iDIN

About iDIN

iDIN is a Dutch eID scheme directed by the Dutch Payment Association (BVN, Betaalvereniging). It is a collaboration between all major Dutch banks to leverage the familiar authentication process of online banking in order to provide major eID coverage to the Dutch market.
iDIN enables natural persons who have been checked against the requirements of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft) to provide one or several specific pieces of data from the records to Signicat customers, through a channel designed for this purpose by their bank. Additionally, iDIN can also be used in combination with SurePay lookups to enhance the user onboarding process.

Transaction types

iDIN supports 3 transaction types:

  • Login: to authenticate a user (uniquely identify a user)
  • Identification: to retrieve user attributes of an authenticated user
  • Age check: to check if a user has passed the age of 18

Available attributes

The following information can be obtained from an iDIN identity:

  • Consumer ID (“BIN”) – unique for each merchant
  • Last name
  • Initials of first name
  • Address
  • Date of birth
  • Gender
  • Email
  • Telephone
  • Age confirmation (18 years old: yes/no) – via the age check transaction

The identity information is issued by a bank, and is not linked to (or checked with) the central identity register (BRP – Basisregistratie Personen) in the Netherlands. The Dutch social number (BSN) cannot be obtained via iDIN (yet). The governmental scheme DigiD can do this.

Important: the iDIN scheme and the issuers do not guarantee that they will be able to provide all the requested attributes.

End-user experience

Use case

The consumer visits the merchant’s website and proceeds to log in with iDIN. The merchant redirects to Signicat and Signicat displays a list of banks that the end-user can choose from. The end-user chooses one of the listed banks and authenticates using the bank-specific authentication method they are used to from their bank (for example, a token, card reader, SMS OTP, or app). Signicat then retrieves a confirmation of a successful authentication in addition to the requested end-user attributes and maps the response to a SAML or OIDC response and redirects back to the merchant.

Demo

Graphical customization

iDIN generates a form with a dropdown of banks to choose from. This form can be added to an iFrame and used as it is and has no styling by default.

Signicat support will help out with the requirements regarding merchant usage and presentation.

Optionally, Signicat’s standard graphical profile can be used for styling. See this page for more info: Graphical adjustments and customization.

Screenshots (without any graphical profile configured)

iDIN combined with SurePay

iDIN can be used in combination with SurePay, a lookup service. This plugin will make the process of verifying a user’s bank account number much more convenient for both the user and the merchant, with the added benefit that the merchant will be able to gather the user’s personal details from a trusted source.

How it works

  1. The merchant redirects the user to the identity verification process.
  2. The user uses iDIN to authenticate their identity and consents to sharing their identity attributes.
  3. A plugin prompts the user to enter the IBAN of their bank account and provide consent. If the IBAN is already known before starting the identity verification process, it can be included in the redirect URL, in which case the IBAN will be prefilled in this step, and the user will not be able to edit it.
  4. Signicat sends the IBAN (from the plugin) and the user’s identity attributes (from iDIN) to SurePay. The IBAN will always be converted to uppercase, both when it is entered by the user and when it is prefilled.
  5. The merchant gets a response which includes the IBAN, the user’s identity attributes, and whether or not there is a match. If there appears to be a typo in the name, the response will also include a name suggestion. Bear in mind that a message indicating a successful execution does not mean that the IBAN provided by the user is valid or real, just that the communication with SurePay has been successful. The response fields that indicate whether an IBAN is valid and exists are “valid” and “found”, respectively.

If an error prevents the SurePay check from being carried out, only the result of the iDIN authentication will be returned. This includes cases in which the end-user cancels the operation without entering or confirming an IBAN.

Test information

Signicat offers 24/7/365 free access to the preproduction environment, preprod.signicat.com.

Starting a transaction in preproduction will result in the following “banks” being available in the issuer list:

The WL Issuer SIM iDIN RABO INT and the Success “banks” will produce successful authentication results with the requested attributes in the response. The other options will produce errors according to the status codes in the dropdown list.

You will not be able to use production bank credentials for testing purposes, however Signicat has built functionality to provide custom test users. If you want to add custom test users to your service, please contact us at support@signicat.com. The available custom test users and their attributes are as follows:

{
	"Marnick van de Braak": {
		"urn:nl:bvn:bankid:1.0:consumer.transientid": "TRANS0123456789",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline1": "Adres 123",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline2": "1234AB Amsterdam",
		"urn:nl:bvn:bankid:1.0:consumer.country": "NL",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 2,
		"signicat.plain-name": "M van de Braak"
	},
	"Martin Henken": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000001",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline1": "Adres 123",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline2": "1234AB Amsterdam",
		"urn:nl:bvn:bankid:1.0:consumer.country": "NL",
		"signicat.plain-name": "M Henken",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 16384
	},
	"Eser Cairo": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000002",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Cairo",
		"signicat.plain-name": "E Cairo",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 20480
	},
	"Ünal Roukens": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000003",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Roukens",
		"urn:nl:bvn:bankid:1.0:consumer.dateofbirth": "19750725",
		"signicat.plain-name": "Ü Roukens",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 20928
	},
	"Armand van Binsbergen": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000004",
		"urn:nl:bvn:bankid:1.0:consumer.legallastnameprefix": "van",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Binsbergen",
		"urn:nl:bvn:bankid:1.0:consumer.18orolder": false,
		"signicat.plain-name": "A van Binsbergen",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 20544
	},
	"Theodoor Sijbers": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000004",
		"urn:nl:bvn:bankid:1.0:consumer.legallastnameprefix": "van",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Binsbergen",
		"urn:nl:bvn:bankid:1.0:consumer.street": "Utrechtplein",
		"urn:nl:bvn:bankid:1.0:consumer.houseno": "127",
		"urn:nl:bvn:bankid:1.0:consumer.postalcode": "5709DK",
		"urn:nl:bvn:bankid:1.0:consumer.city": "Helmond",
		"signicat.plain-name": "T Sijbers",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 21504
	},
	"Anders Notten": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000005",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Notten",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline1": "Vagnvägen 76",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline2": "45678 Ballefjongberga",
		"urn:nl:bvn:bankid:1.0:consumer.country": "SE",
		"signicat.plain-name": "A Notten",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 21504
	},
	"Martha de Goedbloed-Stokkink": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000006",
		"urn:nl:bvn:bankid:1.0:consumer.initials": "M",
		"urn:nl:bvn:bankid:1.0:consumer.legallastnameprefix": "de",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Goedbloed",
		"urn:nl:bvn:bankid:1.0:consumer.preferredlastname": "Goedbloed-Stokkink",
		"urn:nl:bvn:bankid:1.0:consumer.partnerlastname": "Stokkink",
		"urn:nl:bvn:bankid:1.0:consumer.dateofbirth": "19750726",
		"urn:nl:bvn:bankid:1.0:consumer.gender": 2,
		"urn:nl:bvn:bankid:1.0:consumer.email": "martha.goedbloed.stokkink@hotmail.com",
		"urn:nl:bvn:bankid:1.0:consumer.telephone": "+31666867727",
		"signicat.plain-name": "M de Goedbloed-Stokkinkk",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 20950
	},
	"Willeke Liselotte de Bruijn": {
		"urn:nl:bvn:bankid:1.0:consumer.legallastnameprefix": "de",
		"urn:nl:bvn:bankid:1.0:consumer.email": "willeke.debruijn@hotmail.com",
		"urn:nl:bvn:bankid:1.0:bankid.deliveredserviceid": "21974",
		"urn:nl:bvn:bankid:1.0:consumer.preferredlastname": "Bruijn",
		"urn:nl:bvn:bankid:1.0:consumer.dateofbirth": "19650310",
		"urn:nl:bvn:bankid:1.0:consumer.country": "NL",
		"urn:nl:bvn:bankid:1.0:consumer.gender": "2",
		"urn:nl:bvn:bankid:1.0:consumer.initials": "WL",
		"urn:nl:bvn:bankid:1.0:consumer.telephone": "+31612345678",
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLABNA0000000008",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Bruijn",
		"urn:nl:bvn:bankid:1.0:consumer.street": "Pascalstreet",
		"urn:nl:bvn:bankid:1.0:consumer.houseno": "19",
		"urn:nl:bvn:bankid:1.0:consumer.postalcode": "0000AA",
		"urn:nl:bvn:bankid:1.0:consumer.city": "Aachen",
		"signicat.plain-name": "WL de Bruijn",
		"urn:nl:bvn:bankid:1.0:consumer.preferredlastnameprefix": "de"
    }
}

In order to fetch the attributes, you can use the following OIDC scopes:

  • profile
  • signicat.idin

References

http://www.betaalvereniging.nl/

https://www.idin.nl/