undefined | Better HN

0 pointsflemhans4y ago0 comments

In Denmark, you're forced to use the state-run "NemID" for credit card payments, making for some weird situations where you authenticate with NemID inside iframes on shady URLs.

The same NemID is also used to file your taxes, look at all your health info, get married, everything basically.

Credit card payments are much lower security level, and they're basically forcing sharing credentials amongst all the sites you pay on.

0 comments

aenin4y ago

However it also forces everybody to use two factor authentication. On a whole population level I'd bet that's overall a positive tradeoff.

And I believe you can also use sms + password for online transactions.

legulere4y ago

2FA is already mandatory by the PSD2 directive of the EU. I use my debit card as the second factor to access my bank account here in Germany via ChipTAN

flemhansOP4y ago

SMS + password works for some Mastercards still but not Visa.

I don't think it's good that users are taught to accept their primary citizen 2FA on any random website and app where the URL doesn't even show.

cra4y ago

Yeah, same way they have it in Sweden, it's called "BankID" and only a few banks are allowed to issue that

tapland4y ago

I've worked on BankID implementation and it was super smooth, good tools for testing and well documented.

We didn't need to scam anyone though, just have them verify that they were a Swedish resident (had a valid Swedish SSN and we're the ones ordering) :D

3np4y ago

Major distinction being that BankID is privately owned and operated, as opposed to state-run.

j / k navigate · click thread line to collapse