With the arrival in Belgium of Smart-ID, which wishes to compete with our Belgian Itsme, which you already know well, a question arises: does this type of application secure our personal data? According to Olivier Bogaert, commissioner at the Computer Crime Unit, “Itsme is very secure, everything is encrypted.”
Itsme, this application which replaces your identity card and which you already know well, allows Belgians since 2017, and Dutch and Luxembourgers since 2022, to carry out online operations which require guaranteed identification of the person, such as payments or signing legal documents. But most Belgians old enough to register already know this since 7 million citizens aged 18 to 80 are already registered.
In recent months, Itsme has expanded to several countries: Estonia, Ireland, Italy, France, Portugal, Spain and the United Kingdom. And later this year, the app will also be available in Norway, Sweden, Finland, Denmark and Iceland.
Many authentication apps
The development of Itsme is an initiative of the banking sector (Belfius, BNP Paribas Fortis, ING, KBC) and telecommunications (Orange, Proximus, Telenet) which is part of the “Belgian Mobile ID” consortium. Together, they created an individual digital identity that allows you to connect to your bank, major telephone operators, your insurance but also the government.
But Itsme is not the only application to offer this type of service. The MyID.be identification application, for example, launched in 2022 by a Belgian company, is struggling to make itself known to the general public. And then there is also Smart-ID, an Estonian application, market leader in several Nordic countries, which is arriving in Belgium. This is the fifth European country where Smart-ID is established. In 2023, they recorded around 1 billion transactions, three times more than in Belgium.
Faced with this observation and the proliferation of this type of application, a question arises: are these apps really safe? How do they secure our data? Let’s take the case of our Belgian Itsme, with its slogan: “Itsme, super easy and super secure”. But is this really true? Spoiler for those who don’t have the strength to read: yes. Explanations.
The case of Itsme: a certified system
For Olivier Bogaert, commissioner at the Computer Crime Unit, there is no doubt: “Itsme is secure, everything is encrypted so the data is not accessible”. Indeed, Itsme is a certified system. So, the app is officially recognized by the EU as a means of identifying a “high” guarantee level. It meets the requirements of eIDAS, the European regulation on electronic identification and trust services for electronic transactions, and is also ISO/IEC 27001:2013 certified for information security management.
Itsme also complies with the directives of the European Banking Authority (EBA) and the NIS Directive, the EU’s first legislation on cybersecurity. Which is rather reassuring.
What data does Itsme collect?
On its site, Itsme specifies the personal data it collects. They can be divided into 3 categories:
- Identity data: this consists of all data allowing you to be identified, therefore the data from your identity card, your telephone number and your email address;
- Security data: this concerns technical data linked to your smartphone and your Itsme app installed on it;
- Action data: This is all the actions you have performed with Itsme. This data allows you and the partner to keep track of what you have agreed (time, date, data and purpose).
How is our data secure?
To secure our personal data, which may be sensitive, Itsme seems to have taken all precautions. At the user level: their digital identity can only be used with their smartphone, the Itsme application installed on it, and their five-digit personal code. This is the multi-factor authentication method.
In terms of data storage, it’s the same. On its website, the company states: “We store your data encrypted in one of the most secure data centers in the European Union.” The data is actually encrypted with different keys depending on its origin, before being stored in the servers of Belgian Mobile ID (the consortium which financed the development of the app), in Belgium.
In its privacy policy document, Itsme ensures that no personal information is communicated outside the European Economic Area.
And with Itsme partners?
Each Itsme partner company (bank, insurance, telephone operator, etc.) has a single connection and uses asymmetric key cryptography for maximum protection: one key to encrypt the data and another to decrypt it. Data encryption ensures that the information is not readable to anyone except the designated partner.
Finally, Itsme specifies on its site: “The information is confidential. We will never share, publish, or use this data for advertising, promotional, or commercial purposes.”
You can also keep an eye on what data you’ve shared, and check with whom via your action history. To do this, it’s very simple: go to your Itsme app, click on “my history”, and there, everything is visible.
Fraudulent text messages and emails usurp Itsme
As you know, there are regular cases of phishing in which fraudsters pretend to be officially trusted establishments such as Proximus or the FPS Finances for example. And since 2022, Itsme has been affected by this phenomenon. “You have to be very careful”warns Olivier Bogaert.
He therefore advises to always check the URL carefully. For Itsme actions, the URL is only the following: www.itsme.be/fr. Next, you should never disclose personal information until you are sure that it is really Itsme. “You must always check, if you have any doubts, it is better to contact the structure”, believes the commissioner of the Computer Crime Unit. Because by sharing their data on a fraudulent site, the victim allows their scammer to have access to their bank accounts and empty them.
The Itsme company has also widely communicated about these rampant scams so that its customers are no longer fooled. And it is clear: Itsme will never contact you by e-mail, SMS or telephone to ask you to reactivate your account and reintroduce your banking details. So be extremely vigilant, and take your steps via the official app or the official website.
Finally, if you need to reactivate your account, go to the Itsme app or website, never follow a link in an email or SMS. Never give out your banking details over the phone or via a link in an email message.
Author Bio
A connoisseur of the digital marketplace and a master of the written word, this 30-year-old English expert brings to the table a wealth of knowledge rooted in the sale of digital products and a passion for blogging that resonates with an audience seeking expertise and insight in the online realm.
Their insights are drawn from hands-on experience navigating the intricacies of e-commerce and content creation—leading the forefront of digital innovation and communication. Whether it’s breaking down complex marketing strategies or sharing tips on how to captivate an online audience, their work stands as a testament to a career built upon successful digital engagement and savvy business acumen.
Stay tuned to absorb compelling content from a voice that not only understands the digital landscape but also shapes its future through every blog post and digital strategy.
