My finances, my projects, my life
August 13, 2022

LuxTrust: secure online shopping and admin!

  Compiled by myLIFE team me&myFAMILY February 8, 2022 36

If you have a bank account in Luxembourg, you probably use LuxTrust to access your bank remotely or to confirm your online payments. However, like most of us, you may not be aware of the wide range of possibilities this service provider has on offer to improve your security on the internet and make your admin tasks easier. myLIFE goes through them for you.

Nowadays, using the internet to check our bank accounts, shop or perform admin tasks is nothing out of the ordinary. Banks, businesses and even governments are constantly striving to develop their digital presence. They are adding to the number of services available online and making a bigger shift towards digital.

But in this digital world, security is a key issue. With teleworking and e-commerce becoming more commonplace, as well as the rise of online scamming and internet fraud, it is absolutely essential that users and the tasks they perform online are protected. This is where LuxTrust comes in.

What is LuxTrust?

LuxTrust is a digital trust service provider and a certification authority that delivers solutions to protect the activities of individuals and businesses online.

LuxTrust was founded in 2005 by the Luxembourg government and several banks. It issues electronic certificates that allow us to prove our true identity online, sign documents and even validate online transactions securely.

The company also offers services that target companies specifically in order to help them better manage their administrative activities, authenticate themselves and secure their digital exchanges, while ensuring full compliance with the European regulations in force (e.g. DSP2, GDPR, AML and eIDAS).

Many banks and public authorities in Luxembourg use this identification system to offer their users a secure environment.

What services does LuxTrust offer?

Strong authentication

The digital identity provided by LuxTrust allows users to identify themselves securely on partner websites, platforms and online applications. The aim is to prove that the user is definitely who they claim to be and to prevent unauthorised individuals from accessing their personal data or from acting in their name. Many banks and public authorities in Luxembourg (MyGuichet.lu, macommune.lu, vdl.lu and eTVA, etc.) use this identification system to offer their users a secure environment.

For example, individuals and businesses can access their online banking service and perform day-to-day banking operations: make transfers, issue a RIB, add a new beneficiary, etc.
The government’s digital platform, MyGuichet.lu, allows users to check their CNS refunds, print their residence certificates, complete their tax returns, apply for child benefit, request a criminal record certificate, apply for training leave, request financial assistance, and much more.

Secure payments

LuxTrust services are used in conjunction with 3D Secure technology to validate online purchases. The aim is to strengthen the security of online payments and reduce the incidence of credit card fraud on the internet in accordance with the European Payment Services Directive (DSP2).

Electronic signature

LuxTrust also offers an electronic signature service. This digital procedure – not to be confused with a digitalised handwritten signature or a document signed using a tablet – consists in assigning a unique code, known as a hash, to the document. An electronic signature certified by LuxTrust carries the same legal value as a traditional signature. It is binding on the author and guarantees that a document has not been edited after having been signed.

→ It can also be used to open an online banking account, conclude an agreement with a client, sign a quote, or subscribe to a telecom package, etc.

Electronic seal, time stamping, consent management, etc.

LuxTrust also offers solutions that target companies more specifically.

    • Electronic seal, which can be compared to a traditional seal or ink stamp used by companies, guarantees the origin and integrity of documents (bills, contracts, etc.);
    • Time stamping provides the time and date at which a file was created or a transaction was executed;
    • Consent management (to collect, manage and monitor consent) ensures that companies are compliant with the General Data Protection Regulation (GDPR);
    • Certified video identification to limit the risk of fraud. See all LuxTrust digital solutions for companies.

How to use LuxTrust services

In order to use your digital identity and access the various services available, you must have a physical or digital device accepted by LuxTrust. Different devices can be ordered either directly via the LuxTrust website, or through a partner bank, after having been formally identified by a registrar.

Useful info: Since 2014, Luxembourg identity cards (eID) have been equipped with electronic chips on which authentication certificates can be activated and LuxTrust electronic signatures can be generated free of charge. To obtain one, you need to apply for it when ordering a card.

Depending on the device chosen, the process for identity authentication, payment validation or signing transactions may vary. In principle, it involves selecting the device used (LuxTrust Mobile, Scan, etc.), entering identity details (User ID and password or PIN) and, for those still using the Token for example, entering the OTP (One Time Password) generated.

By using all these elements in tandem, and sometimes by also activating digital fingerprints or facial recognition on smartphones when using the LuxTrust Mobile app, the security of online transactions is enhanced. This is multi-factor authentication*.

NB: Certain physical devices (SmartCard – a Luxembourg identity card) require software to be installed (middleware) on your computer and/or the use of a compatible card reader.

With LuxTrust Mobile, Tokens are no longer needed to validate transactions or to log in to bank accounts: you simply need your phone to hand!

LuxTrust Mobile: the app to replace the Token!

LuxTrust also has a mobile solution, available directly on your smartphone: LuxTrust Mobile. Tokens are no longer needed to validate transactions or to log in to bank accounts: you simply need your phone to hand!

LuxTrust Mobile is a quicker and more practical solution. It is constantly being upgraded to make life easier and more secure for users and it offers the same possibilities as a Token or LuxTrust Scan. It allows you to receive a push notification to your smartphone each time you need to authenticate your identity or validate an online transaction (e.g. for card payments on a retail website).

LuxTrust Token and LuxTrust Scan users can download the app from the App Store or Google Play free of charge. Otherwise a LuxTrust Mobile identity must be ordered via the LuxTrust website.

So, now you know what options LuxTrust has to offer you. Although multi-factor authentication may seem a nuisance, it protects what you do online and makes sure your internet transactions are secure. Be careful – no one is immune to online fraud!

For more information, please go to the LuxTrust website.

*Multi-factor authentication consists in requesting at least two of the following factors to enhance the security of online operations: a piece of information known by a user (a password, digital code, etc.), an item in their possession (a phone, Token, etc.) and something inherent to the person (a fingerprint, facial recognition, etc.).