the transaction document that has been authenticated.

All transactions will be recorded and the data obtained will be used only for the purposes of the administrative and judicial authorities’ processes and the identity verification of the applicant who made the application process.

The data recorded and obtained within the scope of the regulation will be kept during the storage periods in the relevant legislation.

The operator/service provider will not be able to receive the biometric data of individuals electronically by using an electronic pen or similar method.

The operator/service provider will closely follow the technological developments and make the necessary updates for cases such as fraud and weaknesses in the identification method.

Except for the documents signed with a wet signature or secure electronic signature, the operator’s regulation for the subscription agreements, number porting application, operator/service provider change application, qualified electronic certificate application, registered e-mail application, SIM change application documents made before the effective date of the regulation. within three months of its entry into force; It will forward the identity number information of the transaction document party and the telephone, service or qualified electronic certificate number or registered e-mail address information of which three of the last seven characters are masked to the mobile electronic communication operators and the information system provided by the e-Government Gateway.

The regulation will enter into force on 31 December 2021.