Back to Blog
blog image

New edition of BankID authentication

Published: February 12, 2024

BankID is a widely used method in Sweden for secure logins. The method enjoys high trust and is used for everything from logging into government websites to handler logins for Lantero's whistleblower service. During the spring, security will be enhanced with an upgrade called "BankID Secure Start."

The background is that there have been frauds where scammers have deceived users into authenticating fraudulent activities remotely. Therefore, from May 1, 2024, the so-called "secure start" will be mandatory for BankID login and authentication, with some exceptions. (The upgrade is already implemented in the Lantero service.)

The most significant change is the removal of the option to initiate authentication with a personal identification number (personnummer). This option has been an easy way for scammers to activate a user's BankID service during a phone call, making it seem like a confirmation of the transaction's legitimacy. Since personal identification numbers are public and relatively easy to obtain, it has become a common method for scammers to access various e-services.

Changes with "secure start" aim, among other things, to ensure that the customer's BankID is physically located in the same place as the device accessing the e-service. To achieve this, two separate methods are established: a moving QR code and auto-start for BankID on the same device.

With a QR code, it becomes easy for the user to scan the code on the computer with their mobile phone. The fact that the QR code is dynamic means that it regularly changes appearance, making it more difficult for someone at a distance to capture a photo or screenshot for login. Overall, logging in with BankID and the respective e-service from different locations becomes relatively challenging. At the same time, logging in remains easy for those using Mobile BankID on their mobile phones.

For those who want to log in to a service from the same device where they have BankID – typically logins to e-services via mobile phones – increased security is achieved with "auto-start."

The BankID app is launched directly without intermediate steps on the device where the login occurs. With this setup, the customer experience is simple and smooth, while security increases by reducing the risk of scammers exploiting intermediate steps in the login process.