E-legitimations must be protected by law

One of the Swedish agencies that attended the day was Premiepensionsmyndigheten and they shared their experiences over the years with login abuse and pointed out the importance that e-legitimations must have a high degree of legal protection.
Non of the issues they had with the different logins was of a technical character with the security measures in themselves.
However, right from the start in 2000, when the agents helped citizens make fund changes, the agents started to use the citizens’ login information. At this time it was a pin-code solution.
– Premiepensionmyndigheten chose to remove this interface after several attempts of discussions with the agents and informing the citizens that this practice of ‘lending’ the pin codes was not allowed.
Switch back to the here and now. The problems with agents using their customers (citizens) login credentials have not ended with the use of stronger electronic legitimation technologies such as BankID.
Again the customers “lent” their credentials to the agents so that changes could be made on their accounts.
– The technical solution to circumvent this abuse was to up the security so that the demands for a fund change could be raised. Now a signature is required before a change can be made and a warning is sent if more than one instance of a BankID login is active on their page at the same time.
Further actions have been filing complaints to the Police to stave the abuse issues. And more debates and dialogues with the agents as well as information to the citizens.
In itself, BankID as a technical solution has not been an issue i.e. the technology has not been broken or hacked and is also considered to have a high degree of trustworthiness.
So of course there are security issues with all electronic solutions, but like in the case with Premiepensionsmyndigheten it was never an issue with the technical solution but how it was used by agents and citizens.

 

If you would like to know more about our solution for Electronic Signatures you can read more here, or contact us at sales@tellustalk.com or +46-8-509 126 00.

Have a nice weekend!
🙂
/Richard

This entry was posted in BankID, E-sign, Tips and tricks. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s