BankID with biometrics
See frequently asked questions about BankID with face recognition, fingerprint or PIN.
Frequently asked questions
BankID with biometrics does not support being displayed within an iFrame. The reason for this is that it's more challenging to guarantee security within an iFrame. BankID OIDC is also phasing out iFrame support. We recommend opening BankID using redirects or by opening a new window.
End-users who can use BankID with biometrics (face, finger, or PIN) have enabled this option within the app. Currently, only end-users with the BankID app can use BankID with biometrics.
BankID with biometrics is approved for payments and meets the requirements for Strong Customer Authentication (SCA) according to PSD2 and 3D Secure. The service is at the "Substantial" level according to the eIDAS standard. This means that the service can be used for most purposes.
If you intend to electronically sign a document, you cannot use BankID with biometrics.
However, if you have selected signing to view information, such as the amount and recipient for a payment, and require a level of assurance of "Substantial," then BankID with biometrics is a good choice.
BankID with biometrics uses the built-in biometrics on the phone or computer, also known as WebAuthn. BankID never has access to biometric data but receives a signed confirmation from Apple and Google that the user has authenticated themselves using biometrics.
The new BankID is based on open technology called WebAuthn (The Web Authentication API), developed by FIDO and W3C, with participants from some of the world's largest tech companies. Passwords become obsolete and are replaced by "something you are," along with "something you have," such as your phone or tablet.
WebAuthn is a secure technology that provides strong user protection without sharing unnecessary data. BankID (and WebAuthn) with biometrics/PIN consists of a "key pair" (credentials), including a private key securely stored on your phone, and a public key along with a randomly generated key ID used at the site where you want to log in. Your biometrics or PIN never leave your phone, and the technology is well protected against phishing on fake websites/apps, in part because only legitimate websites/apps are registered with WebAuthn.
BankID with biometrics has a level of assurance of "Substantial." Some businesses may have requirements for using a level of assurance of "High," which involves regular BankID with a password, for example, when handling health information. A level of assurance of "High" is recommended for high-value transactions, such as signing agreements or making large payments.
Beyond that, our recommendation is as follows:
- Use "High" when changing personal information (like the registered address, for example).
- Use "High" for transactions that involve abnormally high risk for the merchant or user, typically for significant amounts.
- Use biometrics for other logins and regular payment situations.
The price of BankID authentication is 1.20 NOK, and BankID with biometrics will be from 0.85 NOK and lower (volume discount). Please note that these prices are between BankID BankAxept AS and our dealers. Therefore, the price may be higher for businesses that purchase BankID through a dealer.
The price for BankID with biometrics will apply regardless of whether the end-user has activated biometrics or not. If the end-user has not activated biometrics, it will be a regular BankID login but at the same price as a biometric login.
The user must have regular BankID with a password and have accepted the terms to use their biometrics through the BankID app. For banks that do not offer the BankID app, users must activate BankID with biometrics through the bank's own app.
Please contact the reseller from whom you purchase BankID, or get in touch with us through the contact form.