About Norwegian BankID
This is a high-level description about Norwegian BankID for readers that are unfamiliar with how Norwegian BankID works.
Norwegian BankID is currently implementing changes to its BankID solution. The main changes are that they are moving towards a more app-based solution and that they offer a new product type, BankID Biometric. BankID Biometric provides a simpler user experience at the cost of a lower level of assurance (substantial).
Use cases
If you are not familiar with how Norwegian BankID is used, here are some typical use cases:
- Identity proofing: To become a customer of a bank, you have to register as a user for the first time. To prove your identity, you can choose to use Norwegian BankID, among others, as an ID method.
- Authentication: As a registered customer with a bank, you will be able to apply for a loan. To be able to log in to your bank, you have to authenticate to prove your identity. Norwegian BankID can be used for authentication, the same way it can be used for registering as a new customer.
- Signing: You can use Norwegian BankID to electronically sign one or more documents, for example a loan application in a bank.
The same service is used for these use cases. However, the ID method can be configured with different flows. For example, onboarding a new customer is a one-time occurrence, while authentication is a repetitive action for the customer. You may set up a simpler user flow for recurring authentications. The level of assurance that is required depends on the services you offer.
Level of assurance
The eIDAS Regulation has established three assurance levels for electronic identification, namely "low", "substantial" and "high", where "high" is the highest level of assurance. The LoA levels in the below table is self-proclaimed by Norwegian BankID. Thus, if you need more information about the level of assurance used by Norwegian BankID, please contact Norwegian BankID.
A lower level of assurance results in the user not being able to perform certain actions which require a higher level of assurance. Scenarios where the user will need a higher level of assurance can be:
- When providing health information or similar person-sensitive information.
- When onboarding users (KYC).
Norwegian BankID's product types
Here is an overview of the product types that Norwegian BankID offers:
Name | Description | Level of Assurance |
---|---|---|
BankID High | Allows end-users identify themselves with the highest identity assurance level. | High |
BankID Biometric | Allows end-users to identify themselves with biometrics (face, fingerprint, PIN). It requires the BankID app installed on a mobile device. | Substantial |
BankID app
End-users can use the BankID app as an authenticator instead of code devices and BankID OTP (one-time password). The app can be used with both BankID High and BankID Biometric (mandatory). The users can download the Norwegian BankID app for free from App Store or Google Play Store. Once installed, the user activates the app by following the instructions in the app.
Screen example (click the arrow)
BankID app
This app includes ID verification by reading ID cards and passports. This will be useful when the Norwegian AML regulation is changed to allow users onboarding remotely.
BankID High
When a user tries to authenticate with BankID High, they must first enter their national identity number ("Fødselsnummer"). Then they are prompted to confirm their login with some authenticator options (BankID with app or BankID with code device), followed by entering a password.
Here is a user flow screen example:
BankID Biometric
BankID Biometric allows users to identify themselves with the use of biometrics. It provides a simpler user experience than BankID High at the cost of a lower level of assurance, substantial.
When a user tries to authenticate with BankID Biometric, they must first enter their national identity number ("Fødselsnummer"). They are then prompted to confirm/continue their login on their BankID app on their mobile device, and are asked to authenticate with one of the following biometrics (depending on how their mobile device is configured):
- Face recognition
- Fingerprint
- PIN
Here is a user flow screen example from an iPhone:
In the above example, you will not see the last biometrics step as it is not allowed to capture iPhone's FaceID.
Result with user information
The user information available after a successful authentication may differ slightly between different issuers. Important parameters are:
- National identity number (fødselsnummer)
- Name
- Birth date
- Valid from
- Valid to
- Issued by
- PID, unique ID specific to Norwegian BankID
For more details about available user information, see the Attributes reference.