PrivyID

User centric trusted digital identity

PrivyID has provided a universally-accepted digital identity service both in online and offline landscape since 2016. We currently have 3 million individual users and 172 enterprise customers recognizing PrivyID. Our enterprise customers include the top 3 banks, the top 4 leasing companies, and major fintech companies in Indonesia.  

For people living in big cities with a good internet connectivity, they can register to PrivyID by downloading our smartphone apps which are available on Google Play and Apple App Store. Those who are not digital-literate and have poor internet connections, meanwhile, can register for PrivyID using PrivStation (equipped with a special national ID card reader issued by Indonesian Directorate General of Population and Civil Registration) available at post offices, bank branches and convenient stores.  

With PrivyID, you can: 

• Apply for loans to over 20 P2P lending services, leasing companies, and banks who have partnered with us.  

• Open up bank accounts and securities accounts with the largest commercial and investment banks.  

• Log in to various e-commerce websites and apps.  

• Digitally sign application forms, loan agreements and any other documents.   

Every personal data stored in our system is compartmentalized into various groups based on its sensitivity while each of the data is hashed and encrypted using the highest applicable technology. PrivyID consists of 6 digits alphanumeric, which is used as the user’s identifier that keeps their real name and national ID number confidential.  

Every data request from merchants, whenever possible, is framed as a yes/no question. For example, when accessing a website with mature contents, with the user’s consent, we only let the website know that the user is above or below 21 years old instead of furnishing date of birth.  

Our users can inspect all of their personal data values on PrivyID app and web profile page, and if they would like to make a correction or an update, they can do so by taking a selfie photo and passing facial recognition to match it with their existing photos taken during their initial registration to PrivyID. Our users' activity logs are digitally signed and thus tamper-proof. They can review where and when they have used their PrivyID and what personal data was disclosed to each party. Push notifications and emails are sent for every account activity involving a third party. PrivyID users may file a complaint or/and block their account if such activity is deemed unauthorized.  

We always seek the highest standard of data security to protect our users' data. We have obtained ISO 27001 certification, designed our CA infrastructure to be Webtrust compliant, passed the compliance audit of Ministry of Communication and Informatics and the Central Bank of The Republic of Indonesia.

For the very first time in their life, Indonesians can apply for credit card, loan, bank account and insurance policy without repetitively submitting their national ID, taxpayer card, filling out tedious forms requiring their personal information. They do not even need to go to the bank's branches or agents. They can also digitally sign all the forms and agreements. Misuse of PrivyID is prevented by proven facial recognition and liveness detection algorithm. It can be done by any phone camera which is possessed by over 150 million Indonesians, as opposed to the use of fingerprint which requires a dedicated reader.

As the name suggest, PrivyID was built with privacy from ground up. Instead of using National ID number, mobile number or email as username, we use 6 digit alphanumeric random characters. We only collect 3 mandatory information upon registration, namely, National ID number, selfie with liveness detection, and mobile number. Every data request from merchants, whenever possible, is framed as a yes/no question. For example, when accessing a website with mature contents, with the user’s consent, we only let the website know that the user is above or below 21 years old instead of furnishing date of birth. Every personal data stored in our system is compartmentalized into various groups based on its sensitivity while each of the data is hashed and encrypted using the highest applicable technology. Whenever our users would like to grant a third party to his personal data, it is confirmed with two factor authentication by using two out of three options. Namely, password, sms code, or facial recognition selfie. Lastly, we also provide a team of data protection officer to cater any concerns on the use of personal data on our platform. 

We provide an end to end digital identification system. From means to verify the identity of a person upon first time registration to authentication method when using the digital identity, until the dashboard and tools to monitor and maintain the identity profile and logs. Our system connects with Indonesian population registry and has been used the most prominent banks in Indonesia, such as Bank Mandiri, Bank Rakyat Indonesia, CIMB Niaga. The most prominent leasing companies, namely Adira Finance, Bussan Auto Finance, Kredit Plus. The most prominent fintech, namely Akulaku, AwanTunai, KoinWorks. 

We only require our users to enter their mobile number, national ID number, and take a selfie, approximately just 10% of what a typical financial service will ask upon registration. Those without access to smartphones can register with PrivStation that will be made available on post offices or convenient stores, each will be attended with a person to assist them during the process. Using PrivyID online is as easy as a click on a button in similar manner of Facebook login. Offline, you’d only need to mention your PrivyID and pass the facial recognition to access any partnering services.

PrivyID’s consent-based personal data interchange API can be easily embedded on mobile app and web platform. Any IT engineer could complete the integration within hours, while our registration API are being used by Registration Authority such as banks, leasing companies or fintechs in which their customers will be automatically granted with a PrivyID. They can then use their PrivyID to access and register to multiple services, such as loans, bank accounts, or hospital care.

People can register for PrivyID by using PrivStation available on select post offices and convenient store or Mobile PrivStation held by agents. People with low literacy will be assisted by the attendants or agents. PrivStation's e-KTP reader can work in offline environment to verify a person's identity. When the users would like to use their PrivyID, a merchant equipped with the cheapest android phone with even a very low-end camera can perform a one to one facial recognition to verify the user's identity. 

Currently, since we already acquired almost all of the biggest player in banks, leasing companies, fintech and telecommunication, starting next year we are going to focus our effort to enable people to use their PrivyID  for health care, insurance and education sector. 

We are working closely with the Government of Indonesia in optimizing Indonesia's digital ID system. Several collaboration includes verifying registered user information with official government data under the Directorate General of Population and Civil Registration, Ministry of Homeland Affairs. We are working to provide seamless user onboarding for financial inclusion with Indonesian Coordinating Ministry of Economics (DNKI). We work closely with the Ministry of Communication and Informatics in strengthening Root Certification Authority, and collaborating with the Central Bank of Indonesia and a state-owned bank in developing a regulatory sandbox program.

Our team is led by experienced individuals with over than 5 years working in the IT related industry. Our CTO, Abby, has deployed novel technologies into a usable application in timely. Our head of IT Security, Krishna is well experienced in defense against cyber attacker when he worked in a payment gateway company. Our Legal Technologist,Harzy, is very familiar with technology and privacy law, he took his master degree at Leiden with GDPR as his focus and I as a CEO have the track record to be able to make ideas which seems far-fetched at the beginning to be realized. 

By applying to the Mission Billion Challenge, we hope we can receive critics and input for improvement on our system and operation from the experts in digital identity. We hope with the support from World Bank, Bill & Melinda Gates Foundation, Omidyar Network, and Australian Aid we can further enhance our service coverage to more people in rural and remote areas.  

Our willingness to widen our coverage to the least fortunate people, in the area with no internet connectivity is not justifiable to our investors. Not only it is difficult to generate income in immediate future but acquiring users in areas with no connectivity also entails more cost since we need procure a special electronic national ID card reader approved by the government which cost about USD 700 each to enable offline user on-boarding.