Skip to main content
Authentication

Stop high-risk eID transactions before they become fraud

Spot suspicious eID transactions in real-time with Signicat's Authentication Risk Indicator

The Risk Indicator for eIDs gives you a risk rating of "low", "medium" or "high" for eID authentications in real-time so you can interrupt suspicious transactions and prevent fraud before damage is caused.

Currently supported for 
  • Mit ID

    Denmark

  • SE logo bank id

    Sweden

Benefits

  • Safer eID transactions

    Protect against payment fraud and account takeovers

  • Built into the eID flow

    Frictionless for legitimate users

  • No extra integrations

    Available as a convenient add-on to eIDs

Why eID based authentication needs risk indicators

Digital identity fraud is accelerating. Across industries, 1 in 5 transactions and customer onboardings are estimated to be fraudulent, and fraud already impacts around 22 percent of annual revenue.

As more services rely on national eIDs for secure login and signing, these schemes have become targets for fraudsters. More than 30% of fraud attempts in the Nordics now target eIDs.

You need more than a successful eID transaction. You need to know how risky that transaction is.

The Authentication Risk Indicator

Signicat’s Authentication Risk Indicator is an add-on for eID based authentication through Signicat’s eID & Wallet Hub. It processes advanced risk data provided by supported eID schemes and returns an easy to consume risk category for each transaction: "Low" "Medium" or "High". 

Under the hood, a combination of risk signals is processed, such as change in IP address, location, abnormal device or browser usage or multiple failed authentication attempts.

How it works

You keep your existing Signicat flows. Authentication Risk Indicator adds risk intelligence to the response.

  • The user logs in or authenticates using Swedish BankID or MitID supported through Signicat’s eID Hub, using your existing flows.

  • The eID scheme runs its own security checks and risk controls, for example around IP address or geolocation changes, device reputation, and repeated failed attempts.

  • Signicat’s Authentication Risk Indicator processes the risk data from the eIDs along with risk parameter weights, then returns a Low, Medium or High risk result in the authentication response. For Swedish BankID, Signicat passes on the risk rating already calculated by BankID. 

  • Use the risk category inside your own decision engine or business rules. For example:

    • Low – allow the transaction
    • Medium – allow with soft step up control
    • High – block, or require strong step up such as extra verification

Real-time. Actionable. Frictionless.

  • Real-time risk rating

    Receive risk assessment while the transaction is happening, as part of the authentication response.

  • Turn raw data into actionable decisions

    Risk Indicator interprets risk signals and provides you an actionable risk rating, which makes it easier to use them consistently across channels and services.

  • Block or step-up only when needed

    Use the risk level to stop clearly suspicious transactions, or route users into additional verification steps. This ensures a smooth journey for legitimate users while stopping fraudsters. 

  • Works across multiple use cases

    Apply risk assessment to all eID transactions, or focus only on high risk scenarios such as authenticating payments.

Frequently Asked Questions

  • Local data privacy laws prevent a user's raw data like IP address or location from being passed on to service providers.

  • With MitID, you can adjust the weights of the risk parameters used in the calculation to tailor it to your risk preferences. With Swedish BankID, you cannot. What is passed on to service providers is the risk rating already calculated by Swedish BankID. 

  • No. If you use one of Signicat's eIDs, you already have an integration to the eID Hub. All you need to do is request Signicat for the add-on. Developers will need to : 

    1. Update your configuration to request the risk attribute or scope in the Signicat Authentication REST API or OpenID Connect flows.
    2. Handle the Low, Medium or High risk category returned in the response.
    3. Map the result to your own decision logic and customer journeys.

  • Other Nordic eIDs like the Norwegian BankID and itsme will follow.

  • Yes, the Authentication Risk Indicator also provides risk intelligence for eID based signatures. 

  • Iso 27001
  • Socforserviceorganizationslogocpas
  • Gdpr cropped 2024 12 17 220011 hhge
  • Qtsp 2024 12 17 215950 wdmd

Signicat's Authentication Risk Indicator is built on top of the native controls of national eID schemes that already meet strict requirements from local regulators and supervisory authorities. All data is processed in Europe in strict compliance with European regulations and best practices.

Security and compliance center