British biometric ID card system vulnerable to cloning 
“Handing over the keys to public identity data to organisations such as Royal Mail will open up a whole new can of worms. It seems preposterous to put public data into the hands of a third party when data loss is as commonplace as it is,” said Stewart Hefferman, COO, TSSI Systems Ltd. “It’s clear now that the government has intended to link the ID card scheme into its other services. I’ve been concerned about such an extension of ID card use since they were very first announced.”
“The big concern with ID verification is impersonation. Unfortunately, the Government’s ID card scheme does not go far enough to address this problem – and by opening up a photo kiosk style fingerprinting service at a post office with data made accessible to various employees – will further exacerbate the problem.”
“The two main weaknesses are firstly, an over-reliance on biometric security, and secondly, the preference for centralised data storage. Together these leave the ID card system vulnerable to cloning.”
“Stronger verification technology needs to be in place. Biometric technology alone does not suffice to prevent fraud – despite strong encryption, the Dutch biometric passports were cracked soon after launching. Unfortunately, there is no such thing as a 100% secure solution – and saying you’ve got one is an open invitation to hackers! All you can do is minimise the risk as far as possible.”
“What’s needed if the ID card scheme is to work, is a belt and braces approach. Storing the biometric data as an algorithmic encryption makes it impossible for even the most sophisticated fraudster to read or substitute. Even authorised personnel – and therefore any successful hackers or corrupt employees - would only be able to view binary code, and not the finger, iris or facial data itself. They would also be unable to replicate the algorithm to clone the card.”
“The way the information is stored and structured needs to be carefully implemented to avoid sowing the seeds of disaster. Storing this data centrally and then linking this into a variety of databases is a security concern. Other countries such as France and Italy have stipulated that biometric information is stored only on the cards themselves – thus still within the possession of the individual.”
"If it is stored centrally, then the biometric data must be stored separately from any other personal data. This would make it harder for any hacker to join up the dots and steal someone’s identity or clone a card. I also strongly advise that back-end systems enable an audit trail of those personnel who have accessed individual records on those back end systems.”
Print version | 
Email to a friend | 
View other articles
Latest Biometric articles
Biometric Fingerprint USB Scanner With Access Control System
Biometric Fingerprint Access Control By Raydox Technologies
MaximumASP deploys Brivo access control system at managed hosting facility
Geutebruck equipment selected for International Atomic Energy Agency's training center in Russia
CEM Systems secures access to the Ministry of Finance in Nigeria
SemTel distributes OmniPerception's facial recognition algorithms in Singapore and Malaysia
CEM's IP security solution for access control, biometrics and CCTV monitoring installed at Changsha Huanghua Airport in China
Carillion rolls out MSite biometric workforce management solution
VUgarde digital video solution delivers powerful yet straightforward surveillance
What laptop users should do to defend their data
...[view more Biometric articles]...
Other Biometric Resources
Biometrics deal: UID selects Accenture,Satyam, L-1
The consortia include algorithm and system integration providers.
U.S. contracts for biometrics help
ARLINGTON, Va., July 28 (UPI) -- Virginia's Stanley Inc. reports it has received two government biometrics-related contracts worth a combined total of $7.9 million. Virginia - United States - Stanley - Counties - Business and Economy
Stanley Awarded Contracts for Biometrics Services in Support of U.S. Army Intelligence Center
ARLINGTON, Va. | Stanley, Inc. (NYSE: SXE), a leading provider of systems integration and professional services to the U.S. federal government, today announced that it was awarded two biometrics...
UID selects Accenture, Satyam, L-1 for biometrics contract
The Unique Identification Authority of India (UIDAI) has selected three consortiums, led by tech firms Accenture, Mahindra Satyam and L-1 Identity Solutions, respectively, to provide technology solutions to capture the fingerprints and iris scans (known as biometrics) of the country’s 1.2 billion people. The consortia include algorithm and system integration providers.
Voluntary Standards Cover the Spectrum: from Attic Ladders to Biometrics
American Ladder Institute released ANSI-ASC A14.9-2010, Safety Requirements for Disappearing Attic Stairways, which prescribes rules for design, construction, and use of permanently installed metal or wood disappearing attic stairways in household or commercial settings. Recently published ANSI X9.84-2010, Biometric Information Management and Security for the Financial Services Industry ...
North American Biometrics Market
Reportlinker.com announces that a new market research report is available in its catalogue:
Aware, Inc. Reports Second Quarter 2010 Financial Results
BEDFORD, Mass., July 26 /PRNewswire-FirstCall/ -- Aware, Inc. (Nasdaq: AWRE), a leading supplier of broadband technology and biometrics software, today reported financial results for its second quarter ended June 30, 2010. Revenues for the second quarter of 2010 were $5.0 million, a decrease of 14% compared to $5.8 million in the same quarter last year. The net loss for the second quarter of ...
BIO-key® Reports Strong 2010 Second Quarter and Six Month Financial Results
WALL, N.J., July 28 /PRNewswire-FirstCall/ -- BIO-key International, Inc. (OTC Bulletin Board: BKYI), a leader in finger-based biometric identification solutions, today reported financial results for the second quarter and six month period ended June 30, 2010. For clarity and consistency, the data presented in this release relative to the same periods in 2009 includes only the results of the ...
Security websites for specific products:
Access control and RFID systems - Burglar alarm, intruder alarm and fire alarm systems - Biometric recognition and identification systems - CCTV cameras and systems - IT, computer and network security systems - Health and safety - Security guard services - Surveillance and remote monitoring systems
Security websites for specific markets:
Bank and financial security - Corporate security - School and education security - Sport event and live venue security - Healthcare and hospital security - Hotel restaurant and casino security - Industrial and manufacturing security - Infrastructure and Utilities security - Home and personal security - Public sector security - Retail security - Small Business security - Transport security
