The Social Insurance Institution of Finland Kela ( http://www.kela.fi/in/internet/english.nsf) has a relatively nice e-service web site. You sign in using the services of your local bank i.e. the bank acts as your authenticator.
This of course has some moral issues. Your bank basically knows that you have been using their service for authentication and you don´t really want your bank to know how sick or poor you might happen to be. In the long run this will have to change, but for the present I trust my bank and I am not too concerned. However markets need competition and I am some what concerned that there are no independent authentication services and regulators should be concerned: are the allowing for an authentication monopoly to emerge? Are they allowing that authentication is a business only allowed for local banks?
However, I was more concerned with the fact that I could not access the e-service account of my under 18 son. He would need to go to his bank to get his authentication codes. The same would also apply if he were a baby. I think Kela will need to change this - parents will need to have access to the e-accounts of their children.
I was more concerned with the fact that I could access my son´s information just by making a telephone call. All I needed to give was his social security number and say that I am his dad. Access to social security numbers is relatively easy and hence missuse of the telephone service is very easy and possible. I would predict that Kela will some day have to adopt better authentication on its telephone service and hence it will be the higher level of security (authentication) that will "force" first Kela and then its customers to adopt e-services.
On a second note on e-services: I was arranging my holiday plans and reserving a hotel on the internet. I use the http://www.hotels.com/ service and regard it as rather nice. This time I studied the payment service more closely. I was rather surprised to note the low level of security related to payment with e.g. a Visa card. All you basically need is the card number and then the payment code on tha back side. Every time I hand over my card to somebody e.g. in a restaraunt abroad I give this person access to my codes. This makes e-payments very unsecure and I predict something will need to be done to make e-payments with e.g. Visa cards more secure.
On a third note on e-services. There was a very good article/column in Helsingin Sanomat 8.7 p 20 by Timo Iivarinen from the Bank of Finland on network payment methods. He is saying that the local banks and the local ecosystem are doing nothing to develop new payment methods and hence new methods will come from the outside. He is basically wellcoming competition from abroad. Finland has now been declared - by a memeber of the bank of Finland - an underdeveloped e-payment market! So, welcome all you pioneers of e-payments!
Tilaa:
Lähetä kommentteja (Atom)
Ei kommentteja:
Lähetä kommentti