From 1 March, it will no longer be possible to log in to the state authentication service via a bank link. This means that users can no longer access some of the public e-services, such as the state portal or the self-services of the Transport Administration and the ARIB, through a bank link (using a PIN calculator, password, or biometrics). You can still log in to e-services with an ID-card, Mobile-ID, or Smart-ID.
‘The change will not affect private sector services – for example, banks’ e-services can be accessed with a PIN calculator even after 1 March. The bank link is mostly used in the state authentication service to log in to the state portal, the e-service of the Transport Administration, and the e-services of the Information Technology Foundation for Education (HITSA) and the population register,’ said Mark Erlich, Head of the Electronic Identity Department of the Information System Authority (RIA).
A complete list of e-services where people can no longer identify themselves through a bank link can be found at the end of the article.
‘The change will affect up to 7,000 people (about 4,000 people log in solely via a bank link). This accounts for about one per cent of all authentications in the state authentication service. Thus, the number of bank link users is not very large and there are three alternative ways to identify yourself. It is important to understand that the bank link as a service will not disappear as a whole, but due to the reduced user base, we will not support it in the state authentication service from 1 March,’ said Erlich.
In the state authentication service, 1.85 million inquiries were made in October, 2.16 million in November, and 2 million in December, of which about one per cent (1.26%, 0.91%, and 0.82%, respectively) were made via a bank link.
Users will still be able to use an ID-card, Mobile-ID, or Smart-ID for authentication
A bank link is one way for a person to identify themselves in e-services. Estonian residents have an ID-card that can be used to enter e-services, as well as the national Mobile-ID service. You can find a lot of information and instructions on using the ID-card and Mobile-ID on the portal https://www.id.ee/en/. The Smart-ID service can be used for personal identification in the private sector. You need a smart device to use the service. More information on using Smart-ID can be found at https://www.smart-id.com/.
Why will RIA stop using the bank link support?
In the autumn of 2018, the last eIDAS implementing act entered into force, which obliged the citizens of the European Union to provide cross-border access to public sector e-services with eID solutions equivalent to or stronger than those required of their citizens and residents. Therefore, it is important for the public sector e-service provider to know what level of assurance the eID tool used offers when logging in to the service.
The eID devices issued by the Estonian state (ID-card and Mobile-ID) received an assurance level of ‘high’ in 2018, and in 2019, Smart-ID also received a national rating of ‘high’.
It is also possible to use other tools via the bank link, which are usually the bank’s own solutions (PIN calculator, password, application, etc.). However, these solutions do not have an assessment of the level of assurance and, if such solutions are accepted in public sector e-services, it obliges the e-service owner to accept eID tools from other EU Member States that have been rated at least ‘significant’.
Although the bank link contains information with which the bank identified the person, the owners of e-services often do not filter it out of ignorance. It can also be seen that the owners of e-services are not aware of and do not delve into the changes and security of the solutions behind the bank link.
The state authentication service is used by state agencies and local governments
49 institutions have joined the state authentication service with 215 information systems, including state portal eesti.ee, the education portal edu.ee, the e-service of the Transport Administration, Tallinn City Government, the administration system for the state information system (RIHA), eARIB, the building register, the population register, the road register, the e-service of the Unemployment Insurance Fund, the Ministry of Rural Affairs, KredEx, the Government Office, University of Tartu, Riigikogu, the Ministry of Foreign Affairs, Statistics Estonia, eToetus, the self-service environment of the Social Insurance Board, the patient portal digilugu.ee, the Examination Information System (EIS), the Estonian Research Information System (ETIS), the Estonian Sports Register, the Oksjonikeskus auction environment, and others.
In December 2020, the state authentication service received a total of slightly more than two million inquiries in 219 services of 46 institutions with all authentication tools. 17 institutions and 37 services were accessed 16,559 times via the bank link.