Estonia’s Government Information System Authority will implement SK ID Solutions’ Smart-ID+, a new advanced authentication solution that significantly enhances security and user experience while helping prevent fraud, social engineering, and other deception schemes.

Smart-ID+ adds an extra security layer to authentication and digital signing in e-services. Once enabled, it eliminates the risk that entering a PIN code alone is sufficient to complete a transaction. Users must actively initiate and confirm each action directly in their Smart-ID application — a crucial defense against attackers attempting to manipulate users via phone calls or text messages. The new Smart-ID+ offers two straightforward login methods: scanning an e-service’s QR code with Smart-ID app on user’s phone, or using app-to-app communication.

Smart-ID+ is rolled out gradually and operates only in government e-services where it has been activated.

“RIA’s role is to ensure that state authentication services adapt to our evolving threat landscape,” said Anna Õuekallas, Head of Electronic Identity Department at Information System Authority (RIA). “While Smart-ID has always been secure, the digital threat environment is constantly changing. Smart-ID+ is one of our key steps in preventing increasingly sophisticated fraud schemes, adding an essential security layer. It significantly reduces risks from social engineering and phone fraud while maintaining the familiar, user-friendly experience our citizens expect.”

Smart-ID+ is a new functionality developed by SK ID Solutions, active only in e-services where the provider has implemented it. For users, it requires an updated Smart-ID app on their phone: if automatic updates are enabled, no additional action is needed. The login experience changes: with Smart-ID+, people can access e-services without manually entering their personal ID codes. On a computer, a dynamic QR code appears on screen. On mobile, the Smart-ID app opens automatically, and users confirm the action with their PIN1.

Because fraudsters continuously adapt their methods, the Smart-ID app can only scan Smart-ID login QR codes, and only when you actively initiate the login process. This prevents remote triggering of authentication scans.

In e-services that do not yet support Smart-ID+, people can continue using Smart-ID the traditional way by entering your personal ID codes and comparing confirmation codes. People’s digital identities remain protected when they keep their login information private and never enter PIN codes at someone else’s instruction.

Learn more: https://www.smart-id.com/help/faq/smart-id-new-features/

Previous