How we implemented BankID at ČSPS

As of June, the bank identity system can also be used in the private sector. One of the companies that has already started using BankID is Česká spořitelna – penzijní společnost, a.s., where BankID has been implemented by Profinit. Read the interview with ČSPS’s IT Director Daniel Šarman and Profinit’s Lukáš Mejdrech to find out how we did it.How we implemented BankID at ČSPS

Dan, what is the purpose of the new portal, and how will it benefit customers?

It is a new option for arranging or transferring supplementary ČSPS pension savings, all online, without scanning and uploading two identity documents and an account statement. Also, customers do not have to fill in as much personal data since some data are automatically transferred upon logging in via BankID. As a result, the whole process is much quicker and easier. The customer accepts the prepared contract proposal by making the first payment, and the contract is thereby signed. However, it will soon be possible to sign documents directly via BankID. This will make contract negotiation even easier for customers because they will sign the new contract right at the end of the process.

Before, only ČS clients could do everything online. Now, clients of other banks can do the same, but most importantly, the abovementioned signature will be added.

I am delighted that we are the first pension company to offer this option and that we are also among the first service providers connected to BankID.

Lukáš, how is identification done using BankID?

At the touch of a button, customers are first made aware of what awaits them. They are then redirected to BankID to log in through their bank and confirm the transfer of their personal data back to the ČSPS portal. Finally, they are redirected back to the portal, and all the transferred data appears in the form.

How difficult was it to connect to the service?

Given the experience gained from connecting to the existing KYC service and our contacts at ČS, who have been involved with BankID from the beginning and promoted its design and use to other banks and even the state, we had a clear idea from the beginning of where and how ČSPS would best utilize this opportunity. The BankID data and documentation were refined in the pilot and subsequent sandbox and production runs, and apart from a few ambiguities in the parameters, everything went quite smoothly. The biggest pitfalls were the data and the small variety of test users with regard to clients of various banks in production, but we were able to deal with that as well.

Dan, how do you feel about working with Profinit?

The primary service that Profinit provides for us is application and data warehouse development according to our requirements. However, I very much appreciate the way we think together and simplify the whole process of arranging supplementary pension savings to make it as easy as possible for our clients. In this respect, Profinit is more like a partner who comes up with innovations in the IT domain and with solutions that we otherwise would not have known about.

In my portfolio, I am responsible for several applications and work with multiple vendors. My colleagues from Profinit understand their primary domain, and thanks to their broad scope, they also help us with other situations we encounter. Whether it’s upgrading a data warehouse environment, migrating to the latest front-end technology, or registering and configuring connections to third-party systems such as KYC and BankID.

Lukáš, how secure is BankID?

Login security depends on the capabilities of each bank. With BankID, we require two-factor login—maximum safety and security—just like when logging in to online banking. Our communication with BankID through the browser exchanges only a few identifiers and codes; the actual information flows through a highly secure backchannel. As a service provider, we ultimately only know the authenticated data that are transferred.

What technologies did you use for the project?

This section only deals with browser-level redirection, REST interface calls, and OAuth protocol. BankID has a developer portal where the application can be set up and connected like in self-service.

Dan, who can get BankID?

Anyone who has a verified digital identity from a participating bank can get BankID. For AML purposes, they also need to pass a well-defined verification process, usually a visit to a branch, where their identity is also physically verified. However, they do not have to have, want, or receive any product, only a digital identity. So, most people in the Czech Republic can use BankID right away because they use at least one online banking service.

Gentlemen, thank you very much for the interview.