The issues surrounding digital identity are thought to be a recent problem. The U.S., UK and Canada are all taking different roads to solve these problems, but Norway is about to launch its second generation BankID, which the vast majority of Norwegians have and use.

Since 2000 all Norwegian banks have been working together to create a PKI-enabled identity system for customers, says Hege Steinsland, communications and marketing representative at BankID in Norway. The first credentials were issued in 2004 for access to banking services, and today 3.5 million Norwegians use it not just for banking but a range of other services. In 2015 BankID was used 430 million times, a number that has increased year by year as more services are made available.

Customers can use their BankID to lease a car, rent an apartment or enroll for college. BankID is offered from the age of 15, but for those under 18, parents must give their approval before the bank issues a BankID. This can be done online with parents using their own BankID to sign the agreement.

The bank identifies the customer in person, and the customer is subsequently issued the credential. It is a two-factor-solution, with a key fob-style token  –  or an optional mobile app  –  and a BankID password. Having BankID makes self-service possible in many places, including the bank itself, applying for a student loan, getting a driver license and checking health records. The credential has even been enabled for electronic voting in a local municipality.

Customers interact with the system similar to other two-factor authentication systems. They enter a username and password followed by the code from the token. The primary use of the token is for secure payments with Visa and MasterCard but people can also put in bids on houses, start new electric services and interact with public agencies. BankID is also looking to enable the system for employee use in corporate environments.

Almost 900,000 customers have opted to add BankID to their mobile device, a supplementary solution that enables them to use it when they have forgotten their key fobs.

An upcoming step is to enable the credential to secure mobile apps residing on the handset. Encap Security was selected by BankID for the pilot program to test in-app authentication, taking advantage of Norway’s high level of smartphone penetration to create a mobile first, frictionless user experience.

Encap’s ‘Smarter Authentication’ is a device-based, multi-factor platform that removes the need for key fobs by enabling authentication to take place inside an app. Encap takes advantage of the device’s authentication capability – Apple’s Touch ID for example – and lets that be used to verify the customer.

---

Related articles:

BankID and itsme embody bank-driven digital ID schemes Norway Post goes with multi-app smart card from HID Voice app for the mobile, Ping buys authentication company, Legic’s new reader chips