I got my account in the bank I’m currently using about ten years ago. It was, for the time being, a nice bank. Friendly people, usable internet banking solution and so on. I was a happy customer.
Recently, they have introduced this concept of “BankID”, where they want to use the debit card from the bank for authentication (using a smart card rather than just the magnetic stripe, so it’s not a terrible solution, security-wise). They also want to require using the chip and a reader and some other solution, which I suspect includes some java crap for authentication.
The current solution is based around the account number (which is not a secret), a secret PIN number and a single-use plastic card with one-time codes printed on it. The solution is low-tech and works, and I don’t see the need to switch away from that and have absolutely no interest in switching away, but the bank wants to pressure me.
Also, the “agreement” contains such information as (my translation):
PersonabankID contains the following information about the Customer:
[…]
- Information about the Customer’s name and birth date.
[…]
When using PersonBankID, this information will be part of the message flow and may be made available for the recipient, hereunder sales end points.
I have absolutely no interest in letting random places I buy stuff from get to my birth date or other similar information.
Now I just need to find a new bank which doesn’t force me to switch to new-fangled and stupid solutions without asking me first.