When Should Businesses Use Biometrics?
BankID with biometrics will significantly enhance the BankID experience for end-users, and companies can offer a more seamless user experience by adopting it.
At the same time, there will be several scenarios that require increased security, where BankID with a password might be a better choice. For most businesses, it would be appropriate to use both to adapt to various usage situations.
We Provide Two Levels of Assurance
BankID offers various products that operate at two different levels of assurance, where "high" is the top level, and "substantial" is the intermediate level.
- Level of Assurance "High": BankID app with a password, BankID with a code card, and BankID on mobile (which is now being phased out).
- Level of Assurance "Substantial": BankID with biometrics.
A Secure Alternative
BankID with biometrics relies on unique physical features such as facial shape or fingerprints and is a secure alternative, even though the service operates at a lower level of assurance than BankID High, where the end-user must use the BankID app or code unit and a personal password.
Additionally, BankID with biometrics complies with the EU's Strict Customer Authentication requirements (SCA). The requirements ensure that electronic payments are made with multi-factor authentication to enhance security in electronic payments.
"The Everyday ID"
BankID refers to the biometric solution as the "everyday BankID" because BankID with biometrics can be used for all purposes that do not involve significant risk to the user or the company using BankID. These risk assessments are up to each individual business to make, to determine which BankID method is appropriate for each use case.
For some businesses, it may not be feasible to use BankID with biometrics because they are subject to strict industry regulations where the assurance level is crucial. While for others, it may be suitable to use biometrics for login but not for transaction processing, such as if they sell high-value goods requiring high-level authentication.
A Guide
When evaluating whether to use BankID with biometrics, you can follow this guide, which provides you with some guidance on what to consider when deciding which solution to adopt.
Use BankID High when the end-user needs to:
- Access sensitive personal information, whether their own or others'
- Sign documents
- Change important personal information (such as registered address, etc.)
- Engage in activities that require significant user involvement. For example, when the user needs to confirm something, like canceling a subscription, changing utility providers, etc.
- Conduct transactions that involve unusually high risk to the user or the user site, such as exceptionally high amounts
Use BankID with biometrics when the end-user needs to:
- Authenticate themselves, e.g., when logging in
- Make payments involving lower sums
- Verify their age
- Authenticate themselves with customer service – getting users to confirm their identity by authenticating with BankID with biometrics
- Log into an app. In this case, BankID provides seamless app login with face, finger, or PIN. This can instill extra trust in your users regarding the service they are using.
We protect our user accounts with advanced anti-fraud systems, ensuring that only the right person gains access. By using BankID with biometrics for app login, you will also be able to retrieve users' contact information, which can be advantageous."
Please note that this is a general guideline, and businesses should conduct their own risk assessments to determine which BankID method is most suitable for their specific use cases.