The security-improving reform will enter into force in June.
Electronic identification works like an identity card. Tiina Somerpuro
A significant reform is coming to online transactions, which is intended to clarify to the user in more detail which service he is logging into. The reform also improves the user’s network security in electronic services. The reform will enter into force in June 2023.
The Cybersecurity Center says announcing that in the future, the user will be able to find out the name information of the service in more detail. In practice, this means that when logging in to online services, the name of the service the user is logging into is also indicated by the certificate device.
– For example, so that the user goes to the “Verkkokauppa Verho” online store with their browser. In the different stages of identification, the user should see this same information “You are identifying: Verkkokauppa Verho”, the announcement says.
If the identification information does not match, the user can conclude that he has been lured to the wrong service.
Stronger identification
Another important part of the reform concerns stronger identification, which will be used more widely. This means that the service provides a string that should match the string of the identification device. This method has already been used in some services.
If the identifier given by the service differs from the character string of the identification device, it may be an unauthorized identification request. According to the Cybersecurity Center, the identification event must then be interrupted.
The Cybersecurity Center points out that an electronic identification device works like an identity card, which must be used accurately.
Does not block phishing attempts
Even though the reform improves the security of electronic services, the user should beware of phishing attempts. Despite the reforms, cybercriminals still try to fish for personal information.
Strong electronic identification should not be done in a hurry, and messages received during the identification event should be read carefully.
The Cyber Security Center also says that you should apply for different services via a bookmark or the address of the service. The threat of phishing is especially caused by search engine links, links received by e-mail or links received by message on the phone.