Application and verification of identity
When a bank customer applies for a BankID from their bank, the bank must perform, or have previously carried out, an adequate identity check, in accordance with the rules for financial institutions and the BankID regulations. If the bank has already carried out an adequate identity check before applying for BankID and then given the customer another identification tool such as a code box, then this identification tool can be used to identify the bank customer via a distance procedure in the internet bank provided that the issuing bank otherwise has good customer knowledge of the user.
Issuance of BankID
The bank gives the user instructions on how to install the BankID program in the computer, mobile phone or tablet. The Bank is then responsible for ensuring that the information contained in BankID is consistent with the personal data of the applicant, and that BankID is supplied to the correct person. When the user receives their Bank ID, in most cases, they are able to select their own password. For BankID on file and Mobile BankID, the password must be at least six characters/digits, while for BankID on cards it must be at least four digits. A password/security code must not be too simple or easy to guess. A check is carried out to ensure the selected code is not too simple and you may not be allowed to use the specific code.
Control of BankID
A BankID holder can obtain information about all their BankIDs through their bank. This is easiest to do via the internet bank. In most internet banks, the holder can see all BankIDs, i.e. also BankIDs issued from other banks. It is an important requirement for issuing banks to enable holders to easily check which BankID is issued to them. Thus, a holder may have several different BankIDs and also BankID from different banks.
Checking transactions performed
A holder can see for themselves which BankID transactions have been carried out on their Swedish Personal Identity Number. This is done in the BankID program under Settings > My BankID > My BankID history. After an identification, you can then see all the identifications or signatures that you have carried out from all your BankIDs and not just from the unit in question. For each transaction, you can also see more detailed technical information such as IP addresses, location info and which BankID is used. It is possible to search for transactions that are up to four years old.
The bank offers BankID holders the opportunity to block their BankID. The easiest way to do this is via the internet bank, but if this is not possible, the holder can contact their bank in other ways. If a BankID holder suspects that someone else has come across your BankID or become aware of its password, it is important to block the current BankID. BankID that is no longer used or that you do not recognize that you have should also be blocked. If you enter an incorrect password more than five times in a row, the current BankID will automatically be blocked. Some BankID cards may have fewer attempts. Some BankID cards may also have an unlock code. The respective issuing bank may disclose this. Once a BankID has been blocked, the block cannot be removed. If a BankID has been blocked, you need to get a new BankID in order to continue using e-services that use BankID.
Similar to physical IDs, a BankID has a certain lifespan. Once a BankID has expired, it is no longer usable and the holder must obtain a new BankID. The issuing bank determines the lifespan of a BankID within certain BankID common limits. A BankID may be valid for a maximum of 5 years, but it is the issuing bank that determines the validity of each issue. In the BankID app/program you can see how long a BankID is valid.