Posti is the leading mail and logistics service company in Finland. Mail services, package delivery, and cargo logistics are at the core of its business. Posti delivers over 44 million customer packages yearly, and over 1.4 million consumers currently use Posti’s digital services. The private content of their services requires Posti to use strong authentication to identify their customers. Existing options for strong digital authentication include Finnish Bank Authentication, Mobile ID, and the Finnish ID card with a digital chip.
Obstacles in the path of digitalization
Today’s authentication methods are not sufficient to provide support for possibilities that digitalization could bring. For instance, when someone needs to retrieve a package from the post office on behalf of a recipient, they still need a signed piece of paper from the recipient. Currently, there is no reasonable way to do this electronically for three reasons. Firstly, the user experience of the current authentication methods is not consistent and easily adaptable to Post's own services. Secondly, the presently used authentication methods do not support electronic authentication at a physical service point. The third reason is that we do not have a centralized company-specific authorization service in our society where the authorization can be transferred between individuals within certain limits.
“Currently, Posti cannot identify persons online or in the physical service points with sufficient effectiveness or cost-efficiency. Different players in the logistics environment need a commonly used digital authentication solution that could connect an individual to all services, rights, and personal data of the person,” says Raine Westerholm, Head of Payment Services at Posti.
Posti conducted a pilot in the Sandbox of Trust project, where SisuID was used to solve these authentication issues. The pilot also focused on solving the traditionally costly and complicated process of registering and delivering a strong authentication method in the following matters:
Authentication in the physical customer channel
SisuID holds the necessary information about the user’s verified identity. Therefore, users could use the SisuID authentication app to verify their age when retrieving a package from Posti’s self-service parcel locker.
Posti as an identity registration point
Within the pilot, a concept was created where Posti would serve as a digital identity and authentication method registration point. For example, Posti could provide a specific authentication kiosk, where users could take a selfie and use an electronic reader to verify authenticity of their passport or ID-card. After that, the person could be registered with a digital identity and the person could activate a SisuID mobile authentication application there on the spot as a self-service. Optionally, users could go to a post office to show their passport to a clerk, who would use a passport reader to verify the authenticity of the passport and enroll the users in SisuID.
Accessing Posti’s services with SisuID
The simple use case of logging into online services was also tested, where the user could use the SisuID mobile app to authenticate access to Posti’s services instead of using a password. When logging in the first time, the SisuID was linked to the user’s Posti account. The user’s identity could now be connected to the same SisuID and to other service providers’ user accounts with the user's consent.
For example: When a strongly authenticated user fills in a notice of move to Posti, the person could invite tenders and sign a home insurance contract without a separate authentication to access the insurance company’s service. Or the person can give a consent to Posti to supply the provided information, for example to the home insurance providers. When the user then activates SisuID to login to an insurance company’s services, the insurance company could retrieve the user’s contact information and home address from Posti’s service using the SisuID identifier.
Invoice approval in the Oma Posti app
Posti has its own Oma Posti mobile application, where the users can, for example, pay invoices. For invoice approval, the user needs to use strong authentication, which should be really easy to ensure a fluid payment process. With the new PSD2 (Payment Services Directive), the Oma Posti app could use SisuID as a strong authentication mechanism to approve transactions. Posti could then transfer the payment directly from the user’s bank account.
The next steps towards convenient identification
If SisuID receives the necessary funding to start production, Posti will join the to-be established SisuID cooperative. Posti will also provide support for the adoption of SisuID with user registrations from their own clientele. This helps to ensure that the maximum number of Finnish and international users will have SisuID in their pockets already in 2020. Posti sees that with a new cost-efficient and user-friendly authentication mechanism, their digitalization goals will be much easier to pursue.
What is SisuID?
The Sandbox of Trust is a Finland-based digital identity initiative, led by cybersecurity company Nixu, Suomen Tilaajavastuu, Digital Living International, the Technology Industry of Finland, and funded by the pilot members together with Sitra. It provides normal and strong authentication for service providers in the public and private sectors at low-cost. For users, it is free of charge. All the code generated by the community will be published as open source code to produce a national identification solution. The findings of SisuID pilots help to advance the digitalization of the identification and knowledge of public and private sector users.
See also: https://sisuid.com/