As Finland is about to say goodbye to TUPAS for strong customer identification protocol, many organisations need to find an eID broker to ensure compliant and reliable customer authentication. Many businesses will be unfamiliar with eID brokers, and with a number of new players enter the digital identity space, it’s important to know what to look for in a digital identity partner. To help guide your decision, we've prepared a list of the five key questions you should be asking to qualify potential partners.
# 1. Are you part of the FTN?
Organisations offering Finnish Trust Network eID brokering services must meet various criteria for security, and become approved and registered by Traficom. Only companies that are part of the FTN are allowed to offer strong authentication services.
# 2. Is strong authentication your core competency?
Because of the nature of the service—authentication—it’s important that your eID broker has a strong background in digital identity to ensure your critical business channels operate securely, seamlessly, and productively.
# 3. Can you support my business in the future?
An eID broker that specialises in trusted digital identity will have the resources to develop a solution that meets changing regulatory and customer requirements. Another important aspect you should scrutinise is the broker’s track record in delivering solutions to growing companies, especially if their growth is from cross-border business. Having one broker that can support your expansion across various markets will allow you to focus on the commercial implementation of your strategy.
# 4. Do you meet the standards to qualify for ISO27001 and EU QTSP Mark?
A broker who is certified to the ISO27001 standard will be operating a best-practice information security management system (ISMS). This means they will have enhanced capabilities for keeping data secure, they will be resilient against cyberattacks, and will also take a proactive approach to any and all evolving security threats.
The EU QTSP Mark is awarded to a small number of companies whose internal procedures meet the strict standards defined by eIDAS regulation. The mark indicates that the broker delivers the highest levels of security and quality of service.
# 5. How quickly can the eID solution be implemented?
A broker should be able to move at your required speed, offering fast and easy implementation. There should be no more than a week between signing the contract and a testing/pre-production environment going live, so ensure you get these timelines nailed down.