Norwegian BankID

425 views September 15, 2017 June 25, 2020 7

Questions and answers:

Why can’t I choose between hardware token and mobile when using Norwegian BankID?

Signicat allows for integration with both regular Norwegian BankID and Norwegian BankID on Mobile. On a technical level, these are two separate ID methods with separate flows.

Regular Norwegian BankID requires the user to input the following:

  1. Fødselsnummer (Norwegian national identification number)
  2. One-time password (OTP) (usually from a hardware token)
  3. Personal password

BankID on Mobile requires the following:

  1. Phone number
  2. Date of birth
  3. Personal PIN code (typed into the user’s phone)

However, with regular Norwegian BankID transactions only, some end-users are allowed to “combine” these flows by switching out the one-time password step with the personal PIN code used for Norwegian BankID on Mobile. In practice, this allows them to use their phone instead of their hardware token to complete the transaction.

This means that the input flow will consist of the user supplying the following:

  1. Fødselsnummer
  2. Personal PIN code (typed into the user’s phone)
  3. Personal password

There are a number of things to note with this alternative:

  • The availability of this option depends entirely on the user’s bank, as they issued the user’s personal certificate. If their bank supports it, the user will be able to access a menu during the OTP step to use this alternate flow.
  • It is not possible to force these flows as a merchant (a Signicat customer) as it is an innate part of the ID method.
  • Even with this alternate flow, the transaction is still technically and statistically regarded as a regular BankID transaction.
  • If the user’s bank does not allow this alternate flow, they may still allow the user to perform full Norwegian BankID on Mobile transactions.

To ensure that all Norwegian BankID users get their preferred flow, we urge our customers to present both regular BankID and BankID on Mobile as separate ID-methods (most often called nbid and nbid-mobil on the service level).

You can find more information on BankID in our documentation on regular Norwegian BankID and Norwegian BankID on Mobile. For more information on authentication, see our authentication documentation.

If you have additional questions, please contact us at support@signicat.com.

Was this helpful?