This is one of the reasons I wish governments in the world implement proper digital authentication instead of relying on static identifiers like name, address, or SSN.
The Baltic states have had proper digital authentication for years. Priv/pub key pair on the Xth iteration digital identity card that is checked against your passport physically. The problem isn't that governments don't have proper digital authentication. It's that most countries want to reinvent it every time. The German version is a clusterfuck that they then had to force into existence by mandating it by law and yet normal citizen services can't be done with it.
These gigantic government IT projects are also a good way to funnel taxpayer money to the right pockets, that's why they're always behind schedule and over budget (just like all government physical infrastructure projects) and if you look closely it's always the same 2-3 companies getting all the contracts.
Bullshit. The German electronic ID card wasn't a huge project and it was developed in-house. By all accounts, it works pretty well if you actually have the opportunity to use it. The problem is that nobody supports it. In part because of federalism: You rarely interact with the federal bureaucracy directly and the states for some reason aren't interested in supporting it.
Finland offers a state of the art digital authentication system. It's just that Klarna doesn't want to use it because it adds an auhtentication step to their checkout process. It's just easier for them to take the random internet user's word for who they are (!!).
I am not sure how this is even legal under the PSD2 in EU. It might not be. But Klarna does not seem to care, and I really hope someone will take them to court over this.
Is there any pressure in Finland to make this illegal? If your transaction didn't go through the digital authentication to verify identity, then it's worthless and the money can't be collected?
Yes, PSD2 (Payment Services Directive vol 2) should require strong customer authentication for online payments throughout EU. How Klarna is able to skirt this regulation is beyond me. Either they've found a loophole in the law or they are already in breach but the financial regulators are holding back from enforcing it.
I'm somewhat happy that my country is so much behind on all this digital stuff. You usually have to physically present your ID to do something serious, or at least provide a picture of it. We do also have an official "government services" website, and it implements a proper oauth flow that many other government sites use and uses SSN + password for login.