Great expectations for Finnish Mobile ID

Simsalapin! (=Acracadabra)

If the legislation on electronic identity authentication is ratified, Finns have no need to carry an ID or debit card next year. Mobile phone with a new SIM card and a PIN code will be enough.

The parliament is working on two legislation changes for electronic identity authentication at the moment. One is on secure electronic identification and the other on electronic signatures, which will make transactions with banks and public sector easier.

-  An independent security control service verified the system to be very good, says FiCom's CEO Reijo Svento.

The Finnish operators DNA, Elisa and Sonera and the financial sector are eager to launch the service.

- The Finnish online banking authentication system was created about 25 years ago and has functioned quite well. There are 340 million online bank entries annually and as many as 16 % use online banking on a daily basis, says TeliaSonera's Development Manager Pekka Turpeinen.

- It's time to develop new services together. It's possible to register mobile IDs by utilising the existing banking authentication systems, which will enable people to draw cash from an ATM or pay bills with their mobile, says TeliaSonera's Product Manager Jan Vettensaari.

The authentication system utilises both SMS messaging and internet and therefore it is impossible to hack. You cannot hack both systems simultaneously, the system developers ensure.

New services
New authentication system opens opportunities for new services. In public sector it enables electronic, legally binding signatures and thus transactions with for example Kela (The Social Insurance Institution of Finland) or the Treasury. For Veikkaus and other gaming organisations it's easy to verify one's age without revealing identity.

- We believe the authentication will be in use in 2010. We're creating a sensible and cost-efficient business model for millions of consumers. The future services will also decrease need for driving, as you no longer have to physically go to civil service offices, says Vettensaari.

There are indirect environmental benefits to consider as well.

- TeliaSonera sends out 36 million sheets of paper weighing 180 tons each year. Online transactions would save both nature, reminds Turpeinen.

Renewed SIM card
Implementing the new system will require considerable investments. Therefore the Federation of Finnish Financial Service, the banking sector and operators are collaborating to launch the services. End-user price of the services will most probably remain on the level of currently used banking authentication systems.

- The aim is that consumers need not leave their homes. The secure SIM card is mailed to them and they can take it into use by activating the SIM with their current online banking authentication passwords.

The new system and the old one will coexist until the mobile ID will replace the currently used systems (such as password lists) completely.

Operators have a strong role in electronic identification, as the SIM card is a secure place to hold the authentication data. If the mobile is lost, there's no hurry to cancel the card unless the PIN code is easily available.

Turkey is a pioneer
Turkey has used electronic identification already for a couple of years. There are already 13 banks and 68 other service providers using it, says Valimo Wireless CEO Juha Murtopuro. He has followed Turkey closely, as Valimo delivered the mobile ID used by the Turkish operator Turkcell.

- Turkey lept over a user generation in online banking and mobile technology. For many Turks the mobile is their first phone and they use it for banking transactions and authentication to various services.

User friendliness is emphasised in banking especially, because one electronic ID can be used for all banks. The old system of password lists apply only to one bank at a time.

There seem to be endless possibilities on how the mobile ID can be used, such as loan applications and stock trading. It is also significant in social media authentication. There are lots of false identities in Facebook and MySpace and it's difficult to verify them. The electronic identification will enhance security and reliability in social media and other online services both between consumers and between consumers and service providers.

Less passwords
Another aspect of security is that with the new SIM card only the real owner of the mobile has access to the device. It will also help with the overflow of password lists - only one is needed.

- More self-services can be provided in the public sector. This will enhance public services efficiency and cost savings, and we're no longer dependent on office hours. Denmark is a good example of this. There's over 100 public services available with a mobile ID authentication.

- There are also savings for companies ahead. There's no longer need for several authentication systems, when one authentication password can be applied to all services. In future all you need is two strings of numbers you can select yourself, says Valimo's marketing and communications director Marika Pirhonen.

- The problem with the old online password lists is for example accessing mutual accounts. With the mobile ID, one consumer may have several profiles simultaneously, for example business and private use or representative of a minor, says Valimo's marketing and communications director Marika Pirhonen.

Tested in Turkey

User experiences
Garanti Bank in Turkey has used electronic authentication for a couple of years already.

- We have used the system since the first day it was possible, 23.2.2007. It's been developed together with operators, says Garanti Bank Vice President Barbaros Uygun by email.

The legislation was ratified already in 2004, but it took 3 years to get the services fine-tuned and ready for commercial use.

- Consumers access their accounts with online and mobile ID. They can do money transfers or draw money from ATMs without debit cards. In the future, electronic ID will be extended to loan applications, insurances and pensions. The technology has been easily adapted, according to Uygun. This was confirmed by a customer survey.

- The service is available by selecting numbers on the screen and confirming the SMS with 6 numbers. This is basic mobile usage and is being used all over the world.

Bank supports electronic ID
The electronic ID is free of charge, when used for Garanti Bank services. Registration and seasonal fee are paid to the operator. The bank covers SMS costs.

- We consider this as subsidising the future online banking. The more there are services like this, the more it encourages consumers to get the mobile ID.

For Garanti Bank the investments in mobile ID were small, as the bank already had capability to identify its customers electronically. Compared to many other development projects in banking, the mobile ID was easy to implement. The biggest challenges were with account numbers. There have been no security issues since the implementation.

The service is available throughout Turkey, but the density of usage varies. The mobile ID is used by 15,000 Garanti Bank customers at the moment.

Kauppalehti 18.5.2009 / Arja Vartia
Original article (in Finnish)