In a recent post on Slate.com’s Future Tense, the question of how much is too much information on personal ID was discussed. Besides typical identifiers such as full name, birthday, ID expiration date and photograph, these cards include extensive personal identification, such as Social Security numbers and fingerprints (embedded in the card’s barcode). While eye color, gender and height, are fairly innocuous, when they are combined with much more personal information (biometric and/or personally-identifying information – PII) these cards can the used for the purposes of identity theft. Differentiators such as the natural hair color, medical conditions, status as an organ donor, use of prosthetics or other medical devices, are some of the other more revealing statistics that can be embedded in ID cards.
The risks for misuse of ID cards are alarming. The common perception is that identity theft is restricted to situations in which a credit/debit card is used to make a purchase. However, this is incorrect. Barcode scanners, which are often used to validate a person’s legal age to enter a drinking establishment, are now becoming prey for identity thieves. These cards are presented in a variety of establishments, such as bars, clubs, and restaurants, without the slightest thought that one’s ID is being compromised – because no actual transaction may be taking place. For example, personnel of national retail chains have been caught using PII to gain access to bank accounts, open new credit cards, and make exorbitant purchases. In some instances, driver’s license information has been misused to stalk, harass, and even murder victims. This has resulted in efforts to restrict disclosing this information.
Advancements in ID technology, such as that used to store sophisticated amounts of data in ID barcodes, can be used against consumers. Anyone with access to a barcode reader can potentially access ID card data in a plain text format. And once captured, this data can be stored indefinitely. A recent study found that PII can sell for $50 a record on the black market.
In Western Australia, a “proof of age card” which only shows details necessary for identification, specifically, someone’s full name, signature, photograph, and date of birth, is issued. The government stated that they offer this for security reasons. So that personal details that could be used for fraud are not present in the card. Australia isn’t alone. New Zealand, the UK, and Ireland are some of the countries that offer a similarly safer card. Until a similar option is adopted in the U.S., retailers can protect their consumers by using ID checking guides (example: http://www.driverslicenseguide.com), instead of bar-code readers.
The question of how safe are barcode readers as a means of ID validation and should less risky options – like ID guides – be employed in their place is sure to continue to be a debated topic over the coming months as consumers, retailers, government organizations, financial institutions, and several other groups have a vested interest in the outcome of future policies.