Posti, the leading mail and logistics service company in Finland participated in a pilot that aims at increasing the use of digital identities. A new user-friendly and cost-effective identification method would make Posti's digitalization goals more accessible.
Mail services, package delivery, and cargo logistics are at the core of Posti’s business. The company delivers over 44 million customer packages yearly, and over 1.4 million consumers currently use Posti’s digital services. The private content of their services requires Posti to use strong authentication to identify their customers. Existing options for strong digital authentication include Finnish Bank Authentication, Mobile ID, and the Finnish ID card with a digital chip.
Current authentication methods do not support the digitalization opportunities
For instance, when someone needs to retrieve a package from the post office on behalf of a recipient, they still need a signed piece of paper from the recipient. Currently, there is no reasonable way to do this electronically for three reasons. Firstly, the user experience of the current authentication methods is not consistent and easily adaptable to Posti's own services. Secondly, the presently used authentication methods do not support electronic authentication at a physical service point, and the third reason is that we do not have a centralized company-specific authorization service in our society where the authorization can be transferred between individuals within certain limits.
“Currently, Posti cannot identify persons online or in the physical service points with sufficient effectiveness or cost-efficiency. Different players in the logistics environment need a commonly used digital authentication solution that could connect an individual to all services, rights, and personal data of the person,” says Raine Westerholm, Head of Payment Services, Digital Commerce at Posti.
Posti conducted a pilot in the Sandbox of Trust project, where SisuID was used to solve these authentication issues. The pilot also focused on solving the traditionally costly and complicated process of registering and delivering a strong authentication method in the following matters:
Authentication in the physical customer channel
SisuID holds the necessary information about the user’s verified identity. Therefore, users could use the SisuID authentication app to verify their age when retrieving a package from Posti’s self-service parcel locker.
Posti as an identity registration point
Within the pilot, a concept was created where Posti would serve as a digital identity and authentication method registration point. For example, Posti could provide a specific authentication kiosk, where users could take a selfie and use an electronic reader to verify authenticity of their passport or ID-card. After that, the person could be registered with a digital identity and the person could activate a SisuID mobile authentication application there on the spot as a self-service. Optionally, users could go to a post office to show their passport to a clerk, who would use a passport reader to verify the authenticity of the passport and enroll the users in SisuID.
Accessing Posti’s services with SisuID
The simple use case of logging into online services was also tested, where the user could use the SisuID mobile app to authenticate access to Posti’s services instead of using a password. When logging in the first time, the SisuID was linked to the user’s Posti account. The user’s identity could now be connected to the same SisuID and to other service providers’ user accounts with the user's consent.
For example: When a strongly authenticated user fills in a notice of move to Posti, the person could invite tenders and sign a home insurance contract without a separate authentication to access the insurance company’s service. Or the person can give a consent to Posti to supply the provided information, for example to the home insurance providers. When the user then activates SisuID to login to an insurance company’s services, the insurance company could retrieve the user’s contact information and home address from Posti’s service using the SisuID identifier.
Invoice approval in the OmaPosti app
Posti has its own OmaPosti mobile application, where the users can, for example, pay invoices. For invoice approval, the user needs to use strong authentication, which should be easy to ensure a fluid payment process. With the new PSD2 (Payment Services Directive), the Oma Posti app could use SisuID as a strong authentication mechanism to approve transactions. Posti could then transfer the payment directly from the user’s bank account.
Towards convenient identification
If SisuID receives the necessary funding to start production, Posti will join the to-be established SisuID cooperative. Posti will also provide support for the adoption of SisuID with user registrations from their own clientele. This helps to ensure that the maximum number of Finnish citizens and foreigners will have SisuID in their pockets already in 2020. Posti sees that with a new cost-efficient and user-friendly authentication mechanism, their digitalization goals will be much easier to pursue.
“The Sandbox of Trust initiative is rapidly developing SisuID through pilot projects. We have major public and private players involved in testing their requirements for the new authentication application. SisuID is expected to be rolled out to production in early 2020,” says Joonatan Henriksson, Head of Digital Business at Nixu Corporation.
Picture: Joonatan Henriksson, Head of Digital Business at Nixu Corporation and Leader of SisuID-project.
Joonatan Henriksson, Leader of SisuID-project, Nixu Corporation
SisuID in Brief:
The Sandbox of Trust is a Finland-based digital identity initiative, led by cybersecurity company Nixu, Suomen Tilaajavastuu, Digital Living International, the Technology Industry of Finland, and funded by the pilot members together with Sitra. It provides normal and strong authentication for service providers in the public and private sectors at low-cost. For users, it is free of charge. All the code generated by the community will be published as open source code to produce a national identification solution. The findings of SisuID pilots help to advance the digitalization of the identification and knowledge of public and private sector users.
Nixu in Brief:
Nixu is a cybersecurity services company on a mission to keep the digital society running. Our passion is to help organizations embrace digitalization securely. Partnering with our clients we provide practical solutions for ensuring business continuity, an easy access to digital services and data protection. We aim to provide the best workplace to our team of about 400 cybersecurity professionals with a hands-on attitude. With Nordic roots we serve enterprise clients worldwide. Nixu shares are listed on the Nasdaq Helsinki stock exchange.