Finnish Bank ID

​​Finnish Bank ID is an eID offered by a number of Finnish banks and banking groups.

​Enable Bank ID in your se​rvices

The Finnish Bank ID consists of​​​ a set of Finnish banks. These are:

  • ​Osu​uspankki
  • Nordea
  • Danske Bank
  • Handelsbanken
  • Ålandsbanken
  • S-Pankki
  • Aktia
  • POP Pankki
  • Säästöpankki
  • Oma Säästöpankki​

Signing with Bank ID

​Bank ID is mainly an authentication service. To enable signing, Nets is utilizing the ​Advanced elec​tronic signature​ functionality in E-Signing.​​​ 

The user Bank ID short-term certifica​​te

The short-term signing certificate used for Bank ID will have these values:

  • CN = Name
  • UID = Session token
  • SerialNumber = SSN
  • OU = User authenticated by Finnish bank: <Bank // fixed value from authentication>
  • O = Nets Branch Norway - 996 345 734
  • C = NO

SDO seal and customer signature​​​​ 

To seal signed documents (SDOs) and to enable merchant signing, all customers using Bank ID must order a merchant certificate from Nets. This certificate will be issued from a Nets internal utility CA. The ordering of this certificate will be done in dialogue with support. 

To use the merchant signing feature with this certificate for some or all of your documents, add the below to your sign order:​​​​

<Signer>
  <MerchantSigner>
    <LocalSignerReference>Sample123</LocalSignerReference>
    <SigningPKIType>EuridaConnect</SigningPKIType>
  </MerchantSigner>
</Signer>

​​Handling of SSN

The SSN will be incorporated as the subject serial number in the signing certificate and included as a part of the SDO if this has been a part of the authentication response. This may however differ from bank to bank. It also requires that the customer are allowed to get SSN in return.

How to find the SSN?

GetSignature

The SSN of a signer can be fetched from E-Signing using the GetSignature call​. This requires that the SignerID was set in the sign order. The SSN is returned in the SignerID / IDValue element of the response. 

GetSDODetails

Use the GetSDODetails function to inspect the content of the SDO and return the SSN. For Bank ID this can be found in the UniqueId element in ​​SDOSignature / SignerCertificateInfo. See the SDOSignatures element.​ 

​User experience

​Signing dialogue​​

Step 1:

BankIDFI-step1.PNG

​Step 2:

Tupas step 2.png

​Direct the user directly to a bank - skip step 2​​

​The "Step 2" page where the user select the bank to sign with can be skipped if you already know which bank the user will sign with. This can be done by appending the forcebank parameter to the sign URL. Read more about the different sign URL parameters. ​​

​Document types and sizes 

The following document formats are supported using BankID:

  • ​​​PDF​
  • Tex​t

​The size limit of a document is set to 3MB base64 encoded document or approximately 2,2 MB non-encoded.​​