e-IDAS regulation should be considered as important facilitator for strong customer authentication. Moreover it gives a common ground to assess very different existing/future authentication credentials and models according to specific criteria (identity proofing of person during registration and issuance of authentication means, security level of issuing organization and etc), make them interoperable. High level assurance criteria are ensuring security, integrity and confidentiality of identification in electronic environment. As assurance level criteria are not referring or tied directly to any specific technology, it should be not hinder the innovation and future technologies.
Nevertheless, in many countries public sector solutions for authentication (PKI based authentication certificates on smart card chip, mobile SIM-card related solutions, etc) and electronic identification infrastructure are shared - used for authenticate into bank services (for example Estonia with national ID-card and mobile-ID), and vice versa (for example Sweden) bank solutions used for public services. Different bank standards for authentication would create the need for lateral and separate infrastructures from existing ones. From Estonian perspective, it would raise the costs for users, bank service providers and also authentication solution providers (which is also qualified trust service provider under e-IDAS regarding e-signature certificates) unreasonably high and would knock down existing social infrastructure and working co-operation between state and banking sector.
Regarding various existing authentication solutions, underlying infrastructures and online bank services on the European market would be wrong to talk in the context of specific authentication solution (behavioral characteristics etc), rather the discussion should be concentrated on the framework that would ensure necessary assurance level, trust and interoperability. eIDAS provides such a framework already, no need to re-invent it. If you feel that it should be complemented from payment service providers perspective, better to adjust eIDAS framework than create the parallel universe of authentication standards.
Yes, qualified trust services can be used in different ways to address the risks in electronic payment services. Qualified e-signature services could be used to confirming payments by customers digitally signing the payment, digitally sign agreements (for new bank services digitally), web-certificates in order to verify the authenticity of webpage and its owner/electronic payment partner, etc. According to Estonian experience it is possible to implement and use e-signature and other trust services in mobile devices as smart phones, tablets etc.
AS Sertifitseerimiskeskus
[Other"]"
Trust service provider
[Other "]"
AS Sertifitseerimiskeskus provides certificates for Estonian national ID-cards, mobile-ID-s and other digital documents and provides other trust services necessary for electronic transactions (different certification services, time-stamping service, etc).