Only 76% of those using Tupas authentication believe they will meet the new security requirements after the transition, according to a survey conducted by IRO Research on behalf of Signicat.
The protocol used for bank authentication under the name Tupas no longer meets the security requirements for strong electronic identification on October 1, 2019 and must therefore be replaced by more modern protocols such as OIDC or SAML 2.0. The deployment of these protocols requires organizations that make use of strong electronic identification in their online services to make system changes. The order is based on the Finnish law on strong electronic identification and the EU eIDAS regulation.
The provider of electronic services must replace the old Tupas protocol for data transmission with the new message-level encryption technology. The change must be made before the end of the transition period, and Traficom recommends that you switch to this brokerage service at this juncture. This change has no direct impact on consumers.
"It is worrying that despite the long transition period, 24% of companies do not believe they will be able to make the required system changes. Traficom, the agency that oversees electronic identification, has been clear in its position that the transitional period should not be extended. In addition, the threshold for ensuring the legitimacy of identification services is lower, as the company using the identification services does not have to enter into new agreements with the issuing banks, but uses an identity broker, "says Antti Harsunen, Country Manager of Signicat Finland.
Authentication providers (banks and operators) and authentication brokerage services form a so-called Finnish Trust Network (FTN). Trusted network service providers must meet strict security and quality criteria monitored by Traficom. Signicat is one of the trusted brokers for authentication services.
However, in the light of the Signicat survey, the trust network has poor visibility: only 21% say they have heard of it.
“The trust network and the formalization of the role of the network's intermediaries is an important step in the electrification of Finnish society and business. It lowers the threshold for developing and deploying e-services and service channels, as e-service providers now have access to all available means of identification, such as online banking, through a single contract and interface through a broker", Harsunen sums up.
For the survey, Finnish CEOs, corporate IT managers and corporate e-business decision makers were interviewed in July-August 2019.
Signicat has compiled a wealth of information on changes to Tupas bank connections and a trust network on a dedicated theme page. Read more
Signicat has published an electronic guide on the changes and backgrounds associated with electronic identification. The guide also provides plenty of tips for choosing an authentication service provider. The guide can be downloaded for reading on the Signicat website.
Solutions Marketing Manager at Signicat
October 10 2019