NATIONAL EID Experiences from Denmark and Norway

10 September 2014 John Christensen and Ari Viljakainen, Nets,

Nets eID products and services Nets eID competencies Market approach Fraud and loss in e-banking Future trends Questions and answers

Agenda

Nets eID products and services

exploit Schemes

Products Banks Public authorities

Private companies

BankID NemID

eID

OTP E-Ident

E-Signing

E-Archive

Nets - proven results

4,4M 4,4 millions NemID users

1,6M 1,6 millions Employee certificates

2,8M 2,8 millions BankID users

350K 350.000 active eID certificates

34M 34 millions Certificate validations

1 billion transactions in 2013

1B

Nets eID competencies

PRIVACY

PKI

SCHEMES

DIGITALISATION

SECTOR CO-OPERATION

SECURITY

Practical eID competencies based on 10 years of experience with national eID schemes Complete project deliveries Strong focus on security aspects related to development and operation Experienced in cooperation with public sector, private service providers and banks Supporting business models tailored to market conditions

• Nets eID products and services • Nets eID competencies • Market approach • Fraud and loss in e-banking • Future trends • Questions and answers

A solid cooperation between the banking sector and the public sector is not a prerequisite to get a successful national e-ID solution – but it helps.

Create a common security solution for the banks, the public sector and the private sector

Give all Danish citizen one logon to all service providers

Improve the level of security

Build a strong authentication and signing infrastructure

Build a platform for digitization initiatives in Denmark

eID objectives in Denmark (NemID)

Market approach

One or more killer applications or compulsory digitization are needed to ensure critical mass 10 - 15 % of users will not be digital Penetration of Smart Phones and tablets must be considered when designing the solution New EU initiatives will affect the national eID solutions New service providers will challenge the eID solutions

Knowledge of NemID

Everybody knows NemID 96% are satisfied with NemID 85% trust NemID 38% use NemID on private web sites 71% prefer login with NemID rather than using multiple logins.

100%

Source: Analyse by MEC Intelligence DK, 11 september 2012

Development in e-banking losses NemID has had a positive impact on the curve

No loss during 1995 – 2005 NemID introduced in 2010 We are continuously evaluating new measures to combat fraud

kr. 0

kr. 1 000 000

kr. 2 000 000

kr. 3 000 000

kr. 4 000 000

kr. 5 000 000

kr. 6 000 000

kr. 7 000 000

kr. 8 000 000

2005 2006 2007 2008 2009 2010 2011 2012 2013

Loss in e-Banking

Netbanktab

Danish banks do not suffer the same level of loss as seen in other countries Countries like Sweden, Norway, the Netherlands and UK are much more exposed to attacks In 2012 UK banks had losses of almost 40 m £. Scaling to Danish conditions we should have about 8 m £ in 2012. We only suffered losses of 0,6 m £!

e-banking losses

The development in other countries

Iris scan

Finger scan

Voice scan

Behaviour Signature

Key stroke

Facial scan

Future trends

Biometrics techniques will improve authentication

Digital signatures will in the future be used

cross border

Logon (authentication) is the first step in the value chain. Next step is advanced web services e.g. loans, which requires digital signatures to bind a legal agreement.

The user is mobile and wants to act and trade instantly.

1-factor authentication will emerge.

New service providers

BIOMETRICS