Thursday, February 11, 2010

ID security

Last week, Oberthur Technologies hosted a seminar on ID security in Oslo, Norway. ID theft is a growing concern, and both government and corporate initiatives aim to create solutions to prevent ID theft from spiraling out of control.
A diverse range of speakers and subjects were on the agenda. MACAW research covered the event, and here we give you some of the highlights.

Eva Edwaldsson from Oberthur Technologies was first up and provided an introduction to current European initiatives on ID solutions, including the European Citizen Card project and biometric information schemes. A representative from Statoil inquired whether commercial players would be able to read complete biometric records. The Norwegian Ministry of Justice's stance was that this level of access would only be made available to government organizations and specifically border control.

The Data Inspectorate (Datatilsynet) presented excerpts from the Norwegian law on eSignatures and its skeptic attitude towards portal solutions for access to multiple government records for citizens from a single sign-on point, as well as tracking user behavior in electronic services in general. In essence, the latter boiled down to what the Data Inspectorate labeled as unnecessary identification, as well as logging; preferring this only be done at the point when a signature is required.

Ståle Ekelund, CTO at Norman, presented malicious code statistics. The number of pieces of malicious code have exploded, marked by an increase in so-called polymorphism, i.e. multiple instances of the same code building blocks, but with a different order or added components. In total, there were 22 million unique pieces of malicious code reported in 2009, and growing by approximately 1 million per month. Several of the speakers also pointed out that cyber crime has surpassed narcotics in revenue, and that ID theft is "big business with good returns."

Jan Sigurd Aarberg, VP Cards & Payments at DnBNOR, raised the question "Do we need payment cards?" and ran us through the history of payment cards in Norway. An interesting element from the presentation was that the mobile payments pilot with Telenor and MasterCard has been put on hold due to a lack of suitable mobile handsets. Also, is it banks' duty to provide identification to Norwegian citizens, and will it be in the future? It is a paradox that banks require a passport to issue a debit card, when one can use a debit card to obtain a passport.

One of the final speakers was Christian Meyer, project manager at idtyveri.info, who provided interesting figures on ID theft, such as 5642 Norwegians having reserved themselves against credit risk assessments at Dun & Bradstreet as per 31 December 2009. Mr. Meyer also referenced a survey, in which 5.4% of the surveyed Norwegians had been victims of one or more forms of identity theft. It is to be noted that the term ID theft was broadly defined and included being victimized in cases of public transport dodging, i.e. someone providing false record to inspectors and thus the fraud victim being issued a wrongful fine.

All in all, Oberthur Technologies provided a good mix of speakers and subjects, and we look forward to next year's event. Maybe we will see you there.