Missed Finovate this year? Watch Signicats demo video

Signicat demo video from Finovate Europe 2017

At Finovate Europe 2017 in London, Signicat demonstrated rapid onboarding and digital signing using Signicat Assure and Signicat Sign.

Signicat Assure uses a combination of existing national eIDs, digital verification of identity papers (ID cards, passports, utility bills etc), commercial identities (for example Facebook and Google) and other methods to verify an identity. The strength of the assurance lies in combining several methods. Signicat Sign allows customers to sign digital documents, which ensures integrity (that the content is not changed), origin (that the signer can be verified) and non-repudiation (that the sender cannot deny the signature).

In case you missed it. Watch Signicats demo video here:

More about Finovate Europe: Finovate Europe

Finovate Europe 2017

When is an electronic signature legally binding?

When is an electronic signature legally binding?

In the digital age, we want to replace the good old handshake and the handwritten ink signature with the more modern and flexible electronic signature.
In the Nordic countries, we are known for our high penetration and coverage of internet access and mobile devices. Important key drivers for the success of building advanced digital services. This has given us many years of experience with electronically signed contracts, resulting in better customer experience and lower handling cost.

With more than 10 years of experience with national eID schemes, as well as with electronic signatures, the alignment and adoption to the national legislation is well in place. At the end of the day it all comes down to the strength of the evidence being put together.

10 years is still a long time and solutions evolve based on requirements and experience.

New EU regulation replaces electronic signature directive

eIDAS (EU regulation #910/2014) replacing the old Electronic Signatures Directive 1999/93/EC, is stating that qualified electronic signatures have the same legal status as a handwritten signature, and must not be rejected.

Up until know the requirements to a qualified signature has been so costly and the user experience has in general been bad, so the adoption has not been widespread and adopted. This has resulted in alternative “solutions” to qualified signatures as mentioned below.

The alternative to qualified electronic signature is called advanced electronic signature. The complexity and requirements in the advanced electronic signature is lower, and have been the basis for many of the successful national eID schemes like BankID in Norway and Sweden and NemID in Denmark.

High priority on both compliance and user friendly electronic signing

At Signicat we are working with our 3rd generation of the “electronic signing ceremony”, where user experience and mobile channels receive top priority.  Our customers are eager to follow the adoption of more user-friendly electronic signing flows, but at the same time focused on compliance and do not take any chances at all in this respect.
Since there are no standards or practical definitions setting the scene for advanced electronic signature, Signicat asked an external 3rd party to do an assessment of our 3rd generation electronic signing ceremony.

We commissioned an international law firm –  Bird & Bird – to do this assessment covering Denmark, Norway, Sweden and Finland focusing on two areas:

– The national eID scheme (electronic signature) in relation to EU legislation (eIDAS – AES – QES)
– The implementation of electronic signed agreements in the national legislation

The conclusion is that the Signicat Signature solution in combination with the national eID schemes covered, comply with the level corresponding to AES (Advanced Electronic Signature) and this has been adopted in the national legislations.

Read the full assessment

If you want to read the full assessment, please fill in the form below to get your copy.

Regulation creates opportunities

2017: A year of new regulations and new opportunities

Regulation creates opportunities

AML4, PSD2, eIDAS and GDPR. The deadlines for implementing these new EU directives and regulations are fast approaching.  Banks, financial institutions and other businesses dealing with personal data are rushing to do what is required to be compliant with the new regulations.

On the other hand, some banks are starting to see that new regulations also creates new opportunities. Take for instance PSD2: It is true that it requires banks to give access to account data to third parties that may be potential competitors. But it also creates an opportunity for banks to leverage their relations to their end customers by offering Strong Customer Authentication (SCA) to third parties.

Banks are uniquely positioned to do this. In some regions, like the Nordics, the infrastructure is already in place. In other regions where this is yet not the case, the banks are in the best position to provide SCA based on identity data they already hold about their customers.

Access to strong eID would be of great value to the fintechs and challengers trying to establish themselves in the market. By offering access to third parties, banks would accomplish two things: Creating a market for value-added services on top of the basic services required by PSD2 and strengthening the relations to the end-customer using the strong eID from the bank to access other services. It could also be used as part of an attractive value proposal to corporate customers of the bank.

Banks cooperating to provide strong eIDs to third parties

The concept of banks cooperating to provide strong eID to third parties is older than the new wave of regulation. It started in the Nordics with BankID and similar initiatives more than 10 years ago. The banks saw that they could profit from selling access to their strong eID to third parties. By making their eID interoperable between banks (as in a federation), they could also increase the frequency of use of the eID, thus creating stronger bonds to the end customer.

What happened in the Nordics in the bank industry is now expanding to other regions and other verticals. Cross-industry schemes and federations for eID are being established by banks, telecommunications companies and others who want to exploit the network effect of providing electronic identity across industries and businesses.

One such example is the partnership between Dutch banks to establish a federation of electronic identity, called iDIN. Another is the MyBank initiative by the EBA. A third is GSMA Mobile Connect, which is driven by the Telco industry.

The common denominator of these initiatives is that they connect existing electronic identity together in federations. Thus, a customer of a Dutch bank can use his online banking login to establish a customer relationship with an ecommerce retailer or a fintech providing account aggregation services.

Initiatives like the Dutch iDIN and MyBank has the potential for rapid deployment of Strong Customer Authentication. They build on existing electronic identity that already is in frequent use for Internet banking, sidestepping the need for costly and time-consuming deployment of new electronic identity.

Now is the time to act

In 2014 Consult Hyperion’s David Birch published the book “Identity is the new money”. That was before PSD2, eIDAS and GDPR. Now, with the effect of the new EU regulations, the title of the book is probably more true than ever.

Signicat has been aware of the opportunities related to new regulations for some time, and we started to expand our cloud based range of services for strong electronic trust outside of the Nordic region two years ago.

PSD2 and other regulations are not only about compliance. They provide opportunities for banks and fintechs to position themselves as being more innovative and forward thinking than the competitors. The ability to provide strong identification and authentication of customers will be a key factor for success.

Signicat is a pioneer in this field with 10 years of experience and over 250 banks, fintechs, insurance companies and government agencies using our online services for strong eID and eSignature.  This gives us a unique position to help European banks to explore the opportunities related to PSD2 and other European regulations.

by Gunnar Nordseth

EBA PSD2

Signicat welcomes PSD2 Strong Customer Authentication

Yesterday Thursday February 23rd the EBA (European Banking Authority) published the final draft RTS (Regulatory Technical Standards) on Strong Customer Authentication (SCA) and common and secure communication under article 98 of directive 2015/2366 (PSD2).

On the first draft RTS the EBA received as much as 244 responses, some of those have influenced this final draft and some not. This final draft RTS is 153 pages of information, guidelines and rules to implement and follow to be PSD2 compliant in terms of Strong Customer Authentication (SCA).

Signicat has been helping our customers for almost 10 years with Strong Customer Authentication and grown our support for many different digital identity methods covering both government schemes, commercial eIDs, proprietary eIDs and of course self-issued eIDs.

Please find the final draft RTS here:

If you want more information about our award winning digital identity cloud based eID HUB or want to receive news and updates from the digital identity space, please get in touch by filling in the form and we will keep you updated.

Frictionless

Signicat on-boarding report from 2016 still topical

Signicat on-boarding report from 2016 still topical

Early 2016 we conducted a market research revealing some of the challenges consumers are facing when they want to change bank or “buy” financial services. This underlines the need for frictionless and great user experience if you want to sell more or attract new customers  for your financial services.

The research told that more than 40% abandons due to too complicated on-boarding processes. Find the full report here.

Last week Chris Lemmon at FStech did a post on a new survey with same conclusions as the Signicat report – consumers won’t spend more than 20 minutes on an application for financial products online. Find the article here.

Take a look at some of our customer references and learn how we have helped them improving their customer experiences entering the digital age.

Blockchain as tool for improving the identity handling

As written in previous blog posts blockchain and digital identity are 2 very different technologies and the blockchain killerapp within digital identity is yet to been discovered. We recognize blockchain as a promising technology with many interesting angles and as part of our strategy to pursue the blockchain as tool for improving the identity handling, Signicat joined the Dutch Blockchain Hackathon (https://blockchainhackathon.eu/) this weekend with a team of hardcore eID and blockchain resources.

At the end, we showed a fully working demo of a blockchain solution, which addressed the following issues.

Safe storage of the user’s private key
One of the challenges with any digital identity schemes which is based on private keys, is that this private key typically is stored on a device in the possession of a user, and if this device is lost, the private key is gone with it. There is no way to get the private key back.

Our demo showed a model where the private key is split into parts, and stored across the nodes of the blockchain, in such a way that no single node has the complete key, but multiple nodes are required to reconstruct the key. The user must prove that he or she is the owner of the key, by using one or more identity providers, as explained in the next section.

Independence of identity provider
In typical identity schemes, the user is dependent on ONE identity provider. If this identity provider is compromised, or if this identity provider decides either to discharge a user or to take control of the private key, it can do so. Instead, we set up multiple identity providers, where the user must authenticate with several of these at the same time to retrieve the private key. In addition, the identity providers must be approved by the blockchain, so an identity provider which has been compromised, will be excluded.

The worst-case scenarios are where a government issuing identities, decides to target a group of users based on an attribute, for example deleting them. The blockchain will provide safe storage, and the users would have other identity providers, e.g. social media or even a private community.

Privacy, and putting the user in control of attribute sharing
A user is often asked to provide some information, e.g. being over a given age or living in a specific country. The current solution is to provide an identity paper, which shows ALL this information and much more, which is not required to share.

By having each attribute verified by one or more IdPs, and then encrypted by different encryption keys, the user can expose any subset of the attributes to the recipient. So, it is possible to share only the date of birth, or even the derived “I’m over 18”, if this is verified by an (or more) identity provider.

We got some blockchain hands on and a working demo to show how blockchain can be used including additional blockchain insights working intense together and meeting a lot of other blockchain nerds J

Signicat take these new technologies very seriously and we therefore have a dedicated blockchain team and innovation test / demo platform to test our latest blockchain ID software on.

By John Erik Setsaas, Identity Architect, Signicat

 

Signicat winner of the Norwegian Fintech Achievement Award 2017!

Oslo, Norway 15th February 2017 – We’re thrilled that Signicat has been crowned winner of the Norwegian Fintech Achievement Award 2017 at .

   

Signicat, the first and largest identity assurance provider in the world, has been named the winner of the Norwegian Fintech Achievement Award 2017. Presented at the Future of Fintech & Banking conference at Oslo Fintech Fest last week, Signicat has been recognised for its outstanding achievement in the Norwegian fintech sector.

The award recognises the Norwegian Fintech company that can demonstrate innovation, market traction and global potential. Fintech is one of the hottest technology segments in Norway today, and the Fintech scene is growing rapidly. With the best digital infrastructure in the world, a population with 98% access to the internet, and a near cashless society, Norway is the perfect breeding ground for Fintech innovation.

 

 

Signicat expands eID coverage to the Netherlands with iDIN and DigiD

Signicat, the first and largest identity assurance provider in the world, now supports two new digital identities in the Netherlands, iDIN and DigiD, increasing its coverage of eIDs across Europe.

These two digital identities give Dutch citizens easy, secure access to any financial or municipal service they use.

iDIN, created by a partnership between Betaalvereniging Nederland (the Dutch Payments Association) and the government, is currently being piloted by a number of banks as well as Signicat. The identity scheme is designed to repeat the success of the Nordic BankID system by providing digital identities with multiple use cases.

Instead of providing identity credentials when signing up to a new service, customers can be authenticated through their bank – a process that is convenient for the customer and more secure for the service provider. The service is set to go live in early 2017, and existing Signicat customers have testing access now.

iDIN and DigiD available to existing Signicat customers now

DigiD is the government-issued digital identity which can be accepted by any Dutch organisation with the authority to use a customer’s social security number, or BSN. While iDIN has been created to provide a digital ID for financial services, DigiD is used for many public services, such as healthcare, legal aid, and utilities. As well as proving your identity when corresponding with the government DigiD can also authorise a third-parties to act on your behalf. As with iDIN, DigiD is available to all existing Signicat customers now.

“Our aim is to be able to establish trust between customers and businesses, and the integration of these two new digital IDs in the Netherlands mean we can continue to realise this goal across Europe,” said Marco Gouw, Sales Director Signicat Netherlands. “The integration of iDIN and DigiID into our platform means that businesses can quickly and securely onboard Dutch customers in minutes – and have trust in their identities – without any need for excessive paperwork.”

With support from The Research Council of Norway.

Read more

Signicat Sign Demo

GlobalData review of Signicat Assure and Signicat Sign demo at FinovateEurope 2017

Signicat Sign demo at Finovate Europe 2017

Sam Murrant, Senior Payments Analyst at GlobalData has shared his review of our Signicat Assure and Signicat Sign products.

Digital ID based on multiple factors
Signicat Assure builds a digital ID for consumers based on multiple factors including ID documents and social media presence, while Signicat Sign enables digital signatures with the same legal force as physical ones. Reviewed by Senior Payments Analyst Samuel Murrant.

Check out the scorecard here.

If you would like more information about Signicat Assure have a look here: Signicat Assure

Signicat Sign Demo
Want to have a look at Signicats Finovate demo video? Continue reading

Blog: Strong identification to explode in Finland

New Finnish legislation and Finnish Trust Network (FTN) will expand strong identification to more and more online services, where it does not exist today, says Country Manager, Antti Harsunen from Signicat.

“At the moment we are at a run rate of a couple of million authentications per month . We believe that next year at this point we are looking at 3-4 times the figures.”says Harsunen.

“We are aggregating all the major Northern and Central-European electronic identities (eID) and Finland has been important market to our company since 2008.”

Finnish Communications Regulatory Authority (FICORA) is working together with other actors in the coming FTN community how to implement the legislation, which applies from 1st May 2017 onwards. FTN consists of eID providers and aggregators.

The objective for the change in the legislation is to make Finland a more favorable environment for digital services and to adopt strong identification easily. A big change is the aggregation services, which acts as a broker between the online services and the eID provider enabling a one-stop shop for the service providers to access all the eID’s with one agreement.

Until now, the service provider is required to make agreements with all eID providers (10 banks + Mobile operator). It has slowed down the implementations and wider adaptation of the strong eID’s in Finland.

For example, only the government online services have more than 1,000 contracts with the different eID providers!

“With the change of the mode of operation is analogous to the Payment Services Act reform in 2010. Thanks to the amendment, online payments through Payment Service Providers (PSP’s) began to become more common in Finland strongly,” says Harsunen.

From 2009 to 2013, the number of online payments increased by 23.1 million units to 56.3 million units. This means almost 2.5-fold increase in a few years.

Signicat believes that strong authentication is increasing particularly strongly in the future, for example in health care, insurance and real estate sector. Signicat’s traditional ”home industry” has been financial sector. The company’s customers in Finland include Lähi-Tapiola, Fennia, If P & C, DNA, Nordnet, SEB and Santander, as well as a number of European financial sector companies.

The new law requires the identification of the proxy service providers approved by FICORA.

“On May 1st 2017, we are ready to provide mediation service as an official one-stop shop for all means of identification. We have provided technical services in the Finnish market since 2008 and now we can finally offer it also contractually! “, says Harsunen.

News service called Digital Identity Service Provider

”There is a  new service provisioning category called Digital Identity Service Provider (DISP). The DISP’s offer Identity On Demand-services for their customers, regardless of geography or eID. Signicat has extremely strong expertise and background of being a DISP for a decade and we aim to be the leader of the pack also in the future”, sums Harsunen.

Signicat’s Mikael Kemppainen is responsible for Presales in Finland. He believes that aggregating eID’s through a DISP makes perfect sense technically as well. ”Alone in Finland there are 11 integrations to various eID providers, why not use a DISP like us with only one integration? The biggest advantages are achieved in international companies that operate in several markets”.

Contacts in Finland:

www.signicat.fi

Country Manager Antti Harsunen
antti.harsunen@signicat.com, +358 40 687 9090

Presales executive Mikael Kemppainen
mikael.kemppainen@signicat.com, +358 40 701 7774