A study funded by the European Commission

September 13, 2018

How electronic identification (eID) can benefit SME
business

Part of an eIDAS study supporting the uptake of eIDAS services by SMEs

EEMA
September 13, 2018
Welcome
Jon Shamah (Chair, European Association for e-
Identity and Security - EEMA)

eIDAS study on pilots for replication of multipliers 3

Housekeeping

Questions?
Please enter any questions into the chat box and we shall
endeavour to answer them towards the end of the
webinar.

eIDAS study on pilots for replication of multipliers 4

AGENDA

eIDAS study on pilots for replication of multipliers 5

AGENDA

• Introduction (5min)
Jon Shamah (Chair of the European Association for e-Identity and
Security, EEMA)
• Introduction to eID and trust services
Marie Eichholtzer (EU Digital Policy Consultant at Deloitte)
• The benefits of eIDAS integration into business processes
Marie Eichholtzer (EU Digital Policy Consultant at Deloitte)
• Q&A and conclusions (10min)
Jon Shamah

eIDAS study on pilots for replication of multipliers 6

Introduction

eIDAS study on pilots for replication of multipliers 7

Why do we need Trust Services ?

• Fear
• Uncertainty
• Doubt

eIDAS study on pilots for replication of multipliers 8

Why do we need Trust Services ?

• Fear of technology failure

• Uncertainty over security
• Doubt over commercial
governance

eIDAS study on pilots for replication of multipliers 9

Why do we need eIDAS Trust Services ?

• There is no obligation for the Private Sector to

adopt eIDAS, but its use between counterparties
in any form of transaction reduces risk.

eIDAS study on pilots for replication of multipliers 10

Why are they so complicated?

• The European Union is made up of 27+ Member States, each with

their own priorities, political drivers and cultural background. This
extends to their views on privacy, data protection and the relationship
between Citizens and State.
• Each Member State has its own types of eIDs, citizenship registry
records, etc.
• Contrary to public perception, there are only a few issues where the
European Union can legislate directly for actions in Member States.
• eIDAS is a regulation which applies to all Member States but respects
each Member State’s preferences.

eIDAS study on pilots for replication of multipliers 11

How do we improve adoption of eIDAS in private sector SMEs?

• It is appreciated that every industry has its own needs, and SMEs in
particular do not always have the resources to implement the
solutions.
• In reality eIDAS is split up into two sections: eID and Trusted Services.
• This second Webinar in the series is aimed at the general use of eIDAS
eID services and how they can benefit the SME.
• The next, and third Webinar will address the use of Trust Services in
detail.

eIDAS study on pilots for replication of multipliers 12

Course description

• In this webinar we will:

• discuss the eIDAS regulation at a general level

• show how the eIDAS regulation and specifically, eIDs can be used
to advantage

• Describe a practical example of an eID implementation

eIDAS study on pilots for replication of multipliers 13

Introduction to eID and trust
services
Marie Eichholtzer (EU Digital Policy Consultant at
Deloitte)

eIDAS study on pilots for replication of multipliers 14

Context
Blurring of lines between the physical and digital worlds

eIDAS provides a predictable regulatory

environment to enable secure and seamless
electronic interactions between businesses, citizens
and public authorities...

eIDAS study on pilots for replication of multipliers 15

eIDAS regulation
Two legislations in one

Electronic identification Trust Services

• Mutual recognition of nationally-issued eID

• Common regulatory framework for trust
schemes for natural and legal persons
services
• used to access public services
• at the national and EU level
• across borders
• for the public and private sector
• Voluntary acceptance to access private
• As of 1st July 2016
services
• Qualified vs. Non Qualified
• As of 29th September 2018
• EU Trust Mark and EU Trusted List
• Notification process
(pre-notification, peer review, notification)

eIDAS study on pilots for replication of multipliers 16

Electronic identification
Prove who you are remotely

eID stands for electronic identification

scheme

It is a way to prove your identity online

You can use it to access online public

services and private services:

Electronic
identification

DECLARE YOUR ACCESS eHEALTH OPEN A BANK

TAXES SERVICES ACCOUNT

eIDAS study on pilots for replication of multipliers 17

What happens when you use your eID?
Authentication and Sharing of identity attributes

First Name Legal Name

√
Family Name Identifier
Date of Birth
Identifier Current Address
VAT Registration Nbr
Tax Reference Nbr
Birth Name(s) Dir. 2012/17/EU identifier
Place of Birth LEI
Current Address EORI
SEED
Gender SIC

Prove that you are eIDAS Minimum

who you claim to be Dataset

eIDAS study on pilots for replication of multipliers 18

eIDs can take different forms…
Which are called « eID means »

SMARTCARD LOGIN
MOBILE APP
With a PIN With a Password
With a PIN
With biometrics With a PIN
With a SMS
With biometrics With a selfie
(eg. fingerprint, facial
recognition, voice)

eIDAS study on pilots for replication of multipliers 19

 … And different levels of assurance
Keep security proportionate to the sensitivity of the service accessed

Risks are Presentation of identity information

mitigated
Low With secure authentication methods
E.g. Consult your library account

Verification of identity information

Substantial With strong authentication methods (multi-factor)
E.g. Check your state pension, Request a VAT number

Risks are Face-to-face registration with verification

minimal
High With very strong authentication methods (multi-factor)
E.g. Access your eHealth record, fill-in your taxes

eIDAS study on pilots for replication of multipliers 20

 11 eIDs available under eIDAS
List of pre-notified and notified eID schemes

Pre-notified eIDs

Notified eIDs

Access the latest list: https://ec.europa.eu/cefdigital/wiki/x/iw3oAg eIDAS study on pilots for replication of multipliers 21
More eIDs are available in Europe
Public solutions, Private solutions and Public-Private partnerships

eIDAS study on pilots for replication of multipliers 22

https://asquared.company/en/blog/e-identity-solutions-in-europe-an-european-overview-769/
Trust Services
Increase the confidence in the authenticity and integrity of electronic transactions

Qualified Web
eSignature Authentication
Certificate

eTimestamp

Join the webinar #3

on Trust services
Electronic 27 September 2018
eSeal
registered
Delivery
Services

eIDAS study on pilots for replication of multipliers 23

The benefits of eID Integration into
business processes
Marie Eichholtzer (EU Digital Policy Consultant at
Deloitte)

eIDAS study on pilots for replication of multipliers 24

Current trends
Why SMEs need and may want to use eID

Increased number of online Enhanced identity checks Security concerns and data
transaction required protection

eIDAS study on pilots for replication of multipliers 25

Different types of eIDs can be used by SMEs

EIDAS

TRUST
TRUST
CROSS-BORDER

Public or Private Private solutions verified Other eIDs

notified eID
You can reuse (one of) your national
notified eID to access public and/or
private services directly across borders
by eIDAS
The solution provider has requested you to
authenticate to its solution once with your
notified eID. He received a confirmation from a
trusted source of your identity and attributes
Other types of eIDs may be available in your
country and reused in a specific sector. It is
important to check national and local users’
preferences. Although you won’t benefit of the
trust of eIDAS nor the cross-border advantage
eIDAS study on pilots for replication of multipliers 26
 How to reuse eID in your business processes
Three different options …

Some countries limit public services

Use your eID to access public services access to the governmentally-issued
1 E.g. Create a VAT number in another EU country eID

The services available depend on

Use your eID to access private services your selected eID, check it prior to
2 E.g. Order restricted goods (alcohol) for your restaurant
enrollment

Integration of an eID solution to

Integrate eID into your own business processes your business processes (e.g.
3 E.g. Strong checks of customers’ identity
website) is subject to the terms and
conditions of each specific eID
solution

eIDAS study on pilots for replication of multipliers 27

How does it work ?
Use your eID to access public services (Option 1) and private services (Option 2)

Enroll and get Set up your

your identity mean of
proofed authentication

1 2 3 4 Public services

Select an eID Pay a fee

Banking
solution available (depending on the
solution)
in your country
Justice and taxe
5
Browse the website Your entitlement Health and
of the service you to access the social security
want to access service is checked

6 7 8

Authenticate to Access the

the service online services !

eIDAS study on pilots for replication of multipliers 28

 How does it work ?
Integrate eID to your business process (Option 3)
The customer
browses the
website
1 2
The retailer integrates the most
common eID solution(s) among
his customer segment to his
website
3
The customer
validates his
basket
The user authenticates
4 and his date of birth is
shared with the retailer
The retailer receives
payment and sends
the parcel
5 6 7
The retailer gets assurance The customer
that the customer is above receives his order !
18 (and not a minor using the
credit card from his parents)
eIDAS study on pilots for replication of multipliers 29
The benefits of electronic identification

Secure
Paper IDs can be forged. eID
Convenient benefits from strong
authentication. It is a
The automated transfer of
safeguard for SMEs and
data makes transactions faster
customers
and less prone to manual data
entry mistakes and comes Up-to-date
from a trusted source.
An eID can be revoked (e.g. in
Convenience for customers is
case of theft) and more easily
also improved (e.g. no need to
updated (e.g. change of
create an account)
address) allowing SMEs to
always access the latest
accurate information

Flexible
eID adapts to your needs.
Private solutions can be
Time saving Cross-border
tailored to your services.
Services can be accessed If notified under eIDAS,
remotely, reducing waiting you will be able to reuse
time, commuting, delivery your eID across borders
Cost saving delays, printing of documents. to access public services
If you reuse a national eID or
use an identity providers, you
can save significant cost in
identity management Gain access to
activities. Efficiency gains also
create savings.
new markets
across Europe !
eIDAS study on pilots for replication of multipliers 30
Check list
How to get started?

Assess what you want to achieve with the eID

• Option 1 – Access public services
• Option 2 – Access private services
• Option 3 – Integration

Compare the solutions available in your country and select

one that allows you to fulfill your objective(s)
• Notified eIDAS eIDs: https://ec.europa.eu/cefdigital/wiki/x/iw3oAg

eIDAS study on pilots for replication of multipliers 31

Q&A and conclusions
Jon Shamah (Chair, European Association for
e-Identity and Security - EEMA)

eIDAS study on pilots for replication of multipliers 32

Q&A and conclusions

• Questions Chatbox

• Oral questions

• Conclusions

• Next webinar in series

eIDAS study on pilots for replication of multipliers 33

• Next webinar
September 27, 13.00h CET
on “How trust services can benefit business”

• More information
https://ec.europa.eu/digital-single-market/en/discover-eidas
Thank you for attending
 A study funded by the European Commission

September 13, 2018