BankID 23. August2016
23.10.2016 2 Questions • How did you decide to build/create your national eID solutions? • Which elements does your solution consist of? The conceptual model. • Which challenges have you met while implementing and distributing the solutions? • What does the eID solution mean for the society the Citizens of your countries? • If you were about to start over, what would you do differently? • What do you think is coming with the future solutions on eID/signing?
How did you decide to build/create your national eID solutions? Assessed: Conclusion: Card- & Soft-based Solutions Central / roaming / HSM Solution Established 2000 Reason: Usability, Security and Cost
Which elements does your solution consist of? The conceptual model. MNO SERVICE PROVIDERS (MERCHANTS) END USER SERVICE PROVIDER SERVICE AGREEMENT WITH END USER AGREEMENT INTER-BANK RULES BANK BANK COMMON ROOT, STANDARDS, POLICIES, RULES ETC. BANKID CORE TECHNICAL COMPONENTS
Governance To be used by the government we are required to: Ø Qualified certificates Ø Level 4(highest) in a National system defining security Anti Money Landering law is also pointing to these security level – it says ”eID can be used for AML, but must the n be on level 4 security wise
6 Which elements does your solution consist of? The conceptual model. Ø BankStored BankID Ø Java client with keys and certificates in the cloud Ø No need for software innstaled on the computer/mobile Ø Client downloaded each time Ø Java to Web Client in 2014 Ø Requires One Time Password Ø BankID on Mobile(or SIM) Ø Popular because it’s truly mobile and for its code word security Ø Combination model Ø BankStored with BankID on mobile as OTP Ø BankID on mobil a real mobil solution embrased by customers Ø Enrollment requires passport. Activated and renewed through internettbank.
Norway 8 out of 10 adults have BankID
Norway 8 out of 10 have a SmartPhone * * Kilde MedieNorge.no
Which challenges have you met while implementing and distributing the solutions?
What does the eID solution mean for the society the Citizens of your countries? An overwhelming online banking adoption…but not only BankID transactions done for financial 90.9 % services including consumer banking 1 (91.5% of total transactions) Including 2 5.1 % Including 4 % 3 12
BankID for governmental services 13
BankID for Government Services ID-Porten: the national ID Gateway ID-Porten provides common identification service for all governmental eServices M ore than 700 >1Mill transactions servi ces connected per month T A X D E C L A R A T I O N M U N I C I P A L I T Y S E R V I C E S C I T I Z E N E M A I L citizen@norge.no A C C O U N T
BankID for Government Services Access (login with BankID) Panorama of main supported services Labour & Welfare National health web administration community (patients 5% records and professionals 21 communication) % 3.5 % 3.5 % 60 ePrescriptions Governmental % digitalized forms & services for Businesses & Citizens Email box for Norwegian Citizens 15
BankID for Government Services Access (login with BankID) Main Use case: Secure Login # 1 For the top 5 governmental portals the secure login is the most solicited use case No matter the service, user will have a consistent experience Altinn, the success of dematerialization Since 2003 $$ 4 million citizens registered Millions of 1 million entities registered savings ß 112 million forms sent by citizens & entities ß 83 million administration answers sent 16
Enrolling user to BankID End-user is initially registered physically with passport End-user registers to Mobile ID through their Online Bank using existing hardware token 17
BankID in Financial services 18
BankID for Financial Services A growing portfolio of services despite predominant Consumer Banking usage # 1 1. Consumer Banking +9/10 total BankID transactions Financial Services’ BankID T O P B A N K S F O R B A N K I D transactions represent 90.9% T R A N S A C T I O N S of total ecosystem transactions 11.4 transacti million 2. Credit Cards 3. Mobile Payments 4. Investment Funds Services 0.4% of transactions 0.2% of transactions ons 0.8% of transactions ► 50k ► 25k ► 100k transactions/month transactions/month transactions/month per month 19
BankID for Financial Services How is BankID used for Financial Services? 1. Login Key driver > Regulation in Norway for secure banking 2. Online Payment Validation 3. Signing of Mortgage documents Demo BankID SpareBank 20
BankID in Other services 21
BankID for Other Services 7 % Of others BankID transactions for Online Shopping 500k transacti 3 % Of others BankID transactions ons for Document management per month 60 % Services on the rise Real Estate Of others BankID transactions for Insurance Services Clubs & Charities 29 % Utilities Of others BankID transactions for Telecom Services 22
BankID for Other Services How is BankID used for these other services? 1. Login 2. Sign Up for new service 3. Document signing & mail reception validation BankID transformed Norway’s digital economy when it was first released, enabling processes that typically took over a week to be completed in only a matter of hours. Source: GSMA Norway Case Study 23
If you were about to start over , what would you do differently? • Cooperation is indeed important and the role of Bits(BSK) as a glue setting security requirements have been important for all banks to trust all banks • Governental governence model has been important for certain imporant use cases • AML • Become customer in finance • I would have defined OTP as COI if possible • I would have started improvement on signing earlier • I would not have used Java(but honestly there were nowoption in 2003) • We would have buildt it with one common CA instead of one per Bank 24
If you were about to start over , what would you do differently? • It takes time to build infrastructure, • have people to learn to use it • services that people find usefull • Sucsess is a result of hard work and cooperation in many levels • Between Banks • Banks and MNO’s • Banks and government Mobile ID 23.10.16 25
What do you think is coming with the future solutions on eID/signing? • Eidas with all its standards will be the future ways to implement eID / Signing • It will be mobile • And there will be elements of Biometric however it will take time as it is not mature enough yet • I.e. Enrolment with selfie J Mobile ID 23.10.16 26
Key Figures of BankID on Mobile (2016) Part of the daily digital habits of Norwegians 33 % Of Norwegian Active population* is using Mobile ID 327 providers 900 000 users service 12.6 million transactions all suscribers per month are equiped with SIM card average 14 transactions Mobile ID per user/month *Norwegian from 15 27
Deployment Model BankID on Mobile Bank 1 (CA) Service 1 Service 2 Bank 2 (CA) IDP + AGGREGATOR Service … Bank N (CA) Service N MNO 1 MNO 2 MNO N SUBSCRIBERS SUBSCRIBERS SUBSCRIBERS 28
Statistical information • 5 million people • Population density 13,52 persons pr km2 • Nederlanda 408,13 • Belgia 370,94
Our play of words to handle security • 100+ Adjective • 100+ substantiv • i.e. Yellow submarine
31
32
33 That’s it from Norway ! Thank you !
Recommend
More recommend