Frequently Asked Questions

General

Smart-ID is a convenient personal identity solution trusted by European Union, which is operating in Belgium, Estonia, Latvia and Lithuania.
It is simple, easy to use and it’s a secure alternative to passwords.
With Smart-ID, you can log in to e-services, confirm transactions and sign your agreements.

The Smart-ID app is free to download and use.
Smart-ID transactions are paid for by the companies who let you use their e-services for logging in and giving e-signatures.

From November 2018, Smart-ID is recognised as a QSCD (Qualified Signature Creation Device). It means that electronic signatures given with Smart-ID have the same legal standing as signatures given by hand (QES level) and are accepted throughout the European Union.

Signing documents with Smart-ID is easy.

There are several options for signing documents:
Use online signing services: you can use Smart-ID to sign documents with Dokobit or other signing portals.
Get an app: if you’re an iPhone user, you can download the Dokobit app.

Please be aware that electronically signed documents may come in different formats and not all are universally supported.

Registering

  1. You have downloaded the Smart-ID app and started registration in the app. Download the application from App Store or Google Play;
  2. You have an ID-card with valid certificates and PIN codes;
  3. You have installed necessary Belgium ID-card software.

You can find the full instruction manual here: instructions

Using Smart-ID

You might notice your app informing you there is “No transaction found” when you open the Smart-ID app and tap anywhere on the screen. It’s because when you open the app, it performs a request to see whether you are in the middle of authentication or signing transaction. It is checking if there is a service waiting for you to confirm your identity or to sign a document.

If there is a request waiting – for example you were logging in to your online bank account or confirming a transfer – the app will display the confirmation code and ask you to enter PIN1 or PIN2.
If you opened the app while there were no active requests, you’ll see “No transaction found” message. It’s not a warning and nothing is wrong: it’s simply a message letting you know that no e-service is waiting for a confirmation at that moment.

Using Smart-ID is easy: all you need to do to log in to e-services is to remember your PIN codes. Do not worry if Smart-ID app pops up on top of your already open apps or web pages – you can switch between apps without having to close any of them.

Switching between Smart-ID and e-service apps on an Android phone:

  • open the service you want to log in, i.e. bank app or a website where you want to log in
  • choose Smart-ID as your login method
  • type in your user name and/or national ID-number
  • your phone will receive a notification: confirm login on Smart-ID. Click on it
  • your phone will now open Smart-ID app on top of your screen and you can type in your PIN1. Make sure that the confirmation code is the same in the e-service and in your Smart-ID – if necessary, you can switch between apps before entering the PIN-code by holding down the HOME-key (square symbol or a house symbol).

You can move between active apps without having to close them as often as you like.
Once you’re sure that the confirmation codes match in the e-service and Smart-ID, confirm your transactions/logins by entering the PIN number.
The same logic applies for using PIN2 code.
View the Smart-ID instruction video: switching between apps (Android) for further assistance:
https://www.smart-id.com/help/faq/using-smart-id/how-to-switch-between-apps-when-using-smart-id/

Smart-ID app also warns you if it detects missing permissions and directs you to solve those issues.

Multiple users for the same service/bank account:

If you and your family members or business partners share e-services, you need to contact the service provider and give additional users a mandate/authorization (or a power of attorney, depending on the service) to access that account.
For example if you have a common bank account, you need to visit your local bank office where you can register additional users, set their limits etc. Each user will have their own access to the bank account.

Multiple users for the same Smart-ID account:

Like an ID-card, mobile-ID or passport, the Smart-ID account should only be used by the person it was authorized to, as that person is legally responsible for all the actions taken with that account. If you share your device with someone, do not share your Smart-ID PIN-codes with them!

How and if you can actually log in with the same Smart-ID account depends on the service provider and if they allow access to their services through foreign Smart-ID accounts. Please contact the service providers (i.e. banks) for further details and instructions.

Smart-ID service does not restrict usage of accounts based on country.

Some e-services may use extra safety measures to make sure you don’t accidentally approve PIN-requests that you have not authorised.

These safety measures include showing an extra confirmation screen and/or asking you to choose which of the 3 control codes on your screen is correct. Just follow the instructions on your screen.

  • You’ll see a correct confirmation code in the e-service
  • Smart-ID app will give you a choice of three different confirmation codes
  • You need to pay attention and select only the correct code by clicking on it before you can enter the required PIN-code
  • If you need to, you can switch between apps to make sure you remember/know the correct confirmation code
  • If you choose wrong confirmation code, then you will have to start a new transaction, thereafter three (3) new verification codes will be displayed.

Watch the Smart-ID instruction video: comparing 3 confirmation codes (iOS) and Smart-ID instruction video: comparing 3 confirmation codes (Android) for further assistance:
https://youtu.be/qEhthKt1NOw

You can still use Smart-ID even if your smart device does not display Smart-ID notifications. Let’s say you’d like to log in to your bank account:

  • Open your bank app or online banking through a web browser
  • Choose Smart-ID as your login method and type in login data. Click OK/Continue/Enter to log in.
  • Normally, you should get an automatic notification on your smart device screen alerting you to the login process. If it does not happen, open the Smart-ID app manually by clicking on the app thumbnail on your screen.
  • You should now see the confirmation code and be prompted to enter the PIN.
  • If you already have your Smart-ID app open and still do not see the confirmation code nor the option to enter the PIN-code numbers, click on the Smart-ID logo within the Smart-ID app – you should now be able to check the confirmation code and enter PIN.

We have also put together a few helpful videos for you:
iOS: using the Smart-ID app manually
https://youtu.be/QWmGy5ODGmw
Android: using the Smart-ID app manually
https://youtu.be/VKiZkurbvpM
iOS: push notifications do not come for PIN2 requests
https://youtu.be/bVvh2f1rBJA

You probably don’t have a Smart-ID account. To get Smart-ID, download the Smart-ID app from the Apple App Store, Google Play or Huawei AppGallery and complete the registration process.

If you have downloaded the app and successfully completed the registration, make sure you entered your authentication data (Smart-ID account ID, e-service username etc.) correctly on the e-service login form.

When you open Smart-ID app, you should see your own name and account expiration date.

PIN codes

Your PIN codes are used during each Smart-ID transaction:

  • PIN1 is used to authenticate you – to give you access to your online bank account or e-service.
  • PIN2 is used for electronic signatures and completing transactions, like finishing a bank transfer.

PIN-codes are not stored anywhere so remembering them is very important: there are no PIN-reminders available and if you forget your PIN-codes, you need to create a new Smart-ID account.

PIN codes are private and should not be shared with anyone else. All transactions made with Smart-ID are legally binding, so it is very important that you keep your PIN codes safe:

  • when setting up your account, choose PIN1 and PIN2 codes that would be easy for you to remember without having to write them down;
  • don’t share your PIN codes with other people, even family members;
  • your PIN codes are not stored anywhere within our system – they can’t be changed and there is no “password reminder” if you forget them.

During each Smart-ID transaction, the PIN that you enter is used to decrypt the share of the cryptographic key inside the Smart-ID app. If the entered PIN is correct, the result is a valid signature. Smart-ID is built in a way that means if the attackers get a hold of your mobile device, they cannot implement a brute-force attack and run through all possible PIN combinations. If they should try that, the Smart-ID server locks the certificate and prevents the attack.

For your security, your PIN numbers are not stored anywhere, so you will need a new Smart-ID account. PIN1 code for authentication and PIN2 code for signing are independent from each other. However, if your PIN1 or PIN2 codes have been locked permanently, you’ll need to register a new account to keep using Smart-ID: codes are independent from each other, but not recoverable. How to create a new account:
  1. go to https://portal.smart-id.com Smart-ID self-service portal and delete your account or delete your account using Smart-ID app;
  2. register a new account for your Smart-ID. Make sure you have the latest version of the Smart-ID app!

On rare occasions, you may come across a situation where you’ve not initiated any authorizations, but your Smart-ID app still pops up asking for your PIN-code. Do not enter your PIN-code for any requests that you have not initiated!

In most cases, it’s due to a human error and not malice: for example, your personal details could be very similar to those of another user and they’ve made a mistake while trying to access their own account. If your username (or social security number) was used, it’s your Smart-ID that the authorization request would be sent to. Do NOT enter the PIN-code, as it would be your account that will be opened if the username and PIN-code match!

This is also the reason why you should not allow your family members, secretary, accountant, etc to initiate authorization requests on your behalf. You’ll never know if you’re accidentally granting access to a stranger!

Always check that the security code and activity description match your desired action before you type in the PIN. You should never enter your PIN-code if you’re unable to confirm the authenticity of the request yourself!

Some service providers have opted for a three-code verification to protect you even further from accidental mishaps like this.

What to do when you get a random PIN-code request?
When the PIN-pad pops up, don’t enter the PIN: instead, click on “Cancel” (bottom left) and the authorization request will be nulled for you. You should also know that all authorization requests will automatically time out after a few minutes, so even if you do nothing, your data will be kept safe.

There is no need to be overly stressed about an unsolicited PIN-code request: it’s usually due to a human error and not because someone is trying to hack into your bank account. However, if it is happening regularly, get in touch with our customer service.

Closing the account

Smart-ID accounts are device-based – each device can have one account. It means that:

  • Transferring a SIM-card from one phone to another does not transfer Smart-ID
  • Your account is safe: no one can accidentally “log in” to your account from their device
  • You can have as many accounts as you want – one for each device you use.
  • When you get a new phone, simply download the app and register a new account.

You should always delete the Smart-ID accounts that you no longer use. First of all, it helps to keep your data safe. Secondly, it’s for your own comfort – if you only use one device for Smart-ID, but have multiple active accounts, you’ve got to go through an extra step with each verification (to confirm which device you want to use).

You should delete your Smart-ID account. These are the ways you can do that:

  • Log in to your Smart-ID self-service portal with your Belgium ID-card and delete your account.
  • If you have multiple active Smart-ID accounts on different smart devices, you can also log in to the self-service portal using Smart-ID installed on your other device.

Security

Your private keys are mathematically combined and shared between the Smart-ID app, which is installed in your mobile device, and the Smart-ID server. The share inside the Smart-ID app is protected with your PIN and the share inside the Smart-ID server is protected with the HSM (hardware security module). Clever cryptographic methods are used to ensure that one cannot create digital signatures with just a single share of your private key and that in order to produce a digital signature, the individual shares are never mathematically combined in a single place. So the Smart-ID app alone cannot produce a valid signature and the Smart-ID server alone cannot produce a valid signature either.

This means that an attacker who would like to create fake digital signatures needs to break the security of both shares of your private keys. We are confident that this provides a very high level of protection.

Your private keys are actually cryptographic keys: very long numbers that are generated randomly and which are therefore very hard for attackers to guess. Digital signature systems work with pairs of keys. A private key is kept secret and is used to mathematically compute the digital signatures. The public key can then be used to mathematically verify the signature. Because no-one else knows your private key, no-one else can give your digital signature.

  1. Keep your PIN-codes private!
    Do not share your PIN1 and PIN2 codes with anyone, not even family members or friends. As long as you are the only one who has the PIN-codes, no one else can use your Smart-ID to login to services, confirm transactions or access your data. This is also why you should never write your PIN-codes down. When registering your account, choose PIN-codes that would be easy for you to remember, but difficult for other people to guess. Avoid using your own birthday or codes such as 0000 or 1234.
  2. Only respond when you have initiated the action!
    Never enter your PIN codes if you are not the one who initiated the transaction! If you see a random authorization request on your screen, ignore it. If it happens again, get in touch with our customer service and we’ll help you figure out what to do next.
  3. Use a screen lock on your smartphone
    All smartphones have a screen lock function. Though it may seem a bit tedious, don’t be tempted to go without. The most common screen lock option is a numeric passcode and newer phones also offer pattern-based locks or a fingerprint lock. Passcode and fingerprint locks are the safest. Try to avoid using passcodes like 0000, 1111, 1234, 2580, or your own or your family members’ birthdays.
  4. Only download software from trusted sources
    Do not download unauthorized/illegal software and do not use links that promise to give you free access to otherwise expensive add-ins. Google Play and AppStore are the best places for software updates and new apps, and most of them are free anyway or cost very little. Making sure your software is legal also helps you protect yourself from cloning and identity theft.
  5. Keep your apps updated
    Keep your software up to date: regular updates of your operating system and apps help make sure you always have the best protection against security risks. The best way to ensure your software is always fresh is to allow automatic updates!
  6. Do not use rooted, jailbroken, unlocked or “cracked” devices!
    Buy your smart devices from authorized sellers or people you trust and who can prove that they are the true owners of the device. Stolen devices, rooted devices etc. are susceptible to hacking, generally unsafe and may cause issues in app performance.
  7. Sharing is not always caring
    The only way to make sure that no-one else adds something or does something you do not want on your smart device is to avoid giving access to your smart device to others. If sharing is the only option, make sure every user has their own account. Avoid automatic logins on devices with multiple users, and keep your screen passcode private!

Help needed

If you have a trouble with Smart-ID, but you still haven’t found an answer, then contact our customer service or write an e-mail to help.be@smart-id.com.

Here are some examples of error messages you can get while using Smart-ID.

No matches were found…

Scroll to Top