[Dave Birch] There are a great many advantages to smart cards as a platform for digital identity — they’re smart (ie, they have a microprocessor in them) for one thing — but there’s one huge drawback. They need readers. Now you might reasonably assume that no-one would countenance launching a smart card scheme with no readers, but that’s precisely what has just happened in the U.K.

 

Eleven million free travel smart cards have been issued but many buses are not equipped to read them, a report by MPs claims. The report, by the House of Commons Transport Committee, entitled Ticketing and Concessionary Travel on Public Transport, said the situation was "daft". Ten years after committing to integrated bus ticketing, the Government has "achieved too little of practical value", the report said.

[From The Press Association: £1bn bus pass scheme ‘stalling’]

When they say "not many" buses have been equipped to use the cards, what they actually mean is "virtually no" buses have been equipped to read the cards. The cards are simply being used as "flash passes" so as long as you wave something that looks like a valid card then the bus driver will let you on board since he/she has no way of verifying that the card is valid. Since the cards have a two-year lifetime, and since the readers won’t be in place for two years, it’s hard to see what the use of them is. It seems like a huge waste of money to me, but then I am not well-versed in government smart card policy…

 

The first nationwide smartcard-based travel scheme launches next month, but the majority of passengers outside London will not be able to use the advanced functions.

[From Free smartcard travel arrives – 20 Mar 2008 – Computing]

Nor will the majority — in fact, all — of the passengers in London since (as the article makes clear) Transport for London won’t even begin trialing the readers for these cards until mid-2009 and won’t be installing them until 2010.

It probably doesn’t much matter in the case of cards for pensioners on buses and the fact that a driver on a Weymouth bus won’t have the slightest idea whether the pensioner presenting a London pass is actually allowed to travel at 9.30am or not until 10am isn’t going to bring the country to its knees. It does illustrate, however, how much easier it is to issue cards than it is to issue readers. This is a problem that is well-known and in the case of, say, identity cards (rather than bus passes) are real problem. If someone (eg, a retailer) has no machine to verify a card then it is easy to fool them with a counterfeit and there will inevitably be a rise in identity fraud following the introduction of identity cards in such circumstances because…

 

there’s a false sense of security generated by identity that isn’t properly verifiable

[From Digital Identity Forum: Identity thieves]

It doesn’t take long for organised crime to get involved with this sort of card: since the public don’t have readers either, they can’t verify the identity cards that they’ve been given…

 

If you were going to create a criminal enterprise based on bogus ID cards, who would you target? Probably the group with the least recourse to the law: illegal immigrants. This is exactly what has been going on in Malaysia, where a fake identity card issuing syndicate which cheated hundreds of illegal immigrants has been broken up by the police

[From Digital Identity Forum: New identity crimes]

So how many readers does an identity card scheme need to have to work effectively? A good example to study is that relatively mature Malaysian MyKad identity card to see where it has got to now.

 

According to the Frost and Sullivan "MyKad Points of Usage Study 2007", there were 2.4 million POU placed throughout the nation and the key applications being used by the 24 million MyKads issued included identification, MEPS cash, ATM, e-Passport, loyalty, Touch’n Go, physical and logical access control, farmers registration, e-Farm, e-derma… To date, a MyKad holder can use it at over 25,000 e-debit terminals, more than 4,900 domestic ATM machines and at approximately 2,3000 clinics and hospitals.

[From MyKad Being Used For More Reasons Now :: Bernama.com]

If this report is correct, it means that a density of one reader for every ten cards has been reached. If this is the benchmark (I’m not saying that it is, just observing that it is a plausible figure), then that means that someone is already figuring out how to get a few million identity card readers up and running in the next year or two in the U.K., since the British government is clearly not going to run the risk of an escalation of identity fraud caused by a few million cards going into circulation with only a few tens of thousands of readers. I doubt there are 10,000 readers for the ITSO cards in the whole of the U.K. (which means less than one reader for every couple of thousand cards) but I would be delighted to provide more accurate figures if someone could send them to me.

Incidentally, much as I hate to provide free consultancy, I happen to have a very low cost ITSO card reader on my desk at the moment: a Nokia 6131 NFC phone. Since bus drivers have to have a mobile phone, they may as well have one that card read bus passes. This idea is actually an important one for identity cards as well. It should be a matter of course that U.K. identity card holders can check what’s on their own cards by reading them with any suitable NFC phone and free software that they can download from the IPS website.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: