iDIN

About iDIN

iDIN is a Dutch eID scheme directed by the Dutch Payment Association (BVN, Betaalvereniging). It is a collaboration between all major Dutch banks to leverage the familiar authentication process of online banking in order to provide major eID coverage to the Dutch market.
iDIN enables natural persons who have been checked against the requirements of the Money Laundering and Terrorist Financing (Prevention) Act (Wwft) to provide one or several specific pieces of data from the records to Signicat customers, through a channel designed for this purpose by their bank. Additionally, iDIN can also be used in combination with SurePay lookups to enhance the user onboarding process.

Transaction types

iDIN supports 3 transaction types:

  • Login: to authenticate a user (uniquely identify a user)
  • Identification: to retrieve user attributes of an authenticated user
  • Age check: to check if a user has passed the age of 18

Available attributes

The following information can be obtained from an iDIN identity:

  • Consumer ID (“BIN”) – unique for each merchant
  • Last name
  • Initials of first name
  • Address
  • Date of birth
  • Gender
  • Email
  • Telephone
  • Age confirmation (18 years old: yes/no) – via the age check transaction

The identity information is issued by a bank, and is not linked to (or checked with) the central identity register (BRP – Basisregistratie Personen) in the Netherlands. The Dutch social number (BSN) cannot be obtained via iDIN (yet). The governmental scheme DigiD can do this.

Important: the iDIN scheme and the issuers do not guarantee that they will be able to provide all the requested attributes.

End-user experience

Use case

The consumer visits the merchant’s website and proceeds to log in with iDIN. The merchant redirects to Signicat and Signicat displays a list of banks that the end-user can choose from. The end-user chooses one of the listed banks and authenticates using the bank-specific authentication method they are used to from their bank (for example, a token, card reader, SMS OTP, or app). Signicat then retrieves a confirmation of a successful authentication in addition to the requested end-user attributes and maps the response to a SAML or OIDC response and redirects back to the merchant.

Demo

Graphical customization

iDIN generates a form with a dropdown of banks to choose from. This form can be added to an iFrame and used as it is and has no styling by default.

Signicat support will help out with the requirements regarding merchant usage and presentation.

Optionally, Signicat’s standard graphical profile can be used for styling. See this page for more info: Graphical adjustments and customization.

Screenshots (without any graphical profile configured)

Test information

Signicat offers 24/7/365 free access to the preproduction environment, preprod.signicat.com.

Starting a transaction in preproduction will result in the following “banks” being available in the issuer list:

The WL Issuer SIM iDIN RABO INT and the Success “banks” will produce successful authentication results with the requested attributes in the response. The other options will produce errors according to the status codes in the dropdown list.

You will not be able to use production bank credentials for testing purposes, however Signicat has built functionality to provide custom test users. If you want to add custom test users to your service, please contact us at support@signicat.com. The available custom test users and their attributes are as follows:

{
	"Marnick van de Braak": {
		"urn:nl:bvn:bankid:1.0:consumer.transientid": "TRANS0123456789",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline1": "Adres 123",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline2": "1234AB Amsterdam",
		"urn:nl:bvn:bankid:1.0:consumer.country": "NL",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 2,
		"signicat.plain-name": "M van de Braak"
	},
	"Martin Henken": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000001",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline1": "Adres 123",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline2": "1234AB Amsterdam",
		"urn:nl:bvn:bankid:1.0:consumer.country": "NL",
		"signicat.plain-name": "M Henken",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 16384
	},
	"Eser Cairo": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000002",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Cairo",
		"signicat.plain-name": "E Cairo",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 20480
	},
	"Ünal Roukens": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000003",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Roukens",
		"urn:nl:bvn:bankid:1.0:consumer.dateofbirth": "19750725",
		"signicat.plain-name": "Ü Roukens",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 20928
	},
	"Armand van Binsbergen": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000004",
		"urn:nl:bvn:bankid:1.0:consumer.legallastnameprefix": "van",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Binsbergen",
		"urn:nl:bvn:bankid:1.0:consumer.18orolder": false,
		"signicat.plain-name": "A van Binsbergen",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 20544
	},
	"Theodoor Sijbers": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000004",
		"urn:nl:bvn:bankid:1.0:consumer.legallastnameprefix": "van",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Binsbergen",
		"urn:nl:bvn:bankid:1.0:consumer.street": "Utrechtplein",
		"urn:nl:bvn:bankid:1.0:consumer.houseno": "127",
		"urn:nl:bvn:bankid:1.0:consumer.postalcode": "5709DK",
		"urn:nl:bvn:bankid:1.0:consumer.city": "Helmond",
		"signicat.plain-name": "T Sijbers",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 21504
	},
	"Anders Notten": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000005",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Notten",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline1": "Vagnvägen 76",
		"urn:nl:bvn:bankid:1.0:consumer.intaddressline2": "45678 Ballefjongberga",
		"urn:nl:bvn:bankid:1.0:consumer.country": "SE",
		"signicat.plain-name": "A Notten",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 21504
	},
	"Martha de Goedbloed-Stokkink": {
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLRABO0000000006",
		"urn:nl:bvn:bankid:1.0:consumer.initials": "M",
		"urn:nl:bvn:bankid:1.0:consumer.legallastnameprefix": "de",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Goedbloed",
		"urn:nl:bvn:bankid:1.0:consumer.preferredlastname": "Goedbloed-Stokkink",
		"urn:nl:bvn:bankid:1.0:consumer.partnerlastname": "Stokkink",
		"urn:nl:bvn:bankid:1.0:consumer.dateofbirth": "19750726",
		"urn:nl:bvn:bankid:1.0:consumer.gender": 2,
		"urn:nl:bvn:bankid:1.0:consumer.email": "martha.goedbloed.stokkink@hotmail.com",
		"urn:nl:bvn:bankid:1.0:consumer.telephone": "+31666867727",
		"signicat.plain-name": "M de Goedbloed-Stokkinkk",
		"urn:nl:bvn:bankid:1.0:bank.deliveredserviceid": 20950
	},
	"Willeke Liselotte de Bruijn": {
		"urn:nl:bvn:bankid:1.0:consumer.legallastnameprefix": "de",
		"urn:nl:bvn:bankid:1.0:consumer.email": "willeke.debruijn@hotmail.com",
		"urn:nl:bvn:bankid:1.0:bankid.deliveredserviceid": "21974",
		"urn:nl:bvn:bankid:1.0:consumer.preferredlastname": "Bruijn",
		"urn:nl:bvn:bankid:1.0:consumer.dateofbirth": "19650310",
		"urn:nl:bvn:bankid:1.0:consumer.country": "NL",
		"urn:nl:bvn:bankid:1.0:consumer.gender": "2",
		"urn:nl:bvn:bankid:1.0:consumer.initials": "WL",
		"urn:nl:bvn:bankid:1.0:consumer.telephone": "+31612345678",
		"urn:nl:bvn:bankid:1.0:consumer.bin": "NLABNA0000000008",
		"urn:nl:bvn:bankid:1.0:consumer.legallastname": "Bruijn",
		"urn:nl:bvn:bankid:1.0:consumer.street": "Pascalstreet",
		"urn:nl:bvn:bankid:1.0:consumer.houseno": "19",
		"urn:nl:bvn:bankid:1.0:consumer.postalcode": "0000AA",
		"urn:nl:bvn:bankid:1.0:consumer.city": "Aachen",
		"signicat.plain-name": "WL de Bruijn",
		"urn:nl:bvn:bankid:1.0:consumer.preferredlastnameprefix": "de"
    }
}

In order to fetch the attributes, you can use the following OIDC scopes:

  • profile
  • address
  • phone

References

http://www.betaalvereniging.nl/

https://www.idin.nl/