Europe's news in English

COPY LINK

DIGITAL ID

Denmark’s MitID secured after discovery of security weakness

A flaw that allowed hackers to lock users out of Denmark’s secure digital ID, MitID, has now been fixed, digital authorities say.

Published: 26 October 2022 18:19 CEST

Denmark’s MitID secured after discovery of security weakness

MitID's reputation has been bruised by reports of security weaknesses. Photo: Liselotte Sabroe/Ritzau Scanpix

An update resulted in a weakness that could let hackers block users out of their own MitID accounts if the hacker knew the user’s personal registration or CPR number. The flaw has now been fixed, making the system secure, broadcaster DR reports.

The update, added to the system by Nets, the secure online payment system used in Denmark, resulted in a weakness that could allow hackers to send a log-in request by adding a CPR number to a browser URL, DR writes.

If repeated requests are sent without the user actually logging in, they can be frozen out of their digital ID, meaning they are unable to access public service platforms, online banking and secure payments.

The issue was identified and fixed by IT security staff last week, according to DR.

The Danish Agency for Digitisation (Digitaliseringsstyrelsen) told DR in a written comment that there was “regrettably an unintended implementation with an individual broker”. The issue has now been fixed, it said.

The issue follows an earlier problem with MitID identified by engineering journal Ingeniøren, which reported last month that a coding trick could enable hackers to easily identify the usernames of MitID users.

The Agency for Digitisation told DR users who have lost confidence in the system’s security can “confidently obtain and use MitID”.

The MitID digital ID system is gradually replacing NemID as the online ID used in Denmark for access to public service platforms, online banking and shopping online.

NemID will be turned off for secure platforms like banking and public services on October 31st. After this date, only MitID can be used to log on.

Other platforms, like online shopping, will still accept NemID for now. The old system will be fully decommissioned on June 30th, 2023.

READ ALSO: Concerns over Denmark’s MitID security after media finds vulnerability to ‘simple hack’

Member comments

Log in here to leave a comment.

Become a Member to leave a comment.

Vipps MobilePay: Will cross-border payments be rolled out across the Nordics before the summer?

The landscape of e-payment solutions is growing rapidly in Scandinavia, spurred on by the increased reliance on digital transactions, particularly during the COVID-19 pandemic.

IN NUMBERS: How close is Denmark to becoming cash-free?

Among the players driving this transformation is Vipps MobilePay, the result of the 2022 merger of Norwegian e-payment giant Vipps and Danske Bank’s MobilePay, which has set ambitious goals for delivering a unified platform that can be used throughout the Nordic region.

But will consumers in Norway, Denmark, and Finland see the rollout of Vipps MobilePay before the summer begins?

New apps in Finland and Denmark

Since the merger of Vipps and MobilePay in 2022, the combined company has been working towards creating one app and one technological platform that can serve users across the Nordic countries.

In Finland, a significant milestone was achieved on January 23rd this year when the new MobilePay app was unveiled to 2.6 million Finnish users.

With the Finnish implementation completed, the focus shifted to Denmark, where a new version of the MobilePay app was rolled out to 4.5 million Danish users on March 12th, signalling a significant milestone, and setting the stage for simpler cross-border payments within the Nordic region.

While some hiccups were reported in the Danish media following the move – and in the run-up to it – the migration was broadly seen as a success.

With the March migration, some 11.5 million users in Norway, Finland, and Denmark were united, setting the stage for potential cross-border payments in the near future.

A broader Nordic rollout before the summer?

If all goes according to plan, according to Rune Garborg, CEO of Vipps MobilePay, consumers can expect to use Vipps MobilePay across Norway, Denmark, and Finland before the summer arrives, with Sweden potentially following shortly after that.

This anticipated rollout is part of a series of launches planned for 2024, including cross-border payments and the introduction of tap-to-pay functionality for iPhone and Android.

“This and much more will make us fit for competition with the world’s biggest tech brands that have all moved into the payment sphere,” Garborg said in a March press release.

MobilePay: What is it, and how do I use it?

The MobilePay app provides a straightforward mobile payment solution for consumers in Denmark.

It allows them to carry out transactions directly from their smartphones, converting their devices into digital wallets.

With roots in person-to-person transfers, MobilePay has expanded its reach to include physical stores, online retailers, and mobile applications, solidifying its position within Denmark’s payment landscape.

To use MobilePay, you need to download the app and link it to your bank account or bank card. This setup enables painless fund transfers and payments, including contactless transactions, using NFC technology.

Considering the widespread adoption and popularity of MobilePay in Denmark, you might wonder whether the country is close to becoming cash-free.

However, although app payments are commonplace and almost all businesses accept debit cards, one in five people in the country still say they would find it difficult to be without cash.

To learn more about Vipps in particular and where and how you can use it in Norway, check out The Local’s explainer on the e-payment app.

Url copied to clipboard!