Emirates ID e-wallet tie-up maybe convenient, but is it also a security risk?
Nicolai Solling, Director of Technology Services at Help AG says caution must be exercised when opting for technology and security system to create an e-wallet in the UAE.
March 21, 2013 10:49 by Eva Fernandes
The futility of owning an Emirates ID is everybody’s favourite punching bag, Kipp included. After all, is there any privileged to owning an Emirates ID over a more conventional and recognised form of identification like a labour card or driver’s license?
When the concept of the card was first introduced its potential seemed limitless. Although little has been realized, rumours surrounding a possible tie-up between one’s bank account and Emirates ID have been getting louder. As promising as the development sounds, some experts recommend the government be cautious.
“It is important to understand that the RFID chips in the different government cards are implemented with a lot of security features that we do not see in normal consumer implementations of RFID. Still it is the nature of RFID that makes the technology vulnerable” says Nicolai Solling, Director of Technology Services at Help AG.
Solling is talking about Radio Frequency Identification or RFID, which is a techonology which uses radio waves to help identify people and devices. Currently being used in ‘Nol’ cards and Salik tags, RFID is likely to be the technology the government opts for the rumored e-wallet tie-up with the Emirates ID.
If people have been using NOL cards and Salik tags with limited security breaches, what exactly is the problem? Solling says it is the ease with which an RFID code can be scanned. Unlike barcodes, the RFID tag can be read even through wallets and purses. This means that someone with a low-cost RFID scanner can easily read the data from the cards of unsuspecting victims.
Once a code has been cloned, it can be used to get information which can be particularly dangerous if used to access a bank account.
“A more subtle risk is related to the privacy of these tags. Since it is easy to remotely read information from RFID cards and tags inside people’s pockets and purses, malicious parties may also track the movements of unsuspecting subjects by placing readers at key locations” Solling added.
Of course, this is a risk which can be reduced by ensuring such cards are placed within significant protection or a casing which is resistant to a miscreant scanner.
And although it isn’t clear whether the government will be utilising RFID technology for the planned e-wallet system, Solling is more optimisitic that the government will ensure the card is doubley secure if such a tie-up occurs: “When government agencies provide RFID enabled devices to users, they should of course make sure their own systems are secure and scrutinized for security issues. It is important to understand that the RFID chips in the different government cards are implemented with a lot of security features that we do not see in normal consumer implementations of RFID.”