Privacy and Security for the ID card in the BankID app
Your personal information is secure against misuse and sharing when you use the ID card.
With the ID card in the BankID app, you don't need to carry your passport when you need to verify your identity. You share less data than when showing your passport or driver's license, and you have a history of which data has been shared when and with whom.
What data is stored?
The data the ID card is based on is retrieved from your passport or national ID card when you scan it with the BankID app. The retrieved data includes document image, national identification number, expiration date, nationality, document number, document type, first name, and last name.
Your personal information is stored securely at BankID. The data is encrypted, and you, as the user, hold the key to access the personal information. BankID cannot access your passport data except for the expiration date and national identification number. The expiration date is included because the ID card in the BankID app expires simultaneously with the passport or ID card you used for activation. We use the national identification number to link your ID card with your BankID. No one else has access to this information.
What personal information do stores have access to?
The information each store or business can access by scanning the ID card is regulated in agreements between BankID BankAxept AS and each store/merchant. The main principle for data sharing is that we only share the information necessary in each case, and not more.
None of your personal information is shared without scanning the ID card or giving explicit consent. You can see which information has been shared, when, and with whom in the history.
Stores do not keep data from the ID card
When you use the ID card in a store, the store does not keep your personal data. The data is only displayed during the verification process and is not used for anything else. This is contractually agreed upon between BankID BankAxept AS, which provides the service, and the businesses that use it.
Protection against misuse
The ID card has several built-in security mechanisms to prevent misuse.
You must have an active screen lock on your phone that must be opened before you can see your ID card. This prevents someone from accessing your ID card if your phone is stolen, for example.
The QR code is time-sensitive and can only be used once before you must generate a new one. If someone gets hold of a picture of your ID card, the QR code will be unusable after a short time.
You have access to view the history of where you have shown your ID card. It is an extra security measure where you have an overview of where it has been used, which data has been shared, and the date.
Deletion
You can delete the ID card and its associated data at any time via the app. Your ID card will also be deleted if you have not used it for a year or when the passport or national ID card you used for activation expires.