[Dave Birch] Presumably one of the benefits of moving to a smart identity card — alongside smart passports and driving licences — is that many of the associated processes can be automated. Somewhere like Malaysia, which has had a smart identity card for years, shows how this can be done. There, passport applications can be made online or at kiosks. The Deputy Home Affairs Minister Datuk Tan Chai Ho says that e-kiosks and e-applications were part of the Immigration Department’s efforts to go paperless and increase efficiency. Only one e-kiosk had been installed at the time of writing, but it can process a passport for an identity card holder in as little as 10 minutes. Applicants deposit the RM300 fee in the machine, which can also photograph passport holders, enter their details and then pick up their passport the next day. This means, of course, that the integrity of the passport applications now depends on the integrity of the identity card and the National Registration Department has detected 364 cases where the MyKad has been tampered with but has found no cloning of the identity card. Mr. Ho said the tampering was confined to changing of the photograph on the card and most of these cases involved illegal immigrants. He said that in these cases the MyKad chip was damaged because it contained the personal particulars of the card holder which could not be altered.

Technorati Tags: , ,

This is an insightful comment on the real-world threats to this kind of system. The same is true of the EMV “chip and PIN” cards used by banks and has been a source of significant fraud. Since the bad guys cannot counterfeit the chips on DDA EMV cards, they just counterfeit the magnetic stripe on the back and take a screwdriver to the chip. When the card is inserted into some ATMs, the ATM cannot read the chip so it reads the (fake) stripe instead. Now it looks as if the Malaysian fraudsters have gone the same way.

Why am I curious about this phenomenon? Because it supports our view that a national identity management scheme needs to be a utility in which symmetry is integral: anyone should be able to check the validity of anyone else’s identity “card” (which may, of course, be a phone or a bracelet or whatever) using a device to hand — I’m imagining a phone, obviously — rather than have to take it on trust by look at the printing on the card. In fact, I’m a strong advocate of cards being blank anyway: my identity card should have a picture of my choosing on it (my cat, for example) not a picture of me together with other details of great benefit to identity thieves such as my full name and date of birth. Issuing cards that are going to be validated by the human eye is not a step forward. Issuing cards that can only be validated by a complicated and expensive piece of machinery is not either. And before anyone posts a third way, I’m not sure that entrusting my national identity card PIN to point-of-sale terminals is a way forward either. If I did, then I’m sure that a fraudster would soon find it worthwhile to steal my card and apply for a passport at a kiosk and… well, it’s just not good.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]

1 comment

  1. ID KEY which will have Card Key Code matching individual card or cards will reduce card fraud to virtually ZERO at retail outlets and ATMs because fraudsters will not be able to obtain this invisible and changing to new value after every transaction code required for activating transaction.
    Why would fraudsters get tempted to use stolen or skimmed cards when they know that unless they have the right ID KEY they will not have option to enter PIN number to conclude transaction? This system will eliminate the need for us to use CHIP on cards and even protect our PIN numbers.
    In addition image and name retained on ID KEY will activate photo printer at any transaction point in the world to print ID sticker (small sticker with image and name printed on it) which can be used on any document to personalise signature. Current signature system is like passports without photos and that is why it is so difficult to deter and prosecute fraudsters. This system will deter identity fraud because in the event of crime fraudster’s identity will get exposed on the document in question. Fraudsters can misuse victim’s personal details but not their appearance (true identity or visible biometric).
    Details on this honesty restoring system which the banks have been ignoring to exploit since 1994 are on website http://www.xwave.co.uk

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: