BankID's Secure Start: A Guide for Businesses

Integrating BankID into your services offers secure and rapid identification, favoured by more than 8.5 million individuals in Sweden. Additionally, it provides the capability to safeguard sensitive transactions with the use of signatures.

The varied methods of BankID authentication, from entering personal numbers to using QR codes, will soon unify with the BankID Secure Start update. This change eliminates personal numbers and static QR codes, simplifying and significantly boosting security.

With the mandate set to take effect on May 1, 2024, this update is compulsory for all enterprises integrating BankID into their operations to prevent identity fraud. This article provides an in-depth look at Secure Start, its implications for user interaction, the advantages it offers, and the steps businesses can take to ensure a smooth transition.

Why is Secure Start becoming mandatory?

BankID's Secure Start initiative significantly reduces personal number exposure, safeguarding against potential fraud. This enhancement not only streamlines user access but also fosters greater trust in your system's login mechanism.

The fraud process can look like this:

1. Initially, a scammer acquires a social security number and leverages it to begin the login process for accessing an individual's bank account.

2. Subsequently, the scammer reaches out to the individual via phone, email, or text message, requesting them to confirm their identity using their personal BankID.

3. The individual is deceived into validating their identity with their Swedish BankID.

4. At this point, the scammer gains entry to the individual's bank account.

5. In such scenarios, the perpetrator does not need to be physically present and is able to perpetrate the crimes from a distance, known as distance fraud.

Exploring the Secure Start Update

This update brings a suite of new features, including autostart capabilities, animated QR codes, and integrated telephony services, marking a leap forward in user convenience and security.

The Imperative for Secure Start

The initiative comes in the wake of increasing online identity fraud incidents, with phishing attacks leading the charge. Secure Start aims to close any vulnerabilities exploited by cybercriminals and by doing so, enhance the integrity of digital identities.

Changes in User Experience

The introduction of Secure Start brings two significant changes to the user experience:

• Autostart eliminates the need to manually enter a social security number, making the process more secure and user-friendly.
• Animated QR Code adds a layer of security for device-to-device verifications, preventing the misuse of static codes.

Additionally, Secure Start will extend to include BankID verification during telephone calls, a feature ZignSec is not supporting at the moment, but if you're interested in this feature please contact us.

What do the features mean?

Autostart

The process for initiating BankID verification is changing: entering your social security number is being phased out. Now, clicking on the "Start BankID" button will directly open the BankID app on your device, guaranteeing that the person starting the verification is the same one finishing it.

Animated QR Code

To verify identity on a separate device, like a desktop or tablet, users need to scan a QR code shown on the device's screen using the BankID app. This method, similar to Autostart, enhances security by confirming that the individual starting the BankID verification is the same one scanning the QR code. A dynamic QR code is used to minimize the risk of fraud, preventing the misuse of a static QR code through screenshots.

BankID in telephone

BankID's phone service provides secure verification via calls, initiated by either the customer or the company. This is tailored for businesses that integrate BankID into their call operations. Here's how it operates:

• The BankID app shows a phone icon with the company's name.
• A pop-up asks if the user made a call to the company. If not, it alerts the user and offers a chance to stop the process.

Benefits of Secure Start

Adopting Secure Start through ZignSec presents multiple benefits, including:

• Increased Security: It significantly strengthens the security measures around digital identification.
• Better User Experience: The authentication process becomes more straightforward, enhancing usability.
• Safer Digital Ecosystem: It contributes to creating a more secure and trustworthy digital environment for all participants.

Preparing for Secure Start with ZignSec

ZignSec facilitates an effortless transition to Secure Start. All businesses that utilise Swedish BankID need input and by adopting ZignSec's updated API, businesses can efficiently align with the new standards. Early adoption is recommended to avoid any operational problems.

If you're already a customer of ZignSec you should have tested it before the end of February, and have it integrated end of March.

Wrap-Up

The rollout of BankID's Secure Start is a critical advancement in securing digital identities in Sweden. ZignSec is dedicated to assisting businesses through this transition, ensuring alignment with the highest security standards. Stay informed on Secure Start and other digital identity solutions with ZignSec, your partner in secure digital transformations. Read more on BankID's website.