There is a lot of discussion right now about uncertainty around digital ID card checks, but it doesn’t have to be that way. Trust is good, but verification is better. By implementing our GrandID API, organizations and companies can secure their systems, e-services and apps for verification of the digital ID card.
The service from Svensk e‑identitet for BankID digital ID cards is based on several parameters that are initialized when the digital ID card is physically scanned. We then transmit attributes that allow confirmation of the authenticity of the person’s private digital ID card issued via BankID. The customer is responsible for scanning the QR code. Through our service you can integrate the solution into your point-of-sale system, membership register or similar systems to quickly and smoothly retrieve information from the ID card.
The service can be integrated via the GrandID API, SAML 2.0 or OpenID Connect.
Examples of common use cases
Age verification for age-restricted purchases
A physical retail store that sells age-restricted products needs a reliable way to confirm that customers meet the legal age requirement. The customer’s digital ID card QR code is scanned and our service verifies both the person’s age and that the ID card is a valid BankID-issued digital ID.
Customer registration at point of sale or in a database
A physical store with a loyalty club can let members collect points at purchase by scanning the customer’s digital ID card QR code. The customer’s social security number is returned and can be stored in the system as the unique identifier for the user.
Flexible verification or registration depending on needs
A customer reception desk registering visitors works in the same way: the QR code is scanned and the returned data can be handled according to your internal rules. You decide which attributes to collect and how to process them.
Security aspects that confirm the person’s identity
- The digital ID card from BankID is issued following BankID’s established security procedures.
- An authentication always takes place before the holder can present their digital ID card, which is valid for a limited time.
- Using the QR code and the GrandID API you can verify whether the ID card is valid.
For more advanced verification
When the QR code is scanned through the service, you receive an identity assertion. This is a more advanced verification for strong and reliable identification that meets the following standards:
– The Swedish e‑identification trust framework (Trust Level 3).
– eIDAS regulation for notified eID schemes at the “substantial” trust level.
– Strong Customer Authentication (SCA) requirements according to PSD2.
The QR code follows the technical standard ISO/IEC 18004:2015, model 2, version 4.