[Openid-specs-fapi] Fwd: Letter from Vice-President Valdis Dombrovskis: Comments about Redirection

Anders Rundgren anders.rundgren.net at gmail.com
Fri Feb 22 09:42:15 UTC 2019 

This was very interesting.

It worth noting that the situation in the Nordics is quite different to that of the rest of Europe.
In the Nordic countries there is a concept of a "Citizen ID".
The ID (a number) is defined by the Government but the actual digital credentials, are mostly issued by banks.

This did not start yesterday, in Sweden it started 2001 which explains why mobile P2P payments nowadays is everywhere.
When the ID move to mobile phones it became a "smash hit" with 90% adoption by people aged between 20 and 50.

It will take ages to get ultra-laggards like France (my current country) to get anywhere near this.

A "snag" here is that the Nordic banks have created a virtual "ID monopoly" which not even the Governments have managed to challenge.

Anders


On 2019-02-22 10:25, Dave Tonge via Openid-specs-fapi wrote:
> Dear FAPI WG
> 
> I just received this and think it may be of interest to you:
> 
> Please find attached a letter and attachment from Commission Vice President Dombrovskis.
> 
> He has made some discouraging comments about redirection to webpages and apps:
> 
> __ __
> 
> “*I would like to encourage industry players to shift their attention away from authentication methods that are redirecting TPP customers to the banks' webpages (or apps). This cannot be the basis for innovative and competitive European payment services. *Instead, the focus should in my view be on the development of convenient and secure new authentication methods. Such new forms of authentication, which are now more and more widely used, can be linked to e-IDs, issued by public authorities or private entities as in the Nordic countries, that may be used by customers with numerous market participants…”
> 
> __ __
> 
> …“I also invite industry players to work together to find practical solutions to other problems that payment initiation service and/or account information service providers are facing.**One of them is the regular renewal, every 90 days, of consent for the TPPs’ access to accounts. This consent renewal requires *strong customer authentication, which would be a major inconvenience if done for each bank using conventional authentication methods and possibly redirection to the banks’ authentication pages.*”____
> 
> *__ __*
> 
> **Dave**
> 
> 
> 
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>

More information about the Openid-specs-fapi mailing list