TRUST IN THE
Trust is the linchpin of the digital world. Trust makes us give out our credit card details, share our personal information and enter into agreements with services we might not even be familiar with. And the higher the confidence, the greater the opportunities.
TRUST LEVELS MATCHING YOUR NEEDS
Identity is the foundation of trust – both in the physical and in the digital world. When you are certain of who you are dealing with, you can link everything that enables a meaningful relationship between an organization and an individual; responsibility, payment, consent, agreement and delivery.
In order for an identity to be reliable, two things are required:
- A reliable method of transferring the user’s real identity to a digital identity
- A secure way to ensure across time that it is the same individual who holds the digital identity.
An e-ID that meets both criteria can therefore be used as the leverage upon which all your digital business rests. Many make the mistake of settling for the first step. They issue a digital identity with careful checks of the user but allows the identity be borne by a user name and password. As vulnerable as the passwords are now, they do not meet the second criterion, to keep the identity secure across time.
More problematic is that even more businesses are content without any of the criteria; they make no check that the user is who he or she claims to be and lets this weak identity be carried by an uncertain password. In the digital future that awaits, these players will soon be out.
Freja eID is an e-ID designed and reviewed according to Swedish and international standards to fulfill both criteria.
TRUST LEVELS FOR eIDS
To assess the trust level of an e-ID, various international standards have been created. The levels in these different standards are to some extent similar and different services, public and private, may have different levels to relate to. Most often, however, it is up to you as an organization to assess the level of trust you want for your users and we can help you find the level that is appropriate, based on both regulatory as well as security-related requirements.
THE TRUST LEVELS OF
Freja eID is created for both national and international use. We also offer different levels of trust in Freja eID that allow you to choose based on your needs. A user can easy and free of charge upgrade to the different levels when the need arises.
Basic level: In situations where you as a service provider already have an established relationship with the user, or do not have specific requirements on the level of trust, you can use Freja eID as a cloud-based multifactor login. The only thing the user needs to do in relation to Freja eID is to download the app and confirm an e-mail address. This arrangement does not include social security numbers at all, which makes it scalable to all users, regardless of nationality and domicile.
Validated identity: On this level Freja eID validates the identity of the user, who then registers with, among other things, a valid ID document and an ID photo. Then our security personnel do an ID check in and issue an e-ID if all checks are approved. We can currently validate user identities with all the approved ID documents in Sweden, and with passports in Norway, Denmark, Finland and the UK.
The information that we gather from the user varies a bit depending on the country. In general, it is first and last name, social security number, date of birth and e-mail address. In Sweden and Norway we also do an address lookup and for some users we also store their mobile numbers, if they registered with it. In UK there are no social security numbers so we do not gather that data from the UK users.
The quality mark Svensk e-legitimation: In Sweden, DIGG – The Swedish Agency for Digital Government, issues a quality mark to e-ID’s that fulfill certain regulatory requirements. Freja eID fulfills these requirements, but in order to reach the highest level of trust – LOA3 – the user, after validating the identity as above, also has to do a physical ID check at one of our 2000 agents around Sweden.
THE QUALITY MARK SVENSK e-LEGITIMATION
To create a consensus in the issue of eID’s, the Swedish state has developed the quality mark Svensk e-legitimation. It is DIGG – the Swedish Agency for Digital Government which, based on national and international security criteria, reviews and approves Swedish e-ID’s for the quality mark.
Public and private actors with e-services that require e-ID can trust e-ID’s that have the quality mark Svensk e-legitimation, and users can feel confident that it is a secure identity document.
In order to get the quality mark, the e-ID must fulfill the requirements in the Framework of trust for Svensk e-legitimation. The purpose is to make sure that the e-ID can be issued and maintain the trust level which the application refers to. In addition to the technical architecture, the issuer is also reviewed on the following points:
– Financial stability
– Information security work and internal control
– Process for identifying people applying for an e-ID
– Producing and providing of e-IDs
Freja eID + is Sweden’s only mobile e-ID that has been approved for the governmental quality mark Svensk e-legitimation.
PHYSICAL AND LOGICAL SECURITY
Security is absolutely fundamental to Freja eID. Protecting the user’s data and integrity is essential and trust in an e-ID is founded on the fact that it is secure. Freja eID is based on proven technology and world-leading security solutions to ensure the reliability of identity over time.
Verisec, which is behind Freja eID, has been working with IT security since 2002 and handles digital identities for millions of people worldwide. Much of the technology that forms the basis of Freja eID has been developed for banks, authorities and companies with large user groups and is proven and tested in large-scale contexts.