Federated eIDs: Setting up an Electronic ID service
This article has been authored by Signicat
The Nordics have had great success with eID in recent years, but the process of setting up a service is by no means simple. It requires dedication, collaboration, and a willingness to embrace advanced technology.
Electronic identification (eID) is here, and it’s here to stay.
eID has the power to be a more convenient and secure form of identification when compared to traditional alternatives, such as passports, documentation used as proof of address, or a drivers licence. And, with more and more of our lives taking place online, eID is only going to become more prevalent in the years to come.
Despite initial hesitance and doubts around bringing such an all-encompassing solution to the market, banks in the Nordics now see their eID schemes as an enabler for their businesses, and also as a product from which many other services can profit.
Being a pioneer in any area is liable to bring about numerous lessons and challenges, but when done correctly, can also lead to significant rewards.
With the help of strong partners, the associated Nordic banks concluded that a collaborative solution would give them the chance to improve existing business, develop a platform to launch efficient and more enhanced services to their customers, and a whole new business model which could be used beyond the financial sector.
The trust, knowledge and widespread kudos gained in this venture has enabled them to make better solutions and products, which can be implemented quickly. Nowadays, eIDs are commonplace across the Nordics, and play an important role in the lives of many citizens.
However, while basking in this success is all well and good, it makes sense to highlight the challenges that were faced along the way, and the questions that had to be answered so as to attain their achievements. If other countries throughout Europe—and ultimately the world—are to follow in Nordic footsteps, it is vital they acknowledge every aspect of the journey.
Examples from the Nordics
The Nordic countries of Sweden, Norway, Finland and Denmark share unique but similar stories. These stories all involve major banks taking the lead in creating eID services, ultimately achieving a sizeable enough user base to incentivize other parties to join in and help develop appropriate solutions.
Each story demonstrates the complicated dynamics and key factors involved in setting up a successful federated eID, while also highlighting the long-term benefits associated with investing appropriately, and being bold enough to move away from traditional systems that are inefficient and time-consuming.
The Swedish example
In 2001, EU law was changed to recognize an electronic signature as equal to that of a physical signature. At the same time, the digitization of the banking sector was accelerating, leading to 2.7 million e-banking customers, and increased trust in high security e-banking systems.
At this time Swedish authorities started to discuss the possibility of 24/7 services for their citizens, such as submitting tax declarations or contacting the Social Insurance Agency online. The government realized that the key factor to provide online services was the existence of a secure, easy-to-use eID and e-signature system.
Building this infrastructure in-house was considered too costly and time intensive, and so the decision was made to outsource. After initial talks were held with the Svenska Bankföreningen (Swedish Bankers’ Association), a couple of banks agreed to form a consortium to deliver to deliver ‘BankID’.
Challenges and benefits
There were numerous challenges associated with delivering BankID. For example, none of the banks wanted to be the test case, with all of them preferring to see how the solution played out with their competitors. Similarly, each bank had its own security department, and substituting proprietary solutions with BankID meant losing independence and meant they would not have direct control over the solution.
However, by working together, the banks were also able to realize numerous benefits. They could combine their respective research and development budgets, while also pooling knowledge and utilizing the best ideas from across the sector. It was also widely acknowledged that by developing one solution, it would be far easier to develop the appropriate security protocols and safeguards.
Being a pioneering solution, the banks also faced challenges during the development of the solution. They were leading the eID charge, so to speak, and so they were taking steps into the unknown. It was only through trial and error that they could discern the good ideas from the bad.
In April 2010, as part of a pilot scheme together with the mobile operators Telenor and Telia, Swedbank launched a SIM card based mobile BankID. This was supposed to be the solution to eliminate the necessity of card readers and stored certificates. This new solution was not picked up by the users as expected, as in most cases a new SIM card was required.
BankID decided to abandon this solution, and instead decided to focus on a software-based app solution, which was launched in 2011. This solution enabled anyone with a smartphone and a BankID to use ‘Mobile BankID’ independent of both their phone and SIM card provider. Having BankID available anywhere, anytime, and more conveniently than ever, boosted its usage rate to new heights.
A successful outcome
Nowadays, BankID is an everyday feature of Swedish life. There is no need to send any documents or visit for example a bank branch to get authenticated, as it can all be done with BankID. This same benefit applies to things such as loan applications and mortgage applications, which can be mostly done online thanks to BankID.
BankID was not only innovative in that numerous organizations banded together to ensure it would be a success, but its implementation completely transformed that way the Swedish people stay on top of their personal finances. It has been widely heralded as a major success story, and one that has been replicated across other Nordic countries.
Elsewhere in the Nordics
Sweden’s BankID showcases the challenges and eventual successes that can be attained through the introduction of a robust eID solution, but the other Nordic nations of Denmark, Norway and Finland have also seen similar successes.
In Norway, BankID – while not related to the Swedish BankID, was coincidentally named identically – e-signature B2C is used in virtually all online services, with consumers able to complete applications related to mortgages and consumer loans online. They are able to grant ‘use rights’ to bank accounts, and can deal will all elements associated with managing credit cards and bidding on real estate. Similarly, they can also be used in the public sector for things such as filing taxes, can be used across health services to verify prescriptions and vaccination records, and in real estate to sign contracts relating to buying or renting a property.
However, the award for most impressive eID roll-out must go to Denmark. The Danish solution, NemID, was introduced in a similar manner to the Swedish equivalent. However, the roll-out was far more rapid. NemID was issued to over 60 percent of the Danish population in the first 9 months. This was mainly possible thanks to the right collaboration model, as well as the digital maturity of the government and population.
At the time of writing, 4.8 million Danes have a NemID, comprising 92 percent of the population over 15 years old, which is the age of eligibility for a NemID.
The three stages of driving the evolution of eID within an organization
If you’re looking to develop your own eID—and the above successes should highlight why doing so is the right thing to do—then you should acknowledge and follow the three steps listed below.
- Spread knowledge and develop insights: Arrange conferences and seminars that allow for discussion and reflection on key issues to spread knowledge. Focus on building a complete and solid infrastructure that can deliver the desired solutions over time.
- Identify business cases: Create distinct use cases to estimate effects on sales, distribution power and process cost savings. Involve a broad range of industry sectors to choose the best business cases and prioritize between projects. Clarify legal issues early to ensure won’t hamper the development of projects further down the line.
- Build a robust overall strategy: Make sure that creating a strategy involves discussions with all relevant stakeholders that will be affected. To succeed, the strategy report must stand out and be sustainable in the long term. It is also vital to ensure that the strategy is distributed in the right forums.
The first step to achieving a successful transition to an eID solution is having the desire to do so. It must be recognized that it is the most appropriate identification method, and the commitment must be there to bring it to life. This level of dedication will also ultimately give consumers the confidence to trust that they will be safe and secure by using en eID.
The second step is ensuring the correct degree of collaboration. Such solutions can be complicated to introduce, and so working with trusted partners—who will oftentimes be competitors—is crucial. As the Swedish example effectively highlights, being able to pool knowledge, resources and development budget can ensure that the correct solution is developed to suit every party.
To discover more about the Nordic countries’ success in the eID arena, and to see more examples of best practice, download the Federated eIDs as a value driver in the banking sector based on experience from Nordic markets eGuide.