Current measures are not strong enough to combat impersonation, ID theft and fraud.
TSSI Systems has warned that the EC sponsored cross-border national electronic identity (eID) systems interoperability scheme does not go far enough to prevent impersonation and opens the door to system abuses.
Stewart Hefferman, COO, TSSI Systems Ltd has claimed that the (Secure idenTity acrOss boRders linked) scheme does not look to address identity verification, forgery or fraud issues, despite its design to provide online access to public services across EU borders, including claiming social security and unemployment benefits or filing tax returns.
Hefferman said: “The big concern with ID verification both online and offline is impersonation. Unfortunately, the STORK scheme does not look to address identity verification, forgery or fraud issues, but simply to provide interoperability. This opens the door to system abuses – why on earth is the government opening up systems without requiring appropriate security measures to be in place? This horse is sure to bolt!
“Strong verification technology needs to be in place first in any systems with which the UK interoperates. Even biometric technology in physical ID verification systems does not suffice alone to prevent fraud – despite strong encryption, the Dutch biometric passports were cracked soon after launching.
“And online, verification is even harder. Look at the problems in online commerce! Online banking fraud in the UK soared cost to £21.4 million in the first six months of the year alone. And card fraud losses have already seen £300 million this year. Are we expecting the tax payer to shell out similar levels of millions to compensate for online benefit fraud? Isn't there enough money lost to offline benefit fraud as it is?!”
He further claimed there is a more simple solution in the physical ID environment – to adopt a ‘belt and braces approach'. He said: “Storing the data as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute.
“What's needed if this STORK initiative is to work, is firstly, strong next generation technology for online verification, and secondly, agreement across the board on the technology verification standard that countries need to meet. It's no use the UK having watertight technology if Estonia doesn't.
“And current systems in the UK itself are not even strong enough - the supposedly ‘fakeproof' British e-passports were cloned within minutes only to be passed as genuine by passport reader software used by the UN agency that sets standards for e-passports, despite using pictures of Osama Bin Laden and a suicide bomber!
“Without this, criminals in other countries could all too easily abuse our systems. The government needs to look again at the implementation of this scheme, or the seeds of disaster will be there from the making.”