Security and privacy for ID card

With the ID card in the BankID app, you don’t need to bring your passport to identify yourself, you share less data than in situations where you show your passport or driver’s license, and you have a history of which data has been shared, when, and with whom.

What data is stored?

The data that the ID card is based on is retrieved from your passport or national ID card when you scan it with the BankID app. The data that is collected is the document image, national identity number, expiry date, nationality, document number, document type, first name and last name.

Your personal data is stored securely with BankID. The data is encrypted, and you as the user hold the key that can retrieve your personal information. Not even BankID can read your passport data, with the exception of the expiry date and your national identification number.

The expiry date is omitted because the ID card in the BankID app expires at the same time as the passport or ID card you used to activate it. We use your national identity number to link your ID card to your BankID. No one else has access to this.

What personal data do the stores get access to?

Which information each individual shop or business that can read the ID card gets access to is regulated in agreements between Stø AS and each individual point of use. The main principle for data sharing is that we only share the information that is necessary in each specific case, and nothing more.

None of your personal data will be shared unless you have scanned your ID card or given explicit consent. You can see which information has been shared, when, and with whom in the history log.

The stores do not store any data from the ID card

When you use the ID card in a store, the store does not store your personal data. The data is only displayed in a control situation and is not used for anything else. This is stipulated in an agreement between Stø AS, which provides the service, and the merchants that use it.

Protected against misuse

The ID card has several built-in security mechanisms that prevent misuse.

You must have an active screen lock on your phone that has to be unlocked before you can view your ID card. This prevents anyone from accessing your ID card if, for example, your phone is stolen.

The QR code is time-sensitive and can only be used once before you have to generate a new one. If someone gets hold of a picture of your ID card, the QR code will soon become unusable.

You have access to view the history of where you have shown your ID card. This is an extra security feature that lets you see where it has been used, which data has been shared, and the date.

Deletion

You can delete the ID card and its associated data at any time via the app. Your ID card will also be deleted if you have not used it for a year, or when the passport or national ID card you used to activate it expires.