LUP Student Papers

BankID-based Authentication for Phone Calls

• Mark

Abstract

Authentication for phone calls is important for companies with hundreds of customers wanting to access sensitive information. However, it is sub-par compared to authentication when using applications or websites.
In this thesis, seven models have been developed for how to use BankID as the authentication service during phone calls. The purpose of all models is to use the BankID API to provide the agent with the caller’s personal identity number and name. Two models, “manual recitation” and “the SMS model”, were selected and implemented based on criteria of security, ease-of-use, and integration to the existing environment.
In the manual recitation model the agent asks the caller to read their personal identity number aloud, the agent... (More)

Authentication for phone calls is important for companies with hundreds of customers wanting to access sensitive information. However, it is sub-par compared to authentication when using applications or websites.
In this thesis, seven models have been developed for how to use BankID as the authentication service during phone calls. The purpose of all models is to use the BankID API to provide the agent with the caller’s personal identity number and name. Two models, “manual recitation” and “the SMS model”, were selected and implemented based on criteria of security, ease-of-use, and integration to the existing environment.
In the manual recitation model the agent asks the caller to read their personal identity number aloud, the agent then starts the BankID authentication process using the personal identity number.
In the SMS model the agent sends out an SMS to the calling number, this SMS contains a link where the caller can start the BankID authentication process.
The implementation has been used in production with real customers and evaluated using questionnaires, interviews, and tracings. Our results showed that BankID can be used for authentication during phone calls, improving security
while still being easy to use. (Less)

Popular Abstract

How come authentication for phone calls is so much different from when accessing a website or an application? In a world where security is becoming increasingly important, it shouldn’t be. We have implemented two solutions using the electronic identification service BankID in order to improve authentication for phone calls, while still maintaining a smooth experience for the caller.