Written by Technorati Tags: biometrics, ID cards
One of the companies that we deal with has installed a high security ID system. When you check in at reception for the first time, they take your picture and store it in a database. When you subsequently arrive for an appointment, they print an ID badge for you: it has an RFID chip inside to open doors. When visiting a few days ago, I was wandering around the building for various meetings: it wasn’t until lunchtime that one of my colleagues pointed out that the picture on the ID card wasn’t me. If anyone knows who this person is, pass on the link!
Pictures don’t seem to be a very good ID technology. I vaguely remember an experiment some years ago when a UK issuer started putting cardholders pictures on the back of cards as a fraud deterrent. Some researchers (I think this was in Scotland) changed the pictures on their cards to a) a gorilla and b) Mr. Spock. It turned out to make no difference: since no-one ever looked at the pictures, it didn’t matter what they were. If the POS accepted the card, that was that ("computer says yes").
I can’t resist the experiment. Next time a client sends me to this company, I’m going to put a picture of a gorilla on my ID card (obviously, a gorilla that doesn’t particularly look like me, otherwise it’s not an interesting experiment) and see if anyone notices.
I believe that it was a bank in the Midlands and they sent a black chap shopping round Coventry with a white woman’s picture on his card. Not one shop assistant noticed.
During one of my recent visits to a UK government department, I was astonished at their physical security … doors wide open on street level, leading to a set of stairs at the top of which there was a guard sitting behind a desk. As there were no physical gates or barriers in place (!), employees (?) would simply wave a photo ID badge to the guard from a ca. 5 meter distance and proceed into the building …
As I was sitting in the visitors’ waiting area, I noticed a sign on the wall saying “ID badges must be worn at all times whilst in the building” … interestingly enough though the sign not did say anything about wearing a card made out to Joe Bloggs with a gorilla picture – one thing for sure, the guard would not have noticed.