BankID has been a security nightmare with a lot of fraud. It's relatively easy to get a BankID in someone else's name, which then allows the fraudsters to do anything in your name, including stealing everything you have.[1]
This is a great example of when privatization is a bad idea. Fraud is clearly a loss for the society, but the banks couldn't care less. A more secure solution would cost more for them, and it's someone else who has to carry the burden.
Fortunately, BankID doesn't fulfill the EU's security requirements, so Sweden finally has to make a proper eID, despite the bank-friendly politicians (Sweden is very "pro-business") not wanting to.[2]
But the scam described in the first link is not much different than what is plaguing Microsoft Authenticator in phishing mails. Sending a QR code and getting someone to scan it to steal OTP access.
It's still much better than anything we had before, and it is after all 20 years old. So I can see that there is room for improvement.
This is a great example of when privatization is a bad idea. Fraud is clearly a loss for the society, but the banks couldn't care less. A more secure solution would cost more for them, and it's someone else who has to carry the burden.
Fortunately, BankID doesn't fulfill the EU's security requirements, so Sweden finally has to make a proper eID, despite the bank-friendly politicians (Sweden is very "pro-business") not wanting to.[2]
[1] https://www.svt.se/nyheter/lokalt/uppsala/filippa-lurades-av...
[2] https://www.sweclockers.com/nyhet/37412-statlig-e-legitimati...