nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
It's an important ID, so why isn't the Medicare card chipped?

Facepalm

Card is gateway fraud

The info on the card is useful to criminals because it contains all the identity points necessary to port someone's mobile phone number from most Australian telcos.

Once this is done, the typical SMS code verification used by most Australian banks is compromised.

Compromise the victim's computer or mobile with malware, and you have all you need to empty their bank accounts.

3
0

Re: Card is gateway fraud

You describe the status quo where the information on the card can ve replayed byID thieves with out anyone knowing. My proposal is different and uses Chip-and-PIN principles to safeguard the presentation of personal data. The idea is to digitally sign data in the chip card before it is presented, so that the receiver can tell freshly presented data from replayed stolen data. This is how Chip-and-PIN cards prove the provenance of cardholder details between card and merchant terminal. We should do the same thing with all critical personal data. Governments could provide citizens with identity-protecting infrastructure, by 'chipping' Medicare cards, driver licenses and other identifiers, and also opening up these devices as Personal Data Stores to hold other personal details. The form factor can be plastic card or smart phone.

Note carefully the proposal is not a new identity system let alone a national ID, but to use technology to preserve and safeguard the various IDs and relationships we have today.

0
0
Bronze badge

2 factor authentication

For the most part, the medicare system already has 2 factor authentication: you need to have the number for the rebate, and you need to be physically present for the examination. Adding a third factor (chip and pin) addresses a small number of situations. Chip and Pin is NOT, for example, used when you present a credit card to authenticate your identity.

0
1
Silver badge

Re: 2 factor authentication

I've never been asked to present my credit card to authenticate my identity. When does this happen? Do they ask you to match the signature or something?

2
0
Silver badge

Re: 2 factor authentication

"I've never been asked to present my credit card to authenticate my identity. When does this happen? Do they ask you to match the signature or something?"
When applying for the Old Age pension I was required to present my CC, but AFAICT the signature wasn't checked.

0
0
Bronze badge

Re: 2 factor authentication

Signature is not really part of your ID. It's your argreement that you will pay charges made to your credit card. Retailers used to, of course, check that you actually agree to pay when you bought something using a credit card: this requirement has been relaxed by CC companies.

Your agreement to pay CC bills is not the same as using your CC as points to authenticate your identity when opening a bank account, getting a passport, drivers licence etc.

0
0
Silver badge
Unhappy

good article

Author nailed issue with new cards. Too many stuffups and an endemic distrust of all government systems now. Branflakes and the outsourceries are very effective at enhancing distrust by those who are not techno-utopians.

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing