According to the registrar agreement, registrars are required to ensure that it is the registrant who requests registration services. Registrars are also responsible for verifying the accuracy of the information the holder is required to provide, such as:
-Company name and contact person, or the first and last name of a private individual
-Organization number or personal identification number
-Address
-Phone number and email address
Below are examples of methods that can be used to verify registrants and reduce the risk of false or inaccurate information. To achieve a high level of security and meet the requirements, these methods typically need to be combined. Using only one of the methods listed below is generally insufficient to fulfill the requirements for secure registrant verification.
1. Format Validation
Format validation ensures that the entered information follows expected standards and formats. A guide with examples of different countries' organization number formats is available on the registrar web portal and will be updated over time: https://support.registry.se/en-US/kb/articles/vilka-format-forvantas-pa-inlamnade-innehavaruppgifter
Example: Danish company organization numbers always consist of 8 digits. By implementing validation that accepts only 8 digits in the field for Danish organization numbers, incorrect information can be avoided.
2. Document Verification
The holder is verified by checking supporting documents. This can be done manually or through automated external services.
Example: The registrant submits a copy of an ID document, or the registrar uses a provider offering document verification as a service.
3. Validation Against Third-Party Registers
Information can be validated by cross-checking it against public or private registers. This can be done manually or automatically.
Example: Verification against business registries, such as the Swedish Bolagsverket, SPAR, CreditSafe, or other databases, to ensure that company name, address, and organization number match. Services for this purpose can be purchased from various providers.
Free API services are available from the Swedish, Norwegian, and Danish business registries:
-Bolagsverket API
-Denmark CVR API
-Norwegian Brønnøysund Register API
4. Electronic Identification (eID)
Verification can be conducted using electronic identification, which provides a high level of security. The Internet Foundation also offers a discount for new registrations when the holder is verified through eID.
Example: Registrants verify their identity through an eID meeting the eIDAS trust level "substantial." Examples of such eIDs in various countries include BankID, MitID, TruID, eeID, DigID, ROeid, and itsme.
Source: https://ec.europa.eu/digital-building-blocks/sites/display/DIGITAL/eIDAS+Levels+of+Assurance
5. Email/Phone Verification
This method confirms that the provided email address or phone number belongs to the registrant.
Example: A verification link is sent to the email address, requiring the recipient to click it, or a phone call or SMS with a code is sent to the provided number for verification.
6. Previously Verified Customer
For customers already verified, a simplified process can be applied based on previously approved information.
Example: The customer verifies their identity by logging in using a secure method, such as a high-quality user ID and password, or multi-factor authentication (e.g., certificates or personal security modules).
7. Address Validation
To ensure the accuracy of address details, validation can be performed against address registries.
Example: Verification is conducted against postal address databases to confirm the existence and correct formatting of the provided address.
