In 2020, Covid-19 turned our lives upside down but that’s not all it impacted: fraud wasn’t left out. According to a PwC survey on global economic crime and fraud, 47% of businesses were victims of fraud in 2020 and 65% of fraud complaints were related to identity theft. It is the second highest level of reported incidents in the last 20 years. Not to mention that these numbers will only increase in the context of massive digitization of services alongside the ongoing improvement of fraud techniques. The European Commission published a new Regulation of the European Parliament and of the Council (UE) 2019/1157 with the purpose to confront these fraud issues and offer more protection to its citizens. The Regulation requires all Member States to use a new format of ID cards starting on August 2, 2021. From now on, countries that already have a national ID card must deliver a new format of electronic ID card. So, what security features should be found in this electronic ID card?
Details on the Security Standards Required by the EC for Electronic ID Cards
Since August 2, 2021 every European Citizen applying for a new ID card must receive this new type of ID document. The European Commission aims to strengthen security of such documents by requiring this new format and new features. Being more secure, electronic ID cards will prevent from document falsification and identity fraud.
Under the new regulations, ID cards will have to be standardized to a credit card format (ID-1), they will have to include a machine-readable zone (MRZ) and meet the minimum security standards set by the ICAO (International Civil Aviation Organization). They will have to include a photo and two fingerprints of the card holder that will be stored in digital format in a contactless chip. The country code of the Member State issuing the ID card will also have to appear on the card, along with a EU flag.
According to requirements mentioned in article 3 of the European Regulation, the new ID card must include a highly secure electronic component, like the passport. The person’s ID and biometric data is stored in the electronic chip: civil status data (surname, first names, date and place of birth, gender, height, nationality), home or residence address, dates of issue and expiration of the document, card number, digital portrait and digital images of two fingerprints.
How is this format more reliable and how will it simplify the fight against fraud?
Passports contain an electronic chip since December, 13 2004. Designed to hold a copy of the printed ID data in a forgery-proof form, the electronic chip has proven its worth. It is a reliable and secure added control key on an ID document and therefore constitutes an additional shield against fraud. The authentication and reading of the chip on the new format is simple and trustworthy. Authorities can easily confirm that the holder’s document was issued by a bona fide authority, that the biographic and biometric information held on the document at the time of its issuance weren’t modified, and that the electronic information contained in the chip is not a copy (i.e. a clone).
In terms of verification, in addition to the usual automatic reading checks with OCR (optical character recognition), new electronic ID cards with chips can be quickly read and analyzed by all solutions offering remote NFC reading. NFC, or Near Field Communication, is a contactless technology that allows data exchange between 2 compatible devices. It also permits unforgeable data verification thanks to different access controls. The first control called “Basic Access Control” (BAC) reads all the data in the chip except the fingerprints. The terminal extracts a code from the MRZ zone (at the back of the card). Secondly, the terminal operator can enter the “Card Access Number” (CAN) at the front of the card. This CAN code generates a session key that encrypts exchanges between the chip and the terminal, requiring mandatory physical possession of the card to access the information stored in the chip.
These embedded chips in new ID documents play a key role in the constant struggle against fraud and identity theft, especially by standardizing digital ID verification processes, making them faster and more secure.
European Update One Month after the launch? Which Member States have Implemented Electronic ID Cards?
More than 70 countries worldwide have implemented electronic ID cards but only a few in Europe. Asia and Africa are the most advanced, having adopted implementation of e-ID card programs dating back to 2016.
France started experimenting with the electronic ID card on March 15, 2021. Then, as of August 2, 2021, all European countries had to follow the EU regulation of June 20, 2019 which mandated the generalization of this format.
The Netherlands postponed their June launch but managed to be ready for August 2, NL Times reports. The Czech Republic also launched its cards on Aug. 2, reports Expats CZ, as well as Spain. Croatia met the deadline, reports Total Croatia News, as systems were updated to accept the new national ID card. Meanwhile, Ukraine issued more than 1.2 million biometric passports since the beginning of the year, reports Ukrinform and nearly 900,000 ID cards. 257,000 biometric passports were issued in July.
Germans have been using ID cards since 2010. They use their smartphones and a mobile application called “AusweisApp2” that allows them to authenticate themselves to carry out online procedures: car registration application, financial student aid, Stasi files access, etc. Germany now plans to add a certificate to the ID card chip to enable German citizens to have electronic signatures.
Since August 2, 2021, new biometric ID cards were dispatched throughout Europe in accordance with new EU Regulation requiring electronic identification. This initiative is part of a global approach to fight against fraud and to protect EU citizens in the wake of Digitisation. Eventually, these Electronic ID cards will allow access to public or private services requiring secure online identification, paving the way to digital ID throughout Europe, as announced by the EU Commission on June 3, 2021.