In a blog on Managersonline, Connectis Product Manager Roderick van Cann sets out the reasons for enabling users to log in using iDIN. Three years after its introduction, the iDIN login can now be used by customers of nearly all Dutch banks.
According to Van Cann, iDIN is the best alternative to DigiD for the private market. It also has a lot of advantages for public service providers. They can accept iDIN as a secure additional login, for example, so that service users have a choice.
A ‘my account’ environment is increasingly the basis for service providers such as banks, insurers and mortgage providers. With such systems, it’s vital that user identification and authentication are based on a secure login, because the customer data that’s exchanged is extremely sensitive.
The Dutch Payments Association introduced iDIN in 2016. It’s a login system suitable for use by a private individual when, for example, making an insurance declaration, requesting data from the Credit Registration Bureau, or applying for a mortgage.
Extensive testing by the Dutch Tax and Customs Administration Service has showed that the system provides an appropriate level of security. What’s more, it’s very easy to use. “Users log in using their usual bank ID, click to confirm, and they’re in. The process is like iDEAL,” says Van Cann.
Roderick van Cann, Product Manager, Connectis
Van Cann also sees iDIN as having numerous benefits for service providers such as insurers, banks and mortgage providers:
1. The data is high quality
When a consumer opens a bank account, the bank verifies things such as the applicant’s sex, initials, surname and date of birth by checking against a legal identity document. “As a result, the data is extremely reliable,” says Van Cann. “What’s more, iDIN applies high data quality requirements. For example, information provided to the bank by the customer themselves, such as their address, is reviewed to make sure it’s complete and correct.”
2. The login or identification process is secure
During login or identification, potentially sensitive personal data is exchanged. “It’s vital that such data doesn’t get into the hands of crooks,” stresses Van Cann. Fortunately, there’s very little chance of that with iDIN. A secure connection is used to present the customer with their bank’s own login page. “The customer enters their access codes within the bank’s secure environment, and that’s where that data stays. The accepting service provider is sent only the data that’s relevant for the service.”
3. Immediate, hassle-free access
According to Van Cann, one of iDIN’s big pluses is that millions of people already have bank accounts and the associated mobile apps, as well as bank cards supported by identifiers or TAN codes. “In other words, all those customers and potential customers have got everything they need to access your online service immediately, without the need to create an account. So, with iDIN, new customers are much less likely to give up early on the customer journey.”
4. Works on all devices
Customers don’t always have their laptops or bank-issue identifiers with them. So the fact that iDIN now works on all internet-enabled mobile devices is really helpful. “The customer uses their bank’s mobile app to log in or identify themselves,” explains Van Cann. “So they don’t need anything like an identifier or TAN codes.”
5. iDIN is fully compliant
As pointed out above, an iDIN user’s identity has previously been verified by their bank. And banks are very diligent when it comes to looking out for identify fraud and the like. iDIN therefore provides ‘high-grade identification’. “The user’s identity is confirmed with a high degree of confidence,” asserts Van Cann.
iDIN therefore meets the criteria for Substantial-level assurance, as defined in the European eIDAS system. Bank logins comply with the Money Laundering and Funding of Terrorism (Prevention) Act as well.
“The security technology involved also facilitates compliance with the General Data Protection Regulation (GDPR). So, as well as giving customers quick and easy access to your online services, iDIN keeps everything secure and compliant,” emphasises Van Cann.
Private ID mandatory under the Digital Government Act
Van Cann has a clear message for any service provider that may still be unsure about adopting iDIN. “Under the Digital Government Act, public service providers are obliged to support DigiD, DigiD authorisations, eHerkenning, eIDAS and one private ID. In my view, iDIN is the best candidate to be that private ID: it’s secure, user-friendly and almost everyone can use it without any set-up,” Van Cann concludes.
Read the original Dutch-language article on Managers Online
Want to know more about enabling iDIN access to your online services? Your Connectis account manager is always happy to talk you through the options on a no-strings basis. Or you can get in touch using the contact form.