EU Agency Warns Of ID Card Security Risk
A European security agency has highlighted the security risks posed by European ID cards when used as identification for online banking
A European security agency in a new paper has warned of the possible online banking security threats associated with the use of European ID cards.
The European Network and Information Security Agency (Enisa) outlined in the paper the authentication risks with eID (electronic ID) cards, and with other authentication means.
It found that online banking is one of the most widely-used electronic services by European consumers, but warned that online banking fraud is on the rise. This has added to the importance of proper authentication methods to ensure only the right people access the right accounts. To this end, Enisa has suggested that new, more standardised, approaches to online ID cards and their authentication is needed.
“Because more and more internet applications that require some kind of authentication are gaining popularity, more standardised and harmonised approaches to user identification and authentication are needed,” the report stated.
“In Europe, several states have already rolled out electronic ID cards or have committed themselves to doing so and are in various stages of planning,” it added. “Most of these cards offer capabilities to electronically authenticate to an internet application. We expect that these technologies will, one way or another, be used for popular internet services such as online banking, tax declarations, even virtual worlds and gaming, and social networking.”
“The underlying vision is that an electronic ID card should be easy to use and, from a business perspective, provide economies of scale, i.e. offer cost advantages per unit as scale is increased,” the report stated.
For online banking, the report recommends the following security requirements:
- Secure authentication mechanism for bank users and/or for all citizens during login
- Highly secure authentication mechanism for performing bank transactions
- Optional: an electronic signature functionality (if required for certain transactions, for example, opening a bank account online)
“Electronic identity cards offer secure, reliable electronic authentication to Internet services, but banks and governments must co-operate better to be able to use national eID cards for banking purposes,” said Dr Udo Helmbrecht, executive director of Enisa.