Emerging Bank ID Authentication Services in Europe for E-Signature

Rahim Kaba, March 13, 2018

An important part of any business is to know your customers. Physical identity documents such as passports and ID cards were designed to enable face-to-face transactions however, today’s digital economy is changing the way traditional brick-and-mortar business transactions occur.

As the occurrence of fraud and data breaches plague digital business, enterprises are looking to more advanced authentication options to validate the identity of participants in a digital transaction – whether they are a net-new customer or an existing one. It’s not that organizations want to introduce additional friction into a consumer’s online or mobile activity, but rather they want to ensure there are adequate security features built-in – particularly for their customer-facing digital channels.

In Forrester’s "The State of E-Signature Implementation", principal analyst Craig Le Clair indicates that there are "clear differences between the U.S. and Europe" as it relates to approaches to authentication. While U.S. businesses typically opt for simpler forms of authentication, European organizations place a greater deal of emphasis on authentication. This is in part due to an increased pressure to comply with European Union (EU) regulations such as Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements.

The Role of Financial Services in Building Digital Identity

Identity is central to the financial services industry because it enables digital onboarding and the delivery of new financial products and services. In the EU, there are numerous efforts underway to tackle the identity challenge in the digital age. Financial institutions in particular are well-positioned to drive the digital identity agenda because they are heavily regulated, already act as established intermediaries in many digital transactions, and are generally trusted by consumers as institutions that safeguard personal information and assets.

Emerging Bank ID Services for E-Signature

Countries like the Netherlands, Norway, Sweden and Denmark have developed unique approaches to managing and validating identities. While other EU countries have chosen to either privatize the delivery and distribution of electronic identities (eIDs) or to offer government-issued eIDs, these countries are providing citizens with choice and allowing the banking community, for example, to invest in identity management schemes.

iDIN in the Netherlands is one such bank eID initiative and was created through a partnership between the Dutch Payments Association and the Dutch government. Through the iDIN gateway, the task of authentication is transferred to the banking community, rather than to the individual online merchants. The benefit of this model is two-fold:

  1. Customers use their established banking credentials and therefore don’t need to remember yet another set of credentials and authentication processes. This allows for a secure yet frictionless experience.
  2. Because the banks fundamentally authenticate users, online merchants aren’t burdened with taking on the costly and strict regulatory requirements to identify customers.

iDIN is only one example. Other bank ID authentication services have emerged in Europe, including NemID in Denmark, BankID in Norway and BankID in Sweden. These services have wide applicability – i.e., digital identification and signing documents – and are gaining traction in a number of industries including insurance, government, retail financing, as well as with the fintech community.

These emerging bank ID services in Europe offer a new way of authenticating participants in an e-signature transaction, especially for B2C digital channels where a high level of certainty with respect to the user’s identity is required.

Here’s an example of a step-by-step signing process, as experienced by the signer, using a best-in-class e-signature solution like OneSpan Sign in conjunction with a bank ID service:

  1. Signer reviews the contract (e.g., account opening document) via your company’s online app (and OneSpan Sign)
  2. Signer clicks the signature block to agree to the terms and conditions of the contract
  3. Signer is directed to the bank ID (e.g., iDIN) portal for authentication
  4. Signer authenticates with their banking credentials
  5. If successfully authenticated, the signer is directed back to your online app to complete the signing process

For electronic signature transactions that leverage bank ID authentication services at the point of signing, the resulting e-signed documents are legally binding under the eIDAS regulation.

User Authentication for E-Signatures
White Paper

User Authentication for E‑Signatures

Learn how to create a trusted digital transaction by implementing the right user identification and authentication method.

Download Now

OneSpan Sign's Support for Bank ID Authentication Services

A secure and flexible e-signature solution has to be able to support the different authentication requirements for the simplest to the most advanced signing workflows across a range of sales and delivery channels (e.g., branch/retail, call center, online, remote in-person, etc.) and business processes. An electronic document signing process that occurs face-to-face in the branch, for example, will not use the same authentication method as a remote transaction. OneSpan Sign offers a wide range of authentication methods to validate the identity of participants in a digital transaction.

These methods can be used both upstream in the e-sign process (i.e., before viewing documents in a given transaction) and downstream (i.e., before signing the document). Which method to use depends on factors such as the value of the transaction and the level of risk involved.

Through the OneSpan Sign API, you get immediate access to all of our out-of-the-box authentication options, as well as the ability to integrate with third-party ID services such as iDIN, IDEAL, DigiID, Idensys, France Connect, NemID, BankID and many more. This ensures that only trusted users can complete document-based transactions powered by OneSpan Sign. The end result is a solution that meets eIDAS requirements using electronic identity and signatures that facilitate digital interactions and transactions across the EU.

At OneSpan, we leverage decades of experience delivering e-signature and authentication solutions to some of the world’s most trusted and security-conscious organizations. We believe that our experience in the IT security segment is a real asset to our employees, partners and customers – who can transact digitally using our solutions with trust and confidence. Contact us to learn more.

Rahim Kaba is a passionate and results-driven digital technology leader who has played a key role in advancing digitization initiatives at organizations around the world. As VP Product Marketing at OneSpan, he leads the go-to-market strategy of the company's growing portfolio of solutions.