Taking responsibility ensures the security of electronic identity

SK ID Solutions
Photo: SK ID Solutions

According to the EU plans, by 2030, 80% of the Union's population will use electronic identity. The European digital wallet is also on the horizon, which should replace physical documents and enable various new services, such as a mobile driver's license and selective data sharing. However, in Estonia, it's challenging to find someone who hasn't experienced scam calls, and many have suffered due to such calls, SMS messages, or emails. Despite efforts by banks and service providers to inform people about potential dangers, harsh statistics reveal that Estonian individuals lost 8,3 million euros solely due to fraud in 2023. To truly establish a reliable digital ecosystem, it's essential to implement effective measures not only for consumers targeted by scammers but also for e-service providers and creators of digital identity solutions.

Responsibility of Identity Providers

One company playing a crucial role in ensuring the security of digital identity is the electronic identity provider SK ID Solutions. On one hand, SK aims to provide consumers with secure and convenient access to e-services using ID-card certificates, Smart-ID, and Mobile-ID. On the other hand, it aims to offer e-services confidence that the individual contacting them is indeed who they claim to be.

The responsibility of a digital identity provider, whether it's an international corporation like Microsoft or a domestic one like SK ID Solutions, is to offer individuals a secure and trustworthy means of proving their identity. For example, Smart-ID, offered by SK, has undergone thorough certifications and assessments, with all key stakeholders, including the Estonian government, auditors, and international organizations, confirming its security as an authentication and signing tool. Based on this, Smart-ID is listed in the European trust list, complies with eIDAS requirements, and has gained the trust of not only Baltic but also Icelandic and Belgian residents.

However, criminals worldwide diligently keep pace with technological advancements and are eager to try new methods to obtain data and money from law-abiding citizens. Therefore, ensuring application security is an ongoing task and a constant race against malicious actors. This includes features like controlled and standards-compliant issuance processes for Smart-ID, high-level clone detection, browser and IP-based security, transaction confirmation codes, etc.

In addition to security, an identity provider is obligated to ensure that their solution is always available and functions flawlessly, as this is essential for users to enjoy their digital lives easily and smoothly. Everywhere and always. Intuitive user experience and technical support, if needed, are also the responsibility of the identity provider—thus, Smart-ID users with Apple Watches can now authenticate transactions using their smartwatches in addition to their phones.

Responsibility of E-Services

E-services are primarily responsible for ensuring that their created environment, such as an online store, is technically secure, and the data of their customers is always well protected. This includes analyzing customer usage patterns, such as detecting unexpected logins from other countries, as well as unexpected changes in payment and delivery methods. The task of e-services is to monitor the usage of customer accounts and respond quickly to any suspicions or potential threats.

If there is a suspicion of a possible security risk or unusual activity, the e-service should immediately take necessary measures to protect customers and their data. This may include temporary account blocking, additional authentication, sending warning messages, etc.

Although these measures may sometimes seem burdensome, they help ensure the protection of customer data and prevent potential attacks, as criminals prefer to target pages and services where it's unclear how effectively and strictly threats are being addressed.

One way financial institutions can detect unusual activities is through real-time IP address/location analysis, where the IP initiating the transaction is compared with the IP address from which the transaction is confirmed before the final approval of the transfer. This is a simple yet very important way to prevent fraud, as it is very difficult to dispute the transaction once it is confirmed.

E-services also contribute to raising awareness and provide customers with professional information about new scams and safety tips. This helps increase overall awareness and thus reduce the risk of falling victim to fraud more broadly than just in individual cases.

User Responsibility

If the identity provider has created a flawlessly functioning and always available solution, and the e-store is secure, it creates an opportunity to conveniently manage one's e-life affairs. However, just as with any door lock, the responsibility for security lies not only with the lock company but also with the one holding the keys. In the case of Smart-ID, the secret PIN code serves as this key—for authentication, PIN1, and for signing, or confirming transactions, PIN2. As long as these PIN codes are known only to the user and are entered only in a completely secure environment, the e-identity is protected. Therefore, it is the user's responsibility to keep their PIN codes secret and to be extremely vigilant when entering them, and never forget that PIN codes should only be entered when the user themselves initiated the transaction (authentication or signing).

Users can and must also take care of when and where they create their digital identity, and ensure that the device on which the digital identity solution is installed is protected from unauthorized access. This includes using a screen lock, installing software updates in a timely manner, and the overall secure use of the device and the internet.

A secure digital identity is the responsibility of all ecosystem stakeholders; together, we can maintain and further increase a secure digital world, across borders and services!

7 simple steps to protect yourself and your data in the digital world

1. Abandon passwords and use strong authentication where possible.

2. Review your bank limits to align them with your actual needs.

3. When assisting in registering Smart-ID for a child or an elderly person, guide and explain the importance of its secure use.

4. Be vigilant, read notifications, and verify the requests you confirm with PIN2, and ensure that the transaction was initiated by you!

5. Be patient! If a step seems a bit more complicated than expected, it may be for your protection.

6. Always keep your software up top date.

7. Be cautious about sharing personal information in phone calls, SMS messages, and emails—criminals use various channels to reach gullible individuals.