Cybercriminals take advantage of faults in security and identity verification in online gambling in order to create fake profiles, divert funds and play using fraudulent means
After the chaotic year that was 2020, 2021 is full of good news. It will be a year of significant changes in the Danish digital identity infrastructure for example. In this post we provide a guide that will help you to explore, simply, step by step, the migration from the existing Danish digital ID solution, NemID (literally: EasyID), to the new solution, MitlD (the new national digital ID solution in Denmark), and to make the right choice of a MitID broker for the integration of MitID into your business.
As we already know, following the change in infrastructure from NemID to MitID, companies using NemID today for customer sign-on or authentication purposes will no longer be able to integrate with the identification solution on their own. They will now need to engage a specialized MitID agent or broker. You should be aware that you can’t just jump into this first step, as the right or wrong choice of agent will determine the value that the company subsequently derives from MitID.
NemID is over
In 2010, NemID was launched as one of the best digital identity solutions in the world. NemID offered high security and was simultaneously an excellent example of cooperation between the financial sector and the public sector. But as always, the world continues to move at an overwhelming speed, and even more so in the digital world. So while NemID is still reliable after more than ten years of operation, new challenges and needs arise, and with these, the need to keep up. To ensure that the Danish national digital identity infrastructure can meet these challenges in the future, a major upgrade and modernization of the identification solution has been necessary. Therefore, Digitaliseringsstyrelsen (the Danish Agency for Digitalisation) is now driving the transition process from NemID to MitID, which will come into effect on 6 May 2021.
Welcome to MitID!
MitID is nothing more than a simple modernization of NemID. MitlD differs from NemID at a very basic infrastructural level, which means that companies in the future will have to interact with MitID in a different way than with NemID. To see this even more clearly, we will make a very practical and visual comparison between NemlD and MitlD.
The NemlD infrastructure: the earlier system:
- Two systems: one for government and private service providers and the other for banks only.
- All parties are integrated with NemID, which means that thousands of service providers have a direct interaction with the NemID system.
- NemID integrations are standardised and somewhat inflexible.
The MitlD infrastructure: the new system:
- Only certified MitID brokers or agents will be able to interact directly with the central MitID system. While this change might at first glance appear to be a restriction, it has clear advantages that outweigh the limitations.
- Only brokers are allowed to interact directly with the core system, which means that MitID reduces the level of risk to which the system is exposed.
- It accepts a much wider range of flexibility in the interaction with the host system.
- MitID brokers will be able to customize MitID solutions, and make digital identification a strategic asset for companies in a totally new way, which is not possible with the current NemID.
Big changes for the better with the move from NemID to MitID
Thanks to the migration to MitlD, high-quality MitID, brokers will, in future, be able to create customized identification solutions for companies to match specific requirements, and to support their digital business. And with the advent of new customization options for the digital ID solution, MitID can become much more than just a tactical piece of security software for companies that make the right choice of broker.
What will make your company’s broker competent and better than others? Here, we list the key areas within which MitID’s quality brokers can make a difference, and help companies turn a standard digital identification solution into a critical strategic asset. They are divided into six categories:
- User experience.
- Security levels.
- Risk data collection.
- Brand support.
- Strategic exploitation.
User experience (UX)
To achieve the best user experience or UX, these aspects cannot be neglected:
- A seamless user experience when identifying and authenticating. This feature is absolutely critical. For all those companies that rely on a digital identification solution for on-boarding customers, or for customers to execute online tasks such as payments or banking transactions, this aspect will be necessary.
- A competent agent will be able to customise MitID to ask only for the absolutely necessary data, and to make the user’s interaction with the identification solution very intuitive, while still complying with the MitID regulation and guidelines.
- In addition, MitID enables the use of single sign-on (SSO), which is useful, for example, if two companies offer a collaborative service and want customers to be able to switch from one service to another without having to log in more than once.
- Your company may need to include a digital signature option in your MitID solution. Digital signing ensures a high return on investment in digital channels by freeing up advisors’ time, and allowing them to use self-service instead.
- As digital signing is not integrated into the core MitID system, your firm relies on the agent to be able to offer a high quality signing solution.
The level of security
As you know, security is the key to any identification system, and MitID includes state-of-the-art security. However, maximum security is not always necessary. Sometimes, it is preferable to lower the level of security in favour of better usability. For example, if a user wants to see what his home or car insurance coverage is like, MitID allows companies, through their brokers, to implement individual solutions. These solutions allow access to certain levels based only on a security factor.
A good supplier gets the best choice of the right security level by taking a good look at your situation. And, of course, it has to stand firmly behind its desire to make identification and authentication as seamless as possible for the company and its customers.
Risk data collection
You should be aware that a new feature of MitID, which enhances the security of the system, but also helps to enable context-based security tuning, is the mandatory and continuous collection of risk data collection. The system looks for unusual and suspicious usage patterns, both in terms of geography and device, and which may indicate fraudulent behaviour. If, for example, a Danish user suddenly logs on from a foreign country to a device he or she has never used before, it may be an indication of fraud. Remember that the continuous collection and distribution of risk data is another task that brokers are obliged to perform.
As we have said before, you must not forget that we are facing a change and therefore these are things you have to take into account. You need to be aware that while it is true that MitID implementations must follow certain standards and design rules, the degree of freedom it gives brokers is much greater compared to NemID, in terms of accommodating companies’ look and feel requirements for their individual MitID implementations.
This is important because many companies want the identification and authentication solution, which is mandatory for their customers to use, to not only function smoothly, but also to support and enhance the company’s overall values and brand identity.
Brokers must function as an international hub for digital identification solutions and have access to a fine-meshed network of equivalents from other countries to MitID. Only in this way can the broker offer corporate customers a truly transnational identification and authorisation solution.
A competent broker for your company is one that offers its customers a complete MitID package. This package should include all of the above mentioned points, plus personalised strategic advice and planning. This will significantly enhance the value of the basic (technical) identity solution and make it a key element of your company’s digitization strategy.