The digitization service provider of the German healthcare industry, Gematik, is pulling the emergency brake and has prohibited health insurance companies from using so-called video identification procedures with immediate effect. According to sources familiar with the process, there should be a security gap that the Chaos Computer Club reported to Gematik.
In the video -Ident procedures allow users to identify themselves by capturing their ID papers with their mobile phone camera and showing their face at the same time. The information is then verified either by support staff or by algorithms, allowing end customers to prove their identity before logging into an online platform. As Gematik confirmed to SPIEGEL, several health insurance companies apparently also allowed identification using a smartphone camera.
There have always been difficulties with the video identification process in the past. For example, fraudsters had taken advantage of the procedure to register bank accounts under someone else’s identity. A few days ago, it was shown that the video identification function for the digital driver’s license from the provider Verimi also accepted completely invented ID data.
Health insurance customers who want to register for online services now have to use fewer Dodge convenient methods to identify yourself – such as authentication via Postident or in the office of a health insurance company. The official online ID should also work if health insurance companies have integrated it into their platforms.