Information security | S-bank’s “neglect in the most sacred” revealed the vulnerability of bank IDs – The state-provided option is coming to Finns’ phones next fall

Life without bank IDs, it has become quite difficult to stay silent in Finland.

Both tax and health information, Kela and police services as well as online shopping are behind the digital identification offered by banks.

Of course, there are alternatives, such as an official identity card with chips, but they are tougher and have not become common. The digital identification of the identity card requires a card reader on a computer and does not work with a smartphone.

Bank IDs have become the cornerstone of the information society. At the same time, mobile certificates for smartphones offered by telecom operators have become more common.

This week S-bank’s information security problems have, however, raised the question of whether the role of bank and mobile IDs in the lives of Finns is already too great. Hundreds of S-bank customers had access to other customers’ accounts due to a mistake.

Read more: A group of friends was revealed behind the criminal suspicions about S-bank – the police suspect more than 50 payment instrument frauds and are investigating 150 data breaches

Read more: 2,000 euros were stolen from Pertti Aalto’s S-bank account, and the uncertainty continued for months: “The bank said that you should just pay the bill”

Is it healthy that the keys to the digital society are almost entirely the responsibility of private companies?

Minister of Municipal Affairs Sirpa Paatero (sd) does not want to directly comment on the S-bank case, the reasons of which he does not know more closely.

According to him, however, the state administration has become aware of, for example, the aspect that nowadays companies offering identification, i.e. banks and telecom operators, also have foreign ownership.

“The idea that this system would be in Finland is important.”

Paatero is responsible for the digital ID project at the Ministry of Finance, which is trying to fix this very problem. According to him, the system offered by the state would be fundamentally more reliable.

“It is important that we have society’s own identification system that is based on official information. Identification is then at least to that extent ensured.”

Digital the personal identification number project will be considered by the parliament next week. Its goal is to offer an official alternative alongside bank codes, which would also be convenient to use this time.

In practice, it would be a smartphone application. It would be a digital ID card that would allow you to log in to the services you need with a few clicks.

According to Paatero, it should be available to Finns in September next year.

Initially, the application would work for public services, but the government hopes that private companies will quickly adopt it. Bank IDs and mobile certificates are not about to be banned, but an official alternative would come alongside them.

According to Paatero, the issue has been discussed with the banks “with good understanding”. The telecom operators have been more in the fight.

“We have had to have more conversations with them,” says Paatero.

Finland the project is based on EU-level goals. The EU Commission wants all EU citizens to have their own digital wallet in the future, the data of which they can control themselves.

The EU’s aim is to get rid of the situation where people have to hand over their private information to a third party in order to use services. The goal is also that people can decide for themselves the extent to which information is disclosed and where.

Even in Finland, the holder of a digital identity card could, for example, show only his age when asked about his age, nothing else.

In Finland, a digital identity card would be the first card of that “digital wallet”. According to Paatero, later on it could also include, for example, a driver’s license and various certificates, such as a fishing license or firework permit.

When statements were collected on the board’s draft presentation, an extraordinary number of them came from citizens – and the feedback was almost always critical.

According to Paatero, the criticism is divided into two parts.

The first part has been concern about whether the services will be able to be used in the future even without digital devices. According to Paatero, paper transactions will be guaranteed from now on as well.

Another part has been the “big brother is watching” kind of concern that the identification application offered by the state would make citizens subject to state control. According to Paatero, it is a matter of misunderstanding.

“This is precisely where people are getting more power over what information they hand over and where.”

Identification the development has also been monitored in the Ministry of Transport and Communications, which is responsible for coordinating Finnish cyber security.

Minister of Transport and Communications Timo Harakan (sd) in the case of S-bank, two things stand out.

“First of all, it was the financial sector, which according to research has been our most cyber-secure sector, as it should be. In that sense, this was negligence in the holiest of all,” he says.

“Another thing is that our identification is so heavily dependent on bank identification.”

According to Haraka, the Ministry of Transport and Communications also supports efforts to create an alternative to bank and mobile IDs.

However, according to Haraka, “state application” does not have to mean that it is also designed by the state in terms of its user interface. According to him, what should be learned from the experience of the identity card is that simplicity is the key.

“Our ministry has represented the position that it is worth including companies that make our user interfaces and have this customer understanding.”