The use of the paper code card ends – start using an electronic identification method today!

Yes, for now. Personal customers’ Netbank will be replaced by a new netbank which will no longer accept login with the code card. In future, either the code app or the code calculator will be our customers’ only means of authenticating themselves for the services of the bank and other online service providers, such as My Kanta Pages, and MyTax.

The code cards will no longer be accepted as a means of authentication next year, so the code app and the code calculator will be the only means of authentication in the future. Electronic identification is the safest means of authentication for customers, and it fulfils the requirements of the Payment Services Directive (PSD2).  You will be able to log in to the new netbank, which is a replacement for the current Personal customers’ Netbank, only with the code app or the code calculator.

The current paper code card will no longer meet the regulatory requirements that enter into force in September and this is why Nordea will stop offering the code card in its other services as well. Thus the code card can no longer be used for authentication in other service providers’ services after the renewal of the e-identification service.

Yes. Using the code card for logging in to third service providers’ services is called “e-identification” and this service will also be renewed. The various service providers will migrate to the new authentication service during August–September.

The most significant change will take place on 27 September when the suomi.fi service adopts the new service. As of this date, the code card will no longer be accepted as a means of authentication in any public services, such as MyTax, My Kanta Pages, Kela and city services.

E-identification refers to a service where you use your online banking codes to log in to another service provider’s services, such as My Kanta Pages (kanta.fi) or MyTax (vero.fi).

Yes. The new regulation concerns all banks.

Transmission service companies act as intermediaries between the public services and the companies offering authentication services (such as banks). The purpose of transmission services is to enable the use of authentication services in various online services. If you are told that your data is going to a transmission service, this means that the bank will transmit your data to a transmission service company, which will then forward the data to the service you are logging in to. This is entirely secure and corresponds to a means of authentication required for strong authentication.

Nordea has replaced code cards with the code app and the code calculator which are secure, easy to use and suit every customer as such. These modern authentication methods have been developed and tested in collaboration with our customers and they have proven to be easy and to function well. Furthermore, they fulfil even the strictest requirements laid down in the EU regulation.

Both a PIN and the code app or code calculator are used for authentication.

Generally, strong customer authentication is performed when two of the following three elements are used to authenticate identity:

• something only the user knows, a PIN, a password
• something only the user possesses, such as their personal code app or code calculator
• something the user is – a biometric feature, such as their fingerprint, iris, face or voice.

Strong authentication will become mandatory in card payments, so paying with a card online and in mobile apps will be more secure than before. Strong authentication means that payments can no longer be made with a card number and CVC code alone; the customer must be authenticated using online banking codes.

Card payments will become more secure in online stores and mobile services thanks to PSD2. Payments can no longer be made with a card number and CVC code alone; the customer must be authenticated using strong authentication. Online retailers will carry out strong authentication through the customer’s personal online banking codes (including those obtained from other banks than Nordea). A new or renewed card must be activated before it can be used. Instructions for the activation will be delivered to you together with your new card.

• Card payments in online stores and mobile apps will become more secure once the PSD2 regulatory requirements are implemented. Payments can no longer be made with a card number and CVC code alone; the customer must be authenticated using strong authentication. Online retailers will mostly carry out strong authentication through the customer’s personal online banking codes (including those obtained from other banks than Nordea).
  
• You can give a third party (e.g. a bank, a fintech company or an ERP vendor) consent to access your account information from all your bank accounts in the EU.
• You can give a third party (e.g. a bank, a fintech company or an ERP vendor) consent to make payments from your accounts held in different banks.

Payment transactions made at points-of-sale must perform strong authentication using a chip and a PIN. Contactless payment transactions will be accepted as before: the contactless payment limit is 50 euros and a PIN must be entered if the payment terminal requests it. However, card payments can no longer be confirmed with the cardholder’s signature.

When you are making online purchases, be prepared to confirm your purchases either with the code app or the code calculator. In shops and at payment terminals, you can use the contactless payment feature or confirm the purchases with your PIN. Start using the code app or the code calculator to be able to authenticate yourself for third-party services, such as MyTax, My Kanta Pages or Kela.

The purpose of the directive is to enhance consumers’ rights, promote competition in the banking sector and increase the range of services available to customers. The directive provides customers with the possibility of using third-party apps for managing their accounts and making payments.

The requirement of the directive for strong customer authentication in electronic payment transactions such as online payments and online use of a payment account aims to make e-commerce more secure and reduce fraud.

We never disclose customer information to any third-party operators without the customer’s consent. The customer may authorise a third-party operator to obtain information from Nordea or other banks. If the customer wants to withdraw the operator’s authorisation to obtain information, they must contact the operator or service provider concerned directly. Nordea may not terminate the authorisation.

You should contact the third-party operator to withdraw the authorisation. Nordea has no knowledge of which parties customers have authorised to disclose information.

You should read the terms and conditions of the service carefully before accepting them so that you know what you consent to when you start using the service.