European security agency Enisa is calling on banks and governments to work together to extend the application of national electronic identity cards as tokens for online banking authentication and remote account opening.
In a position paper, Enisa says that as more Internet applications require the entry of user credentials it makes sense to move to a harmonised standard.
With several European states having introduced, or about to introduce, eID cards containing smart card chips, Enisa says it should be technically feasible to use these for universal online authentication.
In particular, the use of eID cards could help banks offer online account opening to customers, which is currently difficult to do. Enisa says that banks which do most of their business online rely on an identification agent (such as post officials in Austria, Germany and Switzerland) to do the initial identification at registration. A national eID card would open opportunities to eliminate the agent from the process, enabling customers to open an account online.
However, one major stumbling block in the use of eID schemes for online banking is the issue of liability. Most banks still rely on credentials they themselves issue to authenticate customers rather than another institution or agency which would effectively own the risk. To overcome this problem governments and banks need to improve cooperation, says Enisa.
Udo Helmbrecht, executive director, Enisa, says: "Electronic identity cards offer secure, reliable electronic authentication to Internet services, but banks and governments must cooperate better to be able to use national eID cards for banking purposes."
Read the Enisa report here:Download the document now 760.7 kb (PDF File)