About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Opening authentication | Main | Building blocks for the identity utility »


By davebirch posted Jun 20 2007 at 2:13 PM
[Dave Birch] Presumably one of the benefits of moving to a smart identity card -- alongside smart passports and driving licences -- is that many of the associated processes can be automated. Somewhere like Malaysia, which has had a smart identity card for years, shows how this can be done. There, passport applications can be made online or at kiosks. The Deputy Home Affairs Minister Datuk Tan Chai Ho says that e-kiosks and e-applications were part of the Immigration Department’s efforts to go paperless and increase efficiency. Only one e-kiosk had been installed at the time of writing, but it can process a passport for an identity card holder in as little as 10 minutes. Applicants deposit the RM300 fee in the machine, which can also photograph passport holders, enter their details and then pick up their passport the next day. This means, of course, that the integrity of the passport applications now depends on the integrity of the identity card and the National Registration Department has detected 364 cases where the MyKad has been tampered with but has found no cloning of the identity card. Mr. Ho said the tampering was confined to changing of the photograph on the card and most of these cases involved illegal immigrants. He said that in these cases the MyKad chip was damaged because it contained the personal particulars of the card holder which could not be altered.

Technorati Tags: , ,

This is an insightful comment on the real-world threats to this kind of system. The same is true of the EMV "chip and PIN" cards used by banks and has been a source of significant fraud. Since the bad guys cannot counterfeit the chips on DDA EMV cards, they just counterfeit the magnetic stripe on the back and take a screwdriver to the chip. When the card is inserted into some ATMs, the ATM cannot read the chip so it reads the (fake) stripe instead. Now it looks as if the Malaysian fraudsters have gone the same way.

Why am I curious about this phenomenon? Because it supports our view that a national identity management scheme needs to be a utility in which symmetry is integral: anyone should be able to check the validity of anyone else's identity "card" (which may, of course, be a phone or a bracelet or whatever) using a device to hand -- I'm imagining a phone, obviously -- rather than have to take it on trust by look at the printing on the card. In fact, I'm a strong advocate of cards being blank anyway: my identity card should have a picture of my choosing on it (my cat, for example) not a picture of me together with other details of great benefit to identity thieves such as my full name and date of birth. Issuing cards that are going to be validated by the human eye is not a step forward. Issuing cards that can only be validated by a complicated and expensive piece of machinery is not either. And before anyone posts a third way, I'm not sure that entrusting my national identity card PIN to point-of-sale terminals is a way forward either. If I did, then I'm sure that a fraudster would soon find it worthwhile to steal my card and apply for a passport at a kiosk and... well, it's just not good.

My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Automat:


ID KEY which will have Card Key Code matching individual card or cards will reduce card fraud to virtually ZERO at retail outlets and ATMs because fraudsters will not be able to obtain this invisible and changing to new value after every transaction code required for activating transaction.

Why would fraudsters get tempted to use stolen or skimmed cards when they know that unless they have the right ID KEY they will not have option to enter PIN number to conclude transaction? This system will eliminate the need for us to use CHIP on cards and even protect our PIN numbers.

In addition image and name retained on ID KEY will activate photo printer at any transaction point in the world to print ID sticker (small sticker with image and name printed on it) which can be used on any document to personalise signature. Current signature system is like passports without photos and that is why it is so difficult to deter and prosecute fraudsters. This system will deter identity fraud because in the event of crime fraudster’s identity will get exposed on the document in question. Fraudsters can misuse victim’s personal details but not their appearance (true identity or visible biometric).

Details on this honesty restoring system which the banks have been ignoring to exploit since 1994 are on website www.xwave.co.uk

The comments to this entry are closed.