Skip to content

Safe Conversation / Sikker samtale

This guide describes how to implement inbound Safe Conversation in a call center using the customerServiceCall.v1 permission type with a CIBA flow.

Use this when an end-user calls you and you need high assurance that you are speaking to the legitimate person, without asking them to disclose sensitive static data (address, card digits, etc.).

Requires separate agreement

Safe Conversation requires a separate agreement. Get in touch for details.

Restrictions

  • This flow is only to be used for inbound calls from the customer to you.
  • SMS (one-time codes sent by text message) is not permitted as a fallback authentication method in this flow.

High level flow

  1. Collect and validate the caller's national identity number (NNIN).
  2. Check eligibility using the User Exists endpoint before starting an authentication.
  3. Create a CIBA request with permission type customerServiceCall.v1.
  4. Read the returned challenge words to the caller.
  5. Wait for the caller to complete / reject the authentication.

Retrying failed flows

If the user fails to complete the authentication in the BankID app, for example because they inadvertently cancelled the attempt or selected the incorrect challenge words, you are allowed to retry the flow, with the following limitations:

  • You MUST ask the user whether or not they would like to retry before initiating a retry.
  • You MUST NOT offer more than two retries (three attempts in total, including the initial attempt).

Retrying involves repeating steps 3 through 5 from the high level flow described above.

Integration methods for NNIN input

There are two ways to start the flow for Safe Conversation:

1. Agent asks the caller and types it manually

  1. The call center agent asks the caller to provide the NNIN manually.
  2. The agent types this into a specified web portal that will trigger the BankID authentication.

ManualAgentInput

2. Automatic capture in the caller menu before the agent pick up

Note

This requires an integration in your telephone platform

See suggested reference script

  1. An IVR (Interactive Voice Response) flow asks the caller to key in the NNIN using the keypad or from internal phone number to NNIN mapping.
  2. The NNIN is validated automatically.
  3. When the agent answers, the system already knows the NNIN and can pre-fetch eligibility status.

AutomaticCapture