Cybersecurity

Smart eID: Your digital ID on your smartphone

In Germany, an individual's personal card-format ID has included a chip since 2010 and thus incorporates an eID function. Providing the eID function has been activated, each and every citizen of the Federal Republic of Germany has the option of using it to identify themselves online. Most citizens are aware of this online identification function but very few have used it up to now. This was the finding of a study by the accountants and management consultants PwC in October 2021. The reason for this is cited as being the lack of specific uses for it. 

Smartphone and PIN as proof of identity

The Smart eID Act came into force on 1st September 2021. It legislates for an individual's online ID to be saved on their smartphone and represents the legal basis for the further use of online ID functions – the Smart eID. Up to now, an individual has had to hold their ID card up to their smartphone and enter a PIN. That works with a person's personal ID, the eID card for citizens of the European Union, and the electronic residence permit. But things are set to become much simpler very soon: in future you will only need your smartphone and PIN for an online ID to digitally verify yourself on the internet. It is hoped that administrative matters, such as registering or de-registering a residence or a motor vehicle, will then become much faster and more straightforward. It will also make it easier to prove your identity when shopping online, for example for products for which you need to be over 18 years of age. The Smart eID could also speed up a number of things with contracts, for instance with insurance policies.

The launch of the Smart eID continues to be delayed

However, "smart electronic identification" is not getting off to a good start in Germany. The launch of the Smart eID is now being delayed for the third time. The project was due to start in 2020, and then June 2021 was discussed. This came to nothing, but then the hope was for December 2021. However, this also came and went but, according to the Federal Ministry for the Interior and for Homeland Security (BMI), the launch is now expected to be in the first half of 2022. 

What can the Smart eID do?

The Smart eID is intended to enable an individual to prove their identity using their smartphone and obviate the need for an actual identity card. It will enable people to store their online ID directly on their smartphone. When transmitting data, the ID then only needs to be held up to the smartphone. This process should only take a few seconds – about half as long as electronic proof of identity using an identity card.

But a word of caution: a Smart eID cannot fully replace a traditional ID card. You will need to continue carrying the card with you to identify yourself in the event of police checks, if need be. You will also need it when travelling abroad.

Adequate day-to-day applications and security must be guaranteed

According to the aforementioned PwC study, just over half of Germans had already heard about the introduction of the online ID or Smart eID. But security, above all, needs to be guaranteed for the digital alternatives to be used. Data protection and protection against identity theft are essential. Three quarters of German citizens also require "a sufficient number of everyday applications as well as widespread use by providers, companies and terminals". The security requirements of the Federal Office for Security in Information Technology (BSI) ensure the protection of identity data. The focus here is on the smartphone hardware. In addition, a security chip (Secure Element) is used, which is being installed in more and more smartphones.

However, initially the Smart eID will only work on Samsung Galaxy S devices and not on all smartphones. As a project partner, Samsung already uses Secure Elements that comply with the security requirements defined by the BSI in the first smartphones. In parallel, the Federal Ministry of the Interior is working to increase the number of supported devices.

The ID Wallet app is also having trouble getting started

The path to digitalisation in Germany remains bumpy: in autumn 2021, the Federal Government launched the ID Wallet app with basic ID and digital proof of a driver's licence. However, the system was not designed to meet the high demand (according to the Ministry of the Interior, more than 300,000 successful downloads in the first 72 hours and many more attempts to download it). Security experts also raised doubts about its security. The Wallet app was therefore removed from the stores. In the spring of 2022, the secure infrastructure for digital proof is to be relaunched with the further developed ID Wallet app and additional opportunities for using it will go live in close cooperation with the business community.

Smart eID as an opportunity for insurance companies

First and foremost, Smart eID is to be used for digital access to official authorities. However, over 60 percent of Germans would also use it for private business matters, such as banking transactions, telecommunications providers or when interacting with insurance companies. This represents a big opportunity for insurance companies: we can now create opportunities for using the app as individuals seem to be very willing to use it but say that there are still too few opportunities to do so. The virtual discourse between insurance companies and their customers could be significantly speeded up and simplified with digital identification. It means that interactions, such as concluding or adjusting insurance policies, could be dealt with simply and in a time-saving manner from home. There is clearly a need for digital solutions. It is up to us to implement them.

Text: Mirjam Wilhelm