Don't give identity thieves a chance

Nowadays, you are able to use electronic identification (eID), like BankID or Mobilt BankID in Sweden, for numerous services, such as logging into government websites, signing contracts and authorising financial transactions. But along with these digital advantages – as is so often the case – come untold risks.

Instances of identity theft are rising sharply and, on an almost weekly basis, the media reports on new cases involving Swedes who have become victims of identity fraud. Your identity is then used, for example, to access or steal your money. Even if you solely use your eID for a specific service such as Swish (a Swedish electronic payment service), fraudsters who manage to access your eID are able to utilise it for a great deal more than just Swish.

A digital identity is based on something unique to you, such as a confidential digital key on a card, computer or mobile phone, including a PIN code or password to use the key. This is called two-factor authentication, i.e. two different components are required to authenticate (confirm) a user's identity. For example, Mobilt BankID requires users to have access to a specific mobile device and a password. Having only one of these is insufficient – which increases security.

The fidelity of BankID and Mobilt BankID requires that they also possess a number of additional security features, but the most important for you as a user is to protect your unique component and your password.

If your unique component is electronically stored on special hardware, such as an electronic identification card (BankID), you are required to keep the hardware in a safe place and select a secure PIN code.

If it is stored on a device such as computer or smartphone/tablet connected to the internet, it may be exposed to or at risk of attack. Furthermore, devices such as smartphones and tablets are liable to be lost or stolen, as you often carry them with you.

  • When it comes to eID apps (BankID and Mobilt BankID), there are a few important things to keep in mind:
  • When you receive your ID, make sure to carefully follow the instructions from the issuer to ensure adequate security right from the start.
  • Passwords you use to identify yourself must be impossible to guess; in other words, as long and as random as possible. And, of course, keep them to yourself.
  • Make sure your phone or computer cannot be accessed by unauthorised persons, be mindful of them and protect them with a strong password.
  • If you lose your phone or computer, block your eID as quickly as possible.
  • Keep your phone and computer updated with the latest security protection to fend off malicious code and other attacks.
  • Always be sure of the service you are logging into and what you are signing for. This should be clearly visible in the app.

In the latest Combitech podcast episode, I discuss identity theft with my colleagues Susan Bergman and Johan Thulin. Listen to the episode on A-cast (in Swedish).