While digital identities still represent largely uncharted territory in Germany, in Scandinavian countries eIDs were successfully established years ago. There, digital proof of identity is now an integral part of people's everyday lives. It is used daily in public and private sectors and brings great added value not only to consumers, but to public authorities and companies alike. A great example of this is Sweden. How was it possible to get BankID off the ground there and where does Sweden stand today in terms of digital identities?
In this blog post we will discuss the following (use these anchor links for quick navigation):
- How a mass-market eID solution took off in Sweden with BankID
- Implementation of the Swedish BankID by the banking industry
- BankID: Adapting to requirements of the modern world
- Collaboration: Crucial for the successful implementation of BankID
- Critical factors for the rapid success of BankID in real life
- What has BankID brought to consumers, authorities, and organisations?
- What lessons can other countries learn from the Swedish BankID?
How a mass-market eID solution took off in Sweden with BankID
Electronic proof of identity did not just appear out of thin air. Before they could be used effectively the appropriate legal framework for successfully implementing eIDs (electronic proof of identity) needed to be in place. What kicked things off in Sweden was when European law changed and digital signatures became equal to physical signatures in 2001.
This change of legislation had implications creating the potential to push digitalisation forward across industries. With a digital signature, identities could now be proven in a legally binding way which offered a broad set of new possibilities: business deals and transactions could be conducted online and identity-based access to sensitive data was possible. These were important steps.
In 2018, more than half of Swedish users used online services that required identification on a daily basis.
The benefits of electronic proof of identity were extremely lucrative, and banks and government agencies recognised this potential early on:
- In the banking sector, customers could be uniquely identified with eIDs and secure digital signatures could be created online. This made it possible to generate more digital users and expand the banks' entirely digital offerings. It brought advantages of better services, lower costs, and reduced fraud.
- Public authorities wanted to set up their services so that citizens could use them 24/7. An eID was an important prerequisite for this. This brought dramatic improvements and a wider range of services to the public.
However, the first step was to create a secure and user-friendly way to clearly prove digital identities.
Implementation of the Swedish BankID by the banking industry
It was initially unclear how to best implement BankID. Building a new infrastructure for this would have required a lot of time and money. It was therefore decided to build on what already existed.
Swedish banks had already created digital methods to prove identities through their online banking systems. Due to legal requirements to prevent money laundering or the financing of terrorism (hence the "Know Your Customer" principle), this was done at a very high security level. Banks had people present documents and prove their identity in person before engaging in business dealings. They also knew their own customers through existing business relationships.
Various banks formed a consortium with the objective of developing BankID with the initial scope of enabling tax returns online. In 2002, the company Finansiell ID-Teknik was founded, which continued the work of this bank consortium. Just one year later, the first iteration of BankID became available in the form of a certificate. The basis for this BankID were the personal identity numbers in the Swedish population register.
It should be noted that it took just two years (!) from the creation of the legal framework (the above-mentioned change in European law) to the operational BankID – a remarkably quick implementation that many other European countries, like Germany, can only dream of.
BankID: Adapting to requirements of the modern world
Over the years, the Swedish BankID was continuously improved and kept in line with current demands. In 2005, BankID was made available on chips and hence could be integrated into debit cards and credit cards. This further simplified the use of BankID. In addition, products for which digital proof of identity could be used were steadily increased. The public sector as well as the private sector kept creating new use cases to the point that half a million Swedes used BankID just a year later. This trend continued and BankID became dominant in digital authentications.
In order to enable the use of electronic identities anywhere and at any time, Mobile BankID was launched in 2010. However, the initial approach of enabling the use of BankID via SIM cards was unpopular with users. While card readers were no longer required, in most cases users had to get a new SIM card to use Mobile BankID, meaning they were still hardware-dependent. The idea of mobile use of BankID was still good but it needed a better and more user-friendly approach.
No sooner said than done.
Just one year later, a much more successful concept was realised with the development of an app. This further simplified Mobile BankID’s application and users could now securely identify themselves digitally on their smartphone anywhere and at anytime. This served as a huge catalyst for the use of BankID. After the introduction of the app, transactions with electronic proof of identity saw a dramatic increase. In 2017, 95% of 2.5 billion transactions were made using Mobile BankID.
Even ahead of social media: BankID and Swish, a joint app of the major banks for cashless payments, are the most important apps for Swedes.
Collaboration: Crucial for the successful implementation of BankID
What is remarkable about the Swedish BankID is that its success only became possible through collaboration. Individual solutions from banks or telecommunication companies for a digital proof of identity had not been able to achieve success on a broad scale and failed due to a lack of user acceptance.
The Swedish government played a major role in BankID’s success. For one thing, it recognised the potential of digital identification and wanted to harness its capabilities for citizens. At the same time, it was also very pragmatic when it came to BankID’s implementation because banks already had experience in online authentication. Therefore, collaboration was deliberately sought to help make BankID a success. This also fostered everyone's interest and willingness to create further use cases for digital proof of identity.
With BankID as a common solution, banks also demonstrated foresight: they did not stick rigidly to their own authentication solutions but worked together. They of course remained in competition; however, security was no longer a bone of contention but rather the central interest of all participants. After all, if any shortcomings in BankID’s security had been discovered, this would have cast a bad light on everyone involved. Thus, all parties had a great interest in making BankID as secure as possible.
Impressively high user numbers: In Sweden, on average over 90% of 21–70-year-olds have BankID.
Critical factors for the rapid success of BankID in real life
There were several factors that contributed to the success of BankID’s implementation in Sweden. Here are some of the most important ones:
Creating use cases:
For people to adopt and subsequently use eIDs, they need to see clear value for themselves. The crucial question to answer is: "What is in it for me?" Innovations must either improve what is already there or enable something new – electronic proof of identity in the form of BankID can do both. Old-fashioned authentication options may not be able to do nearly as much as eIDs in terms of security and usability, but people are already familiar with them. So getting involved with something new and moving away from what’s familiar needs to seem worthwhile for them.
Even the best innovation is doomed to be ineffective if it is not used and therefore cannot take root. It was therefore crucial that use cases for BankID in Sweden emerged quickly in order to reach the critical mass of users. Originally, it was for filing tax returns in the public sector. However, the private sector followed suit straightaway so there were soon many ways to use BankID. Today, it is used for credit card and bank account management, public sector services, identity-based access to medical records, closing business deals, and more.
Leveraging existing infrastructure:
The introduction of the Swedish BankID took a pragmatic approach: Existing systems were used making implementation much easier. The first step was to look at who already had expertise and experience in secure digital identity credentials and where there was already a corresponding infrastructure.
Swedish banks were subject to strict security requirements. They already had the necessary infrastructure for high-security digital authentication and a broad customer base. Those who were already bank customers and had clearly identified themselves in previous business relationships no longer needed to physically present themselves at the bank with their ID but could apply for their own BankID without such hurdles. This easy online access through banks was BankID’s prime advantage.
Enabling ease of use:
Secure eIDs, which are easy to obtain and have many possible uses, are important pre-requisites for user acceptance. Another factor that plays at least as crucial a role is user-friendliness. It had to be as easy as possible to use an eID, meaning without much effort or high technical hurdles. Here, it was also necessary to improve existing solutions if corresponding optimisation potential was identified. This was also the case with the Swedish BankID.
When Mobile BankID on smartphone SIM cards was met with little response, improvements were quickly made and a year later it was possible to use it via an app. As a result, the use of BankID experienced a tremendous boost because it was now available on smartphones in an easy-to-use way. This success was also reflected in the number of users: eight million Swedes used BankID in 2018. To put this into perspective: back then Sweden's population was around 10.18 million, which means around 80% of Swedish citizens used BankID! Via mobile use, the eID arrived in Swedish everyday life - today it is by far the most-used form of online authentication.
The identification methods for online services in Sweden such as BankID were already preferred years ago.
What has BankID brought to consumers, authorities, and organisations?
The eID in the form of the Swedish BankID is a success story: the user numbers as well as the number of transactions carried out speak for themselves.
The implementation of BankID brought citizens and customers the possibility to prove their identities digitally, in a legally secure and simple way. Due to the large number and range of use cases that were created many different offers and transactions could take place digitally, regardless of place and time. BankID enabled significantly better user experiences, saved time, and enabled people to take care of their business in a flexible, convenient and, above all, secure way.
For government agencies, BankID created a new platform for offering services to citizens. Processes could be managed securely and digitally, and many old-style mailings could be eliminated saving considerable paper and postage costs. In addition, processing could be carried out faster and in a more timely manner.
Organisations saw significantly higher security in their digital offers, services, and transactions.
Over 90% of BankID use is for services provided by the private sector.
By using a third-party vendor, enterprises were able to effectively outsource the verification of digital identities. Businesses, especially in the financial sector, quickly realised significant efficiency increases such as cost reductions and an increase in revenue thanks to BankID. Processing procedures such as loan applications and construction financing, became paperless and could be carried out as soon as the documentation became available. Services that could now be used 24/7 attracted new customers. This optimisation of existing processes also significantly reduced the dropout rate of customers; for example, it was no longer necessary to apply for a credit card online, wait for forms in the mail, sign and return them, and then wait again for the credit card in the mail. With BankID this process could be conducted completely digitally, without interruption or change in data mediums.
What lessons can other countries learn from the Swedish BankID?
The example of Sweden clearly shows that eIDs work and bring great added value for authorities and enterprises, but also for citizens and consumers. The potential for eIDs to serve as a catalyst for the digitalisation of the economy overall is vast. Therefore, it is more than worthwhile to implement them.
When eIDs were introduced, Sweden, Norway, Finland, and Denmark took different approaches regarding the degree of cooperation required. In some cases, individual databases remained independent and the necessary data exchange was solved via common interfaces, in others integration was seen as preferable. What remains, however, is the fact that collective action, in the Swedish example of authorities and banks, proved to be very successful.
The implementation of eIDs can happen swiftly as long as there is the will to do so and authorities and enterprises work together pragmatically. If access to eIDs is made easy and there are sufficient use cases, high user acceptance and usage rates can be achieved quickly. In Sweden, for example, digital identities in the form of BankID are now used regularly and organically for a wide range of everyday needs.
eIDs have become part of everyday life in the Nordic countries. BankID also impressively demonstrated that a successfully implemented eID can become the basis for future projects. In Sweden, the success of BankID strengthened the trust in cooperation between the big banks and Swish was born. Today, this is the second most popular P2P payment method in Sweden with around 8 million users.
The Swedish BankID is a success story for everyone.
- What is the situation of digital identities in Germany?
- Where does Germany stand regarding the implementation of a secure eID?
You will find the answers to these questions in our next blog post.
Special thanks to Signicat for providing valuable information and stats that helped shape this blog post.
If you would like to know more about eIDs as a value driver in Scandinavian countries, you can find more details here (German link). For more information on digital identities, find more Signicat resources here.