The government must help standardise ID card verification by working with the industries that have the most to lose, says Tony Thomas.
ID cards will present myriad challenges and pitfalls to thefinancial services industry.
Although biometric data provides an additional level of security toestablishing a person's identity, there are questions about how this data will be secured and who will have access to the central register database.
The cards are not a magic bullet to cure all ills. Although they can help financial institutions in their fight against organised crime, there are concerns about how the government intends to confirm every individual's identity.
As people apply for ID cards, criminals who already have fraudulent documentation from a prior identity theft may try and register themselves under a false identity at the outset, thus giving themselves the opportunity tolegitimise a new identity for further fraudulent activity.
Even if caught and prosecuted, it is unlikely that future applications to financial institutions would be blocked unless some record of misdemeanors were kept on the government's central database and access to this was granted to firms.
Currently, credit reference agencies only keep personal records for a short period. If the government is serious about cracking down on financial crime, why not assist the financialservices industry while they have the opportunity?
How will a financial service provider be able to check an ID card when it is presented as a means of identification for opening an account? Can a central database be checked to confirm a card's authenticity? During the run-up to compulsion in 2013, will financial services providers be in a position to check for impostors who claim that they cannot verify their identity by ID card as it has not yet been issued?
If ID cards become mandatory, it is possible that firms will be forced to introduce biometric reader machines at every branch. Without bringing in identification verification standards across the industry, room for interpretation is left open. Best practice standards will be inadvertently set by the bigger banks, forcing smaller institutions to follow suit, as has been seen with anti-money-laundering. And who will bear the cost of compliance with this requirement?
The government should beapplauded for its decision to run a pilot, but with a sample of only 10,000 users when the end-game is for 60 million, the system will need severe stress testing to ensure it can cope with the volume. This will be especially important when making sure that technological anomalies such as false negatives, false positives and "no data found" are eliminated.
Fraud and identity theft willget worse before they get better. ID cards will reduce fraud in the long term, but the government needs to work with the industries that have most to lose from aninadequate system being made compulsory.
Tony Thomas is principal fraud consultant for SAS UK
This was first published in May 2004