Unfortunately the BankID has been scammed a lot, where fraudsters have simple asked people on the phone to sign BankID stuff for them.
It is far from perfect and in fact the scam here would be possible to do with BankID as well.
Not as easily. As I understand it, with Mobile BankID, the attacker goes to the bank web site and then asks the victim to authenticate with their BankID app.
With the real BankID, the computer accessing the bank web site needs access to the smart card. Exploitation is still possible of course, but the bar seems higher.
This is the same system I'm talking about.
You can use your smartphone and a PIN, or you can get a hardware dongle. Same authentication API from the banks POV.
The process is user-friendly while keeping security high:
- The place where you want to login has to trigger the authentication from their server on every login - and have to be certified for BankID.
- You then have to open the app, enter your fingerprint or 6-pin code before you can enter.
It's available for all state-run services including all banks and post offices.