THE EVOLUTION OF IDENTITY CARD ISSUANCE SYSTEM

 

When the first identity card in Malaysia was issued back in 1948, its primary purpose was to safeguard national security against the communist threat, by restricting mobility to citizens holding a national identification card only. But it also had a secondary purpose, in that it was to serve as a ration card for people to have access to food from the government during the emergency ordinance. The cards were made of paper, unlaminated and contained information such as a black and white photo, thumbprint and the card holder’s address.

 
Over the years, the identification card had gone through many changes. With advancing technology and in line with a country’s efforts to improve its physical security features, the card has evolved from the use of paper to either plastic PVC, PET, PC, Teslin or a combination of composite materials. Depending on security requirements, cards can also be embedded with more features such as a smart chip encryption, contactless circuit, transparent security overlays, printed photos, hologram, and personal information of the card holder.
According to Lee Wei Jin, APAC Regional Director for Secure Issuance, at HID Global, “Besides printing technologies, the other critical concern in identity card issuance is counterfeiting or alteration of the actual card. There must be some form of security features present on the card to make it difficult for fraudsters to copy the credential. Otherwise, identity cards can easily be copied using a commercial off-the-shelf desktop printers that print in high resolution. At HID, we have a proven blend of expertise and technologies to provide the highest form of secured card issuance.”
Traditionally, many governments select the way in which they issue cards based on policies set by their ministries and agencies, and in some ways driven by budget requirements. But with growing concerns over security and the effectiveness of every card issuance system, governments and organisations today are regularly reviewing the critical steps in preparing for newer and more secure card issuance.
 
CENTRALISED ISSUANCE SYSTEM
A centralised issuance system is a process when an applicant would submit personal information at a local office or branch, where the information would then be collected and stored at a central database for verification. Once the applicant’s identity is verified by the central authority, the identification card is usually produced off-site at the branch’s printing facility. It is dependent on a lone, large-volume printer. This whole process, from application to ID card delivery, may require the applicant to collect on a subsequent visit.
This concept of issuance is usually used by governments, in the case of a national identification card. “Although the trade-off for high-volume printing is a slower public delivery service, the card issuer can also benefit from the additional time it has in completing the verification process. The central office can take more time to examine the submitted information or documents by the applicant, and also communicate with other government agencies as needed. At the same time, the cards can also be reinforced with more security features,” said Wei Jin.
 
 
 
This concept, however, can also be applied to other institutions where data is stored and controlled centrally by a single body, for example professional accreditation bodies or banks. Institutions like the Construction Industry Development Board of Malaysia (CIDB) and major retail banks use a centralised printing and issuance system to manage and issue highly secured “Green Cards” or Payment Multi-Purpose Card (PMPC) such as debit cards respectively.
Issues Relating To a Centralised Issuance System
1. Customer service
One of the main issues that most organisations today are seeking to improve on is customer service levels. The responsibility for processing applications and issuing ID cards is primarily delegated to the office staff at each branch locations. The process will then be dependent upon the skills, experience and motivation of each staff charged with authenticating the applicant’s identity and printing the ID cards. There cannot be a margin of error in this process. Staff competency is therefore a critical issue, as the process can be interrupted unintentionally under periods of high stress due to large queues, frustrated customers, system malfunction, or even personal issues.
2. Inconvenience
A central issuing body may cause inconvenience to its customers if there is a delay in between the application and receipt process of the ID cards. This is because of the additional vetting time required in the document authentication process before an ID card can be issued. Customers will have to spend a significant amount of time at the issuing office, waiting in long queues for their ID cards to be ready. Sometimes they may even have to come back on another day if there are other service disruptions such as equipment malfunctions. This may lead to uncollected cards and wastage.
3. Cost
The two main costs related to a central issuance system are infrastructure and hardware. It involves a high long-term initial capital investment on equipment that could efficiently operate high-volume heavy-duty printing. In some circumstances, it would need additional vault space in which to store supplies or uncollected ID cards. Other indirect costs in a central issuance system are associated with the issuance of temporary document for applicants, and contingency or disaster planning, in the event of a major breakdown or emergency at the central site.
4. Security
A central issuance system would require the use of a secure facility with appropriate visitor access management and video monitoring. As there are many touchpoints in the identity authentication process, the major security risks in a central issuance environment are related to internal fraud. Security can generally be improved by limiting the number of times documents are handled, reducing potential points of compromise.
DISTRIBUTED ISSUANCE SYSTEM
A distributed or Over-The-Counter (OTC) issuance system is an effective alternative to a centralised system. By design, a distributed system is more flexibility because it allows for more customisable solutions to meet any sort of organisational needs. The individual printers can be dispersed at multiple sites, and networked to share one central database. It offers scalability, cost savings and shorten delivery time, resulting in an improved public delivery service.
A distributed issuance printing solution may generally have the following benefits:
  • Simple to operate by local staff, with minimal supervision
  • Compact and operable within an office environment
  • Relatively lower in cost compared to high-volume printing equipment
  • Ability to visually inspect every card produced before customer acceptance
  • On-the-spot processing and card production
  •  
     

    “Because the distributed issuance concept typically requires application, processing and the actual printing of the identification card within a very short period of time, the challenge befalls on the organisation to ensure that their staff or machine operator is properly trained to familiarise with the system."

     
    To minimise the risk of the issuance process being compromised, governments such as Malaysia, Thailand and Indonesia are now using encryption techniques to protect data and enforce confidentiality during the application, transmission and storage stages. A physical audit on inventories and supplies such as cards or other consumables should also be performed regularly to prevent under-stocking that can lead to interrupted operations, or worse, internal fraud.
    In addition, this concept would require a quick assessment and decision by the staff regarding the validity of the documents presented by the applicant. In such scenario, the process could be driven by an automated online retrieval of the applicant’s information from a central database such as name, registration number, address; or in the context of national ID, regulatory issues that may conflict with the applicant’s card re-issuance, for example a driver’s license suspension or police blacklisting.
    Essential criteria for an optimised distributed system
    When considering the right printing solution for a distributed system, scalability, reliability, convenience and security are key elements to have, especially when it involves equipment with high-duty cycles.
    1. Scalability
    A printing solution with a modular architecture, offers organisations versatility as upgradeable modules can easily be added to meet specific operational requirements, such as dual-side printing, laser engraving, lamination, and card encodings. Solutions like HID’s range of FARGO® printers allow organisations to build a printing system that precisely meet current needs, and also facilitates scalability when the issuance volume requires an expansion. As a distributed issuance system operates on a networked architecture, the number of printers needed can be added or reduced easily on the network.
    2. Reliability
    High-duty cycle printers are generally exposed to high operating temperatures and contaminants such as debris, which can affect the quality of the finished card, or even worse, disrupt the printing operations. For an uninterrupted productivity, organisations should opt for printers that are ruggedised for continuous operation in tough environments. Industrial card printers such as the HID FARGO® HDP6600 is especially suited for this demanding and laborious setting.
    With solid metal cabinetry and precision-engineered interior components, the HID FARGO® HDP6600 ensures a stable and reliable printing over high-volume continuous runs. Built for ease-of-use in challenging environments, the printer’s standard features include internal temperature sensors, airflow and filtration system, canopy dust seals and multiple-line cleaning stations.
     
    3. Convenience
    As distributed issuance systems are usually operated by local office staff, printing equipment should offer ease of maintenance without the need to rely on constant technical support. This allows the operators to focus on other office functions, ensuring operations run smoothly with very minimal downtime.
    Today’s advanced printers are equipped with an automatic diagnostic system to alert operators when issues arise. The quicker the problem can be diagnosed, the more quickly troubleshooting can be done to get the printers back online. Printers like HID FARGO® DTC5500LMX ID card printer and laminator requires minimal training for operators because of its simple design and intuitive functions. The printer is an affordable, eco-friendly solution that provides high quality card production, and features wasteless laminated for an ultra-low cost-per-card. Designed to meet the need of budget-conscious organisations, the DTC5500LMX includes standard dual card hoppers and support high-capacity, full colour ribbon and laminate consumables – keeping costs at a minimum while maximising productivity.
    4. Security
    Geographically dispersed offices in a distributed system may present significant management challenges in ensuring that the system remains secure. Managing security across multiple locations can be complex, and introduces more opportunities for security lapses or breaches.
    The printing solution should be located in a secured and protected area, as a first line of security against unwanted access. In addition, physical locks can limit access to the printer components such as card input/ output hoppers and rejected cards. It will also protect other consumables and valuable assets such as printing ribbons and films.
    Electronic security is also critical. Ideally, operator access to each printer is controlled via personal identification numbers (PIN). Print job data packets should meet or exceed advanced encryption standards, such as (AES) 256-bit data encryption, to ensure system privacy, integrity and authentication to the final issuance endpoint.
    DECENTRALISED ISSUANCE SYSTEM
    The evolution of an identity card issuance system from the conventional centralised concept to a distributed one, is a result of the increasing role digital technologies have on government functions and economies. As societies become more mobile, digital technologies provide support for organisations to facilitate the widening range of virtual interaction and transactions. In the context of developing an identity card issuance system, digital technologies streamline the identity management services.
    However, centralised systems may not be the last frontier. The shift toward digital societies and economies has created the possibility of a third approach to identification and authentication. In this approach, the evidence to authenticate an applicant’s identity can be drawn from a wide range of “digital cloud” sources that can include databases held by private service providers such as banks, as well as federated authorities that are vetted and licensed by the government. The key characteristic of this issuance system is that no single database can have the complete information of the applicant.
    Back in 2001, Malaysia was the first country in the world to implement a comprehensive digital multi-application national identity card that incorporates a variety of applications from various government agencies and private sector. Under the Government Multi-purpose Smart Card master plan, the MyKad was to serve as a valid driver’s license, an ATM card, Touch’nGo transit card, e-wallet, health card, and also for public key infrastructure (PKI) applications. Unfortunately, most of the functions are still not widely used today because they are not widely promoted.
     

    “The challenge for implementing PKI or digital certificate services is that it involves a high level of technical integration from different departments of ministry and private sector, and not to mention at the higher level, political will. A properly designed infrastructure will not allow any single body to have access to all of the identity’s data.”

     
    The strength of this approach is that it keeps the personal data privacy intact. The identity assurer does not know the purpose for which authentication is requested, and the requiring body does not know the range of evidence being considered.
    LOOKING TO THE FUTURE
    Although there are disadvantages to the centralised issuance system with regard to cost and customer services, the fact is, the system helped to implement and deliver the country’s vision of developing the world’s first government multi-purpose smart card project. And for high volume printing, it may still be the choice over a distributed issuance system.
    Yet, there is a rationale for looking at ways to improve on the older system. Technology has handed organisations the power to create a system that could deliver results, that is less susceptible to failures and offering faster delivery times.
    The distributed issuance system has provided a considerable improvement over centralised systems. When the government of Malaysia implemented the Distributed Printing Project (DPP) back in 2010, the time taken to issue an ID Card was reduced from 10 days to just 45 minutes. Making it easier for citizens to complete an ID application process in a more timely manner, can improve the customer’s voluntary compliance; making the delivery process more cost efficient, and improve the citizen’s trust in the government.
    Nonetheless, only time will determine when a decentralised issuance system would eventually rule the entire digital government ecosystem. Because decentralisation empowers multiple entities to manage the entire ID issuance ecosystem, there can be no single point of failure. In addition, as data becomes the new currency for the future, a system which makes do without the control of a central authority will likely prove an inspired choice in the years to come.

    FEATURE