BankID-based Authentication for Phone Calls
(2020) EITM01 20192Department of Electrical and Information Technology
- Abstract
- Authentication for phone calls is important for companies with hundreds of customers wanting to access sensitive information. However, it is sub-par compared to authentication when using applications or websites.
In this thesis, seven models have been developed for how to use BankID as the authentication service during phone calls. The purpose of all models is to use the BankID API to provide the agent with the caller’s personal identity number and name. Two models, “manual recitation” and “the SMS model”, were selected and implemented based on criteria of security, ease-of-use, and integration to the existing environment.
In the manual recitation model the agent asks the caller to read their personal identity number aloud, the agent... (More) - Authentication for phone calls is important for companies with hundreds of customers wanting to access sensitive information. However, it is sub-par compared to authentication when using applications or websites.
In this thesis, seven models have been developed for how to use BankID as the authentication service during phone calls. The purpose of all models is to use the BankID API to provide the agent with the caller’s personal identity number and name. Two models, “manual recitation” and “the SMS model”, were selected and implemented based on criteria of security, ease-of-use, and integration to the existing environment.
In the manual recitation model the agent asks the caller to read their personal identity number aloud, the agent then starts the BankID authentication process using the personal identity number.
In the SMS model the agent sends out an SMS to the calling number, this SMS contains a link where the caller can start the BankID authentication process.
The implementation has been used in production with real customers and evaluated using questionnaires, interviews, and tracings. Our results showed that BankID can be used for authentication during phone calls, improving security
while still being easy to use. (Less) - Popular Abstract
- How come authentication for phone calls is so much different from when accessing a website or an application? In a world where security is becoming increasingly important, it shouldn’t be. We have implemented two solutions using the electronic identification service BankID in order to improve authentication for phone calls, while still maintaining a smooth experience for the caller.
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9001947
- author
- Göransson, Anton LU and Asklund, Emma LU
- supervisor
-
- Martin Hell LU
- organization
- course
- EITM01 20192
- year
- 2020
- type
- H2 - Master's Degree (Two Years)
- subject
- keywords
- Electronic identification, BankID, authentication, social engineering, phone calls, spoofing
- report number
- LU/LTH-EIT 2020-741
- language
- English
- id
- 9001947
- date added to LUP
- 2020-01-24 15:25:42
- date last changed
- 2020-01-24 15:25:42
@misc{9001947, abstract = {{Authentication for phone calls is important for companies with hundreds of customers wanting to access sensitive information. However, it is sub-par compared to authentication when using applications or websites. In this thesis, seven models have been developed for how to use BankID as the authentication service during phone calls. The purpose of all models is to use the BankID API to provide the agent with the caller’s personal identity number and name. Two models, “manual recitation” and “the SMS model”, were selected and implemented based on criteria of security, ease-of-use, and integration to the existing environment. In the manual recitation model the agent asks the caller to read their personal identity number aloud, the agent then starts the BankID authentication process using the personal identity number. In the SMS model the agent sends out an SMS to the calling number, this SMS contains a link where the caller can start the BankID authentication process. The implementation has been used in production with real customers and evaluated using questionnaires, interviews, and tracings. Our results showed that BankID can be used for authentication during phone calls, improving security while still being easy to use.}}, author = {{Göransson, Anton and Asklund, Emma}}, language = {{eng}}, note = {{Student Paper}}, title = {{BankID-based Authentication for Phone Calls}}, year = {{2020}}, }