Close countries panel

Select country

For solutions in a specific country please visit our local website

Nets is a part of the Nexi Group - The European PayTech. Visit our Group website at

Careers
Operating Status
Menu​​
Go to Search Operational Status
SolutionsSupportInsight & InnovationNews & mediaAbout Nets
Choose country
Close panel​
Close panel​
Close panel​
Close panel​
Close panel​

Levels of security

​The solution supports levels of security, also called levels of assurance (LoA) on three security levels; Low, Substantial and High.

Due to the differentiated security levels Nets’ eID solution supports the eIDAS regulations for Governments and private enterprises in Europe.

Nets’ eID scheme is flexible, modular and scalable

Our solution is based on long term, in-depth understanding of planning, developing, building and running national secure and stable eID schemes.

We seek to protect the end-user’s privacy by honouring the principles of minimal information disclosure and GDPR requirements.

The solution has a high level of modularity and flexibility, based on architecture that makes it easy for you to implement user-friendly and secure authentication flows.

It is simple to extend the solution with more functionality in the future, including more partial component to suit specific needs.

​Full flexibility and high level of security

Level of Assurance (LoA) refers to the degree of Assurance for which the identity has been verified.

A central part of Nets’ eID offering is the authentication system. From an end-user perspective, the authentication is performed using one or more authenticators such as password, authentication app or a one-time password (OTP) token.

This provides a flexible way of designing different authentication flows, while still maintaining the necessary security level in accordance to the risk associated with the specific transaction.

The Authenticator Assurance Level (AAL) is accumulated by three parameters being;

  • Authenticator strength when assigning AAL to Authenticators
  • Strength of enrolment process being processes for suspension, revocation and re-activation
  • The strength of the Authentication process

 

When an authentication process takes place using an authenticator, the core recalculates the latest achieved level of assurance for the future session taking the following into account:

  • The combination of Authenticators that has been applied
  • The Identification Assurance Level (IAL) of the end-user
  • The security level of the solution

 

Every eID is associated with an IAL, initially assigned as part of the registration process and later only changeable through additional registration processes.

Nets’ eID offering provides a high level of flexibility and modularity in terms of how the Authenticators can be used and in how the core can be extended to support new authenticators.

Authenticators can be freely combined, it is possible to decide the exact order of authenticators, and how the core should calculate the resulting LoA. Hereby you get full flexibility to control the authentication flow and user experience, while the core is the guarantor of the security level of the authentication.

Nets has a flexible and modular architecture, which means that authenticators can be smoothly and easily added or removed, and you get a solution that is both secure and future oriented.

​Do you need to be compliant to the European regulations PSD2 or eIDAS?

Revised Payment Service Directive 2

Banks in Europe must be PSD2 compliant. The key objectives of the PSD2 directive is to create a more integrated European payments market, harmonizing legal framework for consumer protection and the rights by making payments more safe and secure.

The regulation called PSD2 RTS COMMISSION DELEGRATED REGULATION (EU) 2018/389 of 27 November 2017 which is supplementing Directive (EU) 2015/2366 of the European Parliament and of the Council with regards to regulatory technical standards for Strong Customer Authentication and common and secure open standards of communication.

PSD2 seeks to improve consumer protection, make payments safer and more secure, and is a regulatory of technical standards for strong customer authentication and common and secure open standards of communication, including all electronic transactions (i.e., card and bank transfers) initiated by a payer (i.e., consumer).

Nets' eID solution is developed with two separate authentication flows. For the solution to be PSD2 compliant you may not disclose, which of the user credentials is not correct. This security measure challenges the user experience and can be switched off when the authentication flow does not have to be PSD2 compliant.

Electronic identification and trust services

Governments in Europe using services to verify the identity of individuals and businesses online or the authenticity of electronic documents must be eIDAS compliant.

Services should support different levels of assurance, and users identified with two-factor authentication.

The regulation is meant to support the use of authentication and signatures across European borders, and national eIDs can be used to log in to a service in other countries. The national eID can be registered in the common pool of national eID, so it is accepted on an equal footing with the rest of the EU.

Accepting common levels of security creates trust across countries, and if an authentication nationally is at the level "high", then the rest of the countries in EU can trust it.

Privacy notice/ Cookie policy