Saturday, January 9, 2016

The Case for a Secure National Identification Card

Background

Identity theft in the United States is rampant.  Fraudulent use of false identification costs American businesses and individuals billions of dollars annually.  One estimate for the year 2012 placed that year's cost at 24.7 billion dollars.  Everyone loses since this financial expense is built into the retail prices we pay for merchandise.  The current hodgepodge of personal identification is apparently far too simple to collect and misuse.  Social security numbers, drivers licenses, birth certificates, and other means of identification are not secure and, once compromised, difficult or impossible to make secure.  Social Security cards were never supposed to be used for identification but, lacking any other unique national identification system, these numbers became the de facto standard for many situations.    Our national security has been compromised by our inability to properly identify people in certain situations.

Currently, identity theft losses far exceed (by about $10 billion*) household burglary,  motor vehicle theft, and property theft.  Prosecutions are rare because, while you suffered the initial loss, when you get reimbursed for the proven loss by the credit card company, they are now the victims and will almost never prosecute.  In my most recent case I had a suspect, acknowledgment from the Apple store that video existed of the fraudulent transaction, but couldn't get a detective from Miami-Dade to even bother with the case.  As the desk officer informed me, they are woefully understaffed and almost never get involved in credit card fraud. 


Proposed Solution

Issue a nationally recognized bio-metrically secured identification card.  This could be a federal government, private industrial consortium, or preferably, a joint federal/corporate managed project.  Participation in the program, for individuals, would be voluntary.  No one would be required to have such a card but it would be to their advantage. Certainly anyone whose identity has been compromised would be motivated to participate.  Since only the person bio-metrically identified on the card could use the card, the loss of the physical card is not as tragic as other ID card losses.


Proposed Card Mechanics

While seemingly Orwellian in nature, the fact that the card is not mandatory should lessen the impact.  Participants would request the issuance of a USB-ID (United States Bio-metric Identification) card, as we will call it for the purposes of this discussion.

Our current  ID system is almost solely information based.  A photo on a driver's license or passport is an exception and not regularly used on other forms of ID.  The USB-ID would have a photograph but would additionally use a minimum of three bio-metric means for security.  While others with more expertise than this writer could come up with other ideas, I would suggest the following sources:
  1. Facial recognition bio-metrics gleaned from the original photo
  2. Left and right ear bio-metric scans
  3. Left and right hand bio-metric scans
  4. Fingerprints, single finger or full hand
  5. Retinal scans of each eye
This list includes at least eight sources of bio-metric data that could be processed for an individual and which could be recorded in the data on the physical card and stored in a central database.  The facial recognition data would be mandatory.  Missing eyes, limbs, visible tattoos, etc. could be recorded and further used to identify an individual.  Current EMV chip technology would be used to record all relevant information on the card.

The individual requesting the card would select three or more means of bio-metric security and would present themselves at a processing center, fixed or mobile, where the physical scans would be conducted.  They would also provide current identification information that would be linked to the card.  Physical addresses, phone numbers, physical personal description, challenge question answers, etc., could all be included as requested by the individual.

The physical card would use all currently available technology to make counterfeiting the card difficult.  Sophisticated printing, holograms, etc., would all be part of the card.

The USB-ID Process

The new cardholder would notify the current national credit clearinghouses that they now have a USB-ID and that all future requests for credit require the use of the physical card and some form of bio-metric verification.  This notification could be done as part of the initial bio-metric scanning and processing of the new card.  Banks and similar financial institutions, where transactions over some pre-set limit are to be conducted, would be required to check if a USB-ID will be needed to complete the transaction.  These large institutions would be required to have the means of verifying all selected forms of bio-metrics.

Credit cards could be coded to alert retailers where transactions over some requested limit would require showing the USB-ID.  Retailers would also have the ability to own or lease equipment to minimally display the digitally recorded photograph (stored on the chip) which would have to match the facial bio-metric information and the individual presenting the card.  The cost of this equipment would be offset by the lower rates charged to retailers for USB-ID secured transactions.  This is possible since the credit card companies would now have lower fraud loss rates.  Retailers who do not participate would run the risk of losing potential sales.  The credit card companies could either charge non-participating retailers higher rates or pass on a portion of any fraud loss.

USB-ID card holders would need an inexpensive reader/scanner for their computers for online or "card-not-present" transactions.  The USB-ID card chip technology would have a rolling number security system that gets updated each time the card is scanned.  The rolling number would be updated through the central USB-ID database.  The loss of a physical card would require an updated algorithm applied to the rolling number on the replacement card to negate the utility of the lost card.  The home reader/scanner could have a fingerprint reader built in, similar to current smart phones.


Other USB-ID Uses

The USB-ID card could be used to provide additional information.  It could be made mandatory for gun purchases where information on the card would indicate that the individual identified on the card was cleared for purchasing a firearm.  A background check would still be required but the card better identifies the individual and prevents the use of forged or false identification to be used for the purchase.


Summary

The intent here is to provide a secure ID card system linked to an individual and that person's bio-metrics and not merely his/her information.  Individuals using the USB-ID system could enjoy lower interest rates on credit cards as the issuing companies will have a greatly reduced risk.  I'm sure there are a few bugs or flaws in this system that I have not thought of but the basic premise, I believe, is sound.  The need for some system to better secure our identities is long overdue.  We desperately need a solution for identity theft and the grief it presents the consumer.  There seems to be little motivation from the credit card companies since fraud is just an expense they pass on to the consumer.



I won't hold my breath waiting for the federal government to come up with anything either, so the motivation will have to come from corporate innovation.  It will take the drive and resources of firms like Google, Apple, Intel, or Microsoft to use their technical resources to develop such a system.  The government would certainly get involved at some point but only as part of the mechanics after the concept is much further along.  I think there may be a business model here that warrants further discussion.

* Bureau of Justice Statistic for the year 2012.

No comments:

Post a Comment

REFLECTIONS

Winston Churchill is credited with saying, "Americans and British are one people separated by a common language." His was a deviat...