Banco Nacional Overhauls Digital Access Protocols with New Mandatory Security Framework

Banco Nacional de Costa Rica implements mandatory digital banking updates, replacing ID-based logins with usernames and integrating security tokens into BN Móvil.

By: AXL Media

Published: Apr 8, 2026, 10:55 AM EDT

Source: The Tico Times

The Shift from National ID to Personalized Usernames

In a significant departure from long-standing practices, Banco Nacional has eliminated the use of the cédula (national ID) number as a primary login credential for its digital channels. Customers are now required to establish a unique, personalized username linked to their banking profile. This shift is part of a broader strategy to decouple sensitive government identification numbers from daily banking access, thereby reducing the risk of identity theft and unauthorized entry through public data leaks.

Integration of the Security Token System

Alongside the login changes, the bank is decommissioning its standalone token application. The security token, which generates temporary codes to validate sensitive transactions, has now been folded directly into the primary BN Móvil app. This consolidation aims to streamline the user experience while ensuring that all multi-factor authentication (MFA) occurs within a single, secure environment. Customers must configure this integrated token following the creation of their new username to ensure uninterrupted access to transfers and bill payments.

Transformative Analysis: Cybersecurity and Digital Resilience

Banco Nacional’s update arrives at a critical juncture for Costa Rica’s financial sector, which has faced increasing pressure from sophisticated phishing and social engineering attacks. By moving toward personalized usernames, the bank is implementing a "security through obscurity" layer that makes it significantly harder for bad actors to guess login credentials using stolen databases of national IDs. Furthermore, integrating the token into the main app reduces "app fatigue" and ensures that security patches are applied more consistently across the bank's digital infrastructure.