Financial Crime World

Title: Identity Theft: Aloft in the Nordic Skies - The Norwegian Case of BankID

In the digital age, identity has become as precious as money, and just like money, it can be stolen. Across Europe, including Norway, the shift towards digital identity schemes has been a game-changer. But what happens when that identity gets stolen? In this article, we delve into the implications of identity theft through the Norwegian lens of BankID.

Digital Identity: An Overview

  • Digital identities have gained prominence since the EU’s identity eWallet was introduced in 2021.
  • While digital identities bring numerous benefits, they also come with the risk of identity theft.
  • Identity theft not only involves losing access to bank accounts but also the potential theft of sensitive identity information.

Enter the Norwegian BankID

  • The Norwegian BankID was launched in 2004 as a pure authentication and signing solution.
  • Wide acceptance among banks and the government gave BankID an early advantage.
  • While not an identity wallet itself, BankID is extensively used for signing and authentication purposes.

A Look Back at BankID’s Journey

  • By 2007, BankID had over 760,000 users.
  • In 2021, the number had grown to 4.3 million - nearly every adult in Norway.
  • The use cases for BankID stretch beyond banking and include government, healthcare, education, and taxes.

Picking the Locks: An Analysis of BankID Theft

  • The Norwegian Communications Authority (Nkom) reports that identity theft involving BankID is underreported due to privacy concerns.
  • A report by the University of Oslo’s Faculty of Law offers insights into identity theft cases between 2015 and 2021.

Victim Profiles

  • Young people aged 19 to 30 are more likely to be victims of identity theft.
  • Many victims know the perpetrators, often relatives or cohabitants.

Password Protection

  • Many victims unknowingly give their passwords to perpetrators.

Legacy Systems

  • One-time-code generators for BankID are the most targeted systems.

Motivations

  • Fraud is predominantly motivated by financial gain.
  • Loans, credit cards, shopping, and money transfers are common targets.

Costs

  • 56% of reported cases to the police saw no investigation.
  • In resolved cases, victims bore the loss in 33% of instances.

Moving Forward: A Call for Safer Authentication Methods

  • As Europe moves towards identity eWallet solutions, securing user identities is crucial.
  • Phasing out legacy one-time-code generators in favor of app-based authentication systems is recommended.

The Bottom Line

  • Identity theft involving digital IDs poses complex challenges for both consumers and service providers.
  • Prioritizing security, protecting user privacy, and ensuring victims aren’t left to bear the consequences alone is vital.