How do Card Based Transactions Improve Security?
In recent years, governments worldwide have instituted laws that directly or indirectly require companies to decrease vulnerability to identity theft. In many cases, their initial rollouts have focused on the public sector but the prevalence of digital certificates and greater market awareness of identity fraud have pushed governments to now require civilian identity authentication. The United States, the European Union, Korea, Brazil, Mexico, Chile, Japan, Australia, Singapore and many other nations have drafted or implemented regulations to authenticate credentials before issuing government documents such as e-passports, marriage licenses, electronic voting ballots, visas and residence permits, citizenship, and driver’s licenses. Governments are also rapidly moving to electronic invoicing and tax filing to reduce fraud, improve on collection and provide a more robust audit trail.
The capacity of government-issued documents for citizens, the amount of fraud and error, and the lack of tracking available with paper-based systems makes it difficult for governments to meet their own audit regulations. They must transition to electronic processes, and this has helped to make digital signatures and certificates become mainstream. Here are just a few examples of digital signature/certificate projects that are underway :
- Online government transactions (e.g. Tax payments) with relatively high-risk profiles where active mutual authentication is important to prevent website fraud through man-in-the middle attack (refer, for example, to authentication Levels 3 and 4 in the United States National Institute of Standards and Technology (NIST) SP800-63: Electronic Authentication Guideline).
- Electronic pension / employment benefits transfer using smartcards.
- Cards may be used for a variety of specific public sector applications, such as library cards or learning cards.
- Official documents may be issued in the form of smartcards, as a secure alternative to paper documents, for example, driver’s licenses, electronic passports.
- Digital credentials or business licenses can be carried by smartcard.
- Identification cards may be used to recognize either government employees or members of the public and provide access to buildings or computer systems.
- Employee access card with secured passwords to protect access to Computer systems.
- Mass transit fare collection systems.
- Electronic toll collection systems.
- Consumer health card containing insurance eligibility and other entitlements.
- A patient’s smartcard can act as a key which healthcare professionals can use to access electronic health records, with the patient’s consent.
- Emergency medical data (medic alerts, allergies, drug reactions).
- Electronic prescriptions may be issued by doctors to a patient’s smartcard (though probably in summary form rather than in their entirety) and thus conveyed to dispensaries.
- All-purpose multi-function student ID card, containing a variety of applications such as electronic purse (for vending and laundry machines), library card, record attendance at classes, concession card and logical access control for network logon. Cross-border standardization is becoming more significant as governments issue digital certificates and signatures based on similar guidelines and policies to track cross-border fraud. Governments are trying to support increasingly mobile citizens where they live and work. In countries such as the U.S. where a robust government infrastructure exists for certificate issuance, interoperability for civilian focused systems with the existing infrastructure is critical.