Bank-ID, Sweden’s largest e-identification system, launched a new digital ID card in June. With about 950,000 users, the company has emphasized the increased security and convenience of the digital ID card compared to a physical one. However, experts warn that there is a major security flaw that makes it easy to forge the card if all the functions available in the app are not used.
The digital ID card boasts several built-in security functions, including an age, name, and social security number that can be visually checked or verified using a moving QR code. Malina Röstlund, spokesperson for Bank-ID, stated that it is very easy to check the epithet on a digital ID card during the launch of the new document.
Despite these security measures, experts highlight the risk of relying solely on visual checks of the digital ID card. Pontus Johnson, a professor at the Center for Cyber Defense and Information Security at the Royal Institute of Technology, explains that if companies do not utilize all the available functions, the digital ID card works worse than a physical one.
Systembolaget, a state-owned company, is one of the entities that solely relies on visual checks of the ID card. Cybersecurity expert Fredrik Blix successfully created a fake version of the ID card with a moving QR code and a moving background in just a few minutes, posing significant risks to the control system of Systembolaget.
The warning issued by experts highlights the need for proper usage of Bank-ID’s new solution to ensure its effectiveness in preventing identity fraud and forgery. The company may need to work on raising awareness and educating users on the potential risks and how to properly utilize the security functions of the digital ID card.
Overall, while Bank-ID’s new digital ID card offers increased convenience and security compared to a physical ID card, it is crucial for users and companies to understand the importance of utilizing all the available functions to avoid potential security vulnerabilities and unauthorized access.