In our previous article on eID schemes in the Nordic countries, we looked at some of the data showcasing the remarkable adoption and engagement rates for such schemes. A robust electronic identification and signature mechanism provides the foundation over which digital service delivery platforms are built.

Digital identification schemes are nothing new. But in the Nordic countries they have clearly assumed an ubiquitous form and become indispensable tools of digital services. Their success serves as a case study for larger, pan-European eID schemes like eIDAS. But what is that makes the Nordic initiatives so successful?

Crypto-agility, or cryptographic agility, is the capacity for an information security system to adopt an alternative to the original encryption method or cryptographic primitive without significant change to system infrastructure. NIST guidelines state “maintaining crypto agility is imperative” to prepare for the quantum computing era. Crypto-agility may be achieved through the adoption of new frameworks for incident response and application development, as well as the acquisition of a service software layer to facilitate crypto-agility in legacy applications.

This article explores how federated signing can resolve some of the challenges banks face when onboarding customers online in the eIDAS and PSD2 era.

The Nordic countries have led the world in digital adoption and innovation for some time now. They often top most digital competitiveness rankings like the 2017 Digital Evolution Index. The index places the Nordic countries in a leading position in terms of user trustworthiness of the digital environment, quality of user experience and consumer behaviours in the digital space. This digital edge percolates into other sectors of the economy and the Nordic countries therefore lead in areas like fintech, digital commerce and online service delivery.

According to draft guidance published by NIST on July 19, 2018, the Triple Data Encryption Algorithm (TDEA or 3DES) is officially being retired. The guidelines propose that, after a period of public consultation, 3DES is deprecated for all new applications and usage is disallowed after 2023.

The Payment Card Industry Data Security Standard (PCI DSS) helps to safeguard cardholders’ private information. The Payment Card Industry Security Standards Council (PCI SSC) enforces the standard through recommendations and requirements that aim to ensure security across all organizations involved in the processing of cardholder information.

To combat fraud in digital identities and provide guidelines for digital authentication, the National Institute of Standards and Technology (NIST) updated its Digital Identity Guidelines in June 2017 and has provided a digital identity model that represents their updated guidelines with technologies and architectures that are currently available. This article describes the NIST model and compares NIST’s US-minded approach with the European eIDAS-Regulation and its legal framework.

In Part 1 of this series, we looked at the objectives or motives behind having an eIDAS enabled digital on-boarding process. In Part 2, we look at the actual process that is followed currently and a few examples of the nifty tools and tricks that some banks, financial institutions and even independent app developers are using to digitize the customer on-boarding process. The process can be further simplified using tools provided by eIDAS for electronic identification and authentication.

The initial client on-boarding is a critical process for banks as well as their clients. For banks, the efficiency and speed of the process can leave a lasting impression in the mind of the customer. It can dictate how amenable the relationship would be in the coming months and years. A cumbersome process can make the customer doubt the technical capabilities of the bank and its ability to service their needs efficiently in the future.