PharmacyID is an Identity Service Provider. PharmacyID has a network of pharmacies, Australia wide that provides the last element of the Identity Proofing process, and that is the face-to-face component.
PharmacyID is the creation of Geoff Stockton, a former Inspector of Police with Victoria Police (see bio). Geoff spent 22 years with Victoria Police and was, at one stage, in charge of a Criminal Investigation Branch. He has a wealth of experience in fraud and identity fraud. It was Geoff’s experience that led to PharmacyID.
Geoff started a pre-employment screening company, The Personnel Risk Management Group Pty Ltd (The PRM Group). The PRM Group is an accredited agency of the Australian Criminal intelligence Commission (ACIC) for the purposes of doing police checks. Many of the people doing police checks were fraudulently obtaining “clear” police checks for the purpose of employment, government grants, etc. To counter this, Geoff decided that someone should sight original documents, and not documents that may have been fraudulently altered by Photoshop.
It was decided that pharmacists were the logical place to go for an independent person to view the original documents and to see that the person whose photo was on those documents was the person presenting the documents.
- Pharmacists are ubiquitous throughout Australia. Nearly every citizen has a pharmacist within reach.
- They are independent.
- Pharmacists are amongst the most trusted people in Australia.
- Pharmacists are used to witnessing documents and acting in a role similar to that of a Justice of the Peace.
- Pharmacists are all equipped with the internet, so they can use the PharmacyID website for the purposes of identifying people and matching them with their online applications.
PharmacyID use all of the identity proofing tools that other IDP companies use, but PharmacyID include face-to-face, as it is the only way to achieve the highest-level Identity Proofing.
PharmacyID use two biometrics (facial matching and liveness detection) and the Document Verification Service (DVS) within their online applications, together with some very clever software to assist in identifying an individual. However, by including a face-to-face, whereby an independent person actually sees original documents and sees that the person presenting the documents is the owner of the documents, we now have a failsafe method of confirming a person’s identity. Now, our competitors will say that their systems are sufficient and that face-to-face is not required. The reason they say this is quite simple! They do not have access to a network of independent people who can conduct the face-to-face!
Consider this: Many Commonwealth government departments are now demanding face-to-face as a necessary requirement in the Identity Proofing process. Isn’t it worth going that extra yard to ensure that individuals are properly identified without the niggling doubt you may have over less certain offerings?
The PharmacyID difference
PharmacyID have been in business (via The PRM Group) since 1997. Every year we get better at what we do. Let us share with you some of our credentials:
- PharmacyID have an IRAP assessment. IRAP is one of the most comprehensive Security Assessments vide the Australian Signals Directorate. See more here.
- PharmacyID have two forms of Biometrics to ensure a person's identity. The first is a facial comparison of the applicant with the photo on their identity documents. For government agencies, we have access to the photo on the passport chip for comparison purposes. The second biometric is a liveness detection, to ensure that a real person is making the application.
- PharmacyID has an encrypted database and use AES256 encryption. AES256 encryption has never been hacked.
- PharmacyID is a Document Verification Service (DVS) Gateway Service Provider (GSP). See more about the DVS here We can integrate DVS via a RESTful API or can provide DVS as a Standalone.
- PharmacyID is an accredited agency of the Australian Criminal Intelligence Commission (ACIC) for the purposes of doing Police Checks. PharmacyID, as The PRM Group was the first online police checks service provider in Australia, having commenced initially with the AFP in 2008. See how many accredited agencies are now riding on PharmacyID’S coat tails! PharmacyID is a very innovative company.
- PharmacyID is wholly Australian owned and operated. All staff working for PharmacyID are based within Australia. All software developed by PharmacyID was developed within house. All PharmacyID data is held within the most secure servers in Australia, Microsoft Azure. Microsoft Azure have an IRAP accreditation and are a recommended service by the Australian Signals Directorate.
- PharmacyID maintain an Events Log. From the time that a person logs onto the PharmacyID system, data is captured which shows the complete progress of an application. This includes, for example, the time and date and URL of the applicant, the time the application was submitted, the date, time, name and address of the pharmacist who identifies the documents (and applicant), the time the applicant receives the result and if and when a certificate is downloaded, plus about 25 other transactions.
- The owner and sole director of both The PRM Group and PharmacyID is Geoff Stockton, a former detective with Victoria Police, with 22 years’ service. Geoff is very conversant with fraud and how to mitigate the risks.
- PharmacyID police check website is WCAG 2.1 certified
- PharmacyID currently have contracts with several Commonwealth government departments that have chosen PharmacyID due to the enhanced security PharmacyID provides, including the face-to-face verification. PharmacyID also have numerous State Government authorities that use PharmacyID services.
- The Personnel Risk Management Group (The PRM Group) first formed in 1997 as a Pty Ltd company. The PRM Group was the predecessor of PharmacyID, which was formed as a Pty Ltd company in 2014. PharmacyID and its predecessors have never had a year where they have not shown a profit. Not a bad record in this day and age!
- PharmacyID have RESTful API’s that organisations can use to integrate PharmacyID services within their HR systems. Please call to see how easy it is.
What is IRAP?
IRAP stands for the Information Security Registered Assessors Program (IRAP) and is a program run by the Australian Signals Directorate (ASD) for the endorsement of independent assessors who are qualified to perform assessments against the Information Security Manual (ISM).
The Information Security Manual (ISM) includes a comprehensive list of cyber security requirements for Australian Government departments and agencies, as well as commercial organisations which provide services to or interact with government systems and information.
The comprehensiveness of the controls required by the ISM along with the supplementary IRAP policies and procedures ensures that government departments and agencies can rely on the assessment report when seeking assurance of cyber security measures and authorising systems.
Equally if not more important than the assessment itself is the level of preparation that organisation need to undertake in order to ensure a strong result. This includes preparing an ISM Statement of Applicability (SoA) or System Security Plan (SSP) Annex, and other corporate and system specific documentation.
PharmacyID prepared for its first IRAP assessment throughout 2022 and 2023, with the IRAP assessment taking place in 2023 against the September 2023 version of the ISM at the Official: Sensitive classification level. The assessment was centred on PharmacyID's national police check service.
Of the 883 controls in the June 2023 ISM, 424 controls have been effectively implemented by PharmacyID directly or inherited through the use of Microsoft Azure for hosting, 145 controls are the subject of documented risk mitigation plans and 314 are not applicable. If you'd like to find out more about PharmacyID, its services and its IRAP assessment, please call us on 03 9379 3383.