Changing IT trends power banking in Norway

Norway's banking system is undergoing a seismic shift in technology as the country aims for a fully digitised society

Norway's banking system is undergoing a seismic shift in technology as the country marches towards a fully digitised society. Computer Weekly takes a look at the key trends in the Norwegian banking industry, from secure datacentres and world-leading digital identity solutions to the pain of moving away from legacy systems.

Norway is already largely a cashless society. Tourists can pay for their airport bus fare, accommodation, meals, admission fees and even a simple coffee from a convenience store with a credit card. For residents, almost all government services and tax payments are facilitated online, and few people carry anything but loose change.

Administering such a cashless society, even one with a relatively small population of five million, requires banking systems very different from the legacy architecture still in place.

Recent research from Celent revealed that European banks will spend £46bn on IT in 2017, with a large proportion of this invested in new technology as the industry is transformed by competition. Retail banks will be the biggest spenders, with £18.5bn expected to be spent on IT in 2017.

This trend to spend is certainly happening in Norway, where transformation of the underlying infrastructure of banking and payments is under way to power the digital society.

DNB moves to the mountains

DNB, Norway’s biggest financial group, has expanded its agreement with the Green Mountain datacentre in a deal reported to be worth about £12.5m. The Stavanger-based company already hosts all the mission-critical intelligence of Norway’s biggest bank in its high-security datacentre, built into a secret mountain hideaway once used by Nato during the Cold War.

Read more about banking IT

“DNB is very pleased with the service delivery from Green Mountain and the expansion is a result of this,” said DNB executive vice-president Liv Fiksdahl. “We have rigid and tough requirements for our suppliers and Green Mountain delivers top-quality services, so it was not difficult for us to expand our co-operation further.”

Green Mountain’s Stavanger datacentre has been awarded Uptime Institute Tier III certification, the first co-location datacentre in Scandinavia to achieve the rating. Together with the datacentre's fast data link to the UK, the certification should help Green Mountain win further business from the region's financial sector.

“The Uptime Institute certification verifies the trust DNB has in us,” said Green Mountain CEO Knut Molaug.

“Welcoming Norway’s largest bank was a significant deal for us as we started operations only two years ago. Our location not only adds a layer of physical security to our operation, it also brings costs down due to the natural cooling effect of the adjacent fjord."

Painful break from legacy core

DNB’s move is another step in its divorce from Evry, one of the region’s big players in IT consulting. One of the reasons Norwegian banks have been slow to adopt automation and a modern infrastructure is their dependence on Evry’s Kjernebank, the core IT platform used by most Norwegian banks for decades.

In 2011, thousands of customers of Sparebank1 were hit during their Easter shopping when a hardware defect at Evry affected 200,000 transactions. The incident was enough for bank CIO Eivind Gjemdal to call publicly for an end to the core banking system and overpriced consultants. He demanded a strategic review with Evry.

Although Sparebank1 has since signed a new long-term deal with Evry, it has also employed an in-house team of programmers, reportedly saving £1.35m.

Similar problems with Evry systems throughout 2013 prompted DNB to choose a new strategic IT partner, signing a deal with Indian firm HCL Technologies worth about £260m. HCL now manages the IT infrastructure services and application operations for all DNB businesses across Norway and its key international locations.

Pay for groceries with a fingerprint

While Norwegian banks struggle with their legacy hardware, digital payment technology is blazing ahead.

Last October, Norwegian startup Zwipe, along with a global consortium including MasterCard, announced the world’s first contactless payment card featuring an integrated fingerprint sensor. A successful live pilot with Norway’s Sparebanken DIN proved the concept. 

“Feedback from customers in the three-month pilot programme was very positive,” said Zwipe founder and CEO Kim Kristian Humborstad. “They were very happy with the user experience, trusted the security and reported transactions were completed more quickly than with a PIN machine. 

“Including biometrics in payment systems is a clear trend not just in Norway, but in the global banking sector. The successful implementation of ApplePay has affected the way the payments industry is approaching identity verification. We are working with several Nordic banks to develop further solutions.”

Digital signature in daily use

More than three million Norwegians (75% of the adult population) now use BankID to prove their identity and complete transactions online. The project was initiated through a partnership between Telenor and DNB, respectively Norway’s biggest names in telecommunications and banking, and is now supported by most banks.

The system is simple to use, requiring users to enter their personal identification number, their chosen personal password and a one-time password from their physical code token. An electronic signature using BankID is just as binding as a handwritten signature on paper.

Although the system quickly gained momentum, it was not universally popular because of the requirement for a code device and the selection of Java as the technology platform. The latter caused problems for users of non-compatible systems, such as Apple iOS. 

By the end of 2014, the long-awaited Java-free BankID 2.0 project was complete and implemented by most banks.

Also, more than 600,000 Norwegians now use Mobile BankID, which uses the same secure PKI technology but generates and stores the security elements on a mobile phone’s SIM card instead of a physical token.

Nils Inge Brurberg, head of BankID Norway, said: “We were able to take advantage of the fact that Telenor had already enabled the market with PKI-functional SIM cards.”

Read more on Information technology in the Nordics