EU cyber crime agency highlights ID card risks

Enisa is calling for a more standardised approach to ID cards

Enisa, the European cyber crime agency, has released a new paper discussing the security risks posed by European ID cards when used for identification purposes.

The organisation has suggested that new, more standardised, approaches to online ID cards and their authentication are needed before they can be safely adopted on a widespread basis.

"Online banking is one of the most widely used electronic services by European consumers, but online banking fraud is on the rise. Thus, security is a major concern," said the report.

Enisa goes on to make a number of recommendations, including the application of SSL security at both ends of any financial transaction, and the addition of these certificates to the authentication system. However, the organisation pointed out that, while this is possible, it is not necessarily easy.

"The lack of standards for smartcard integration to browsers hinders a broader take-up," the report said.

Other risks associated with the use of cards include simple card theft, password hacking and key-logging. Enisa made three main recommendations for online banking: a highly secure log-in mechanism, an optional electronic signature function, and a new 'highly secure' online rating.

Dr Udo Helmbrecht, executive director of Enisa, maintained that banks and financial organisations will have to collaborate with developers to ensure that the system and its mechanisms are as secure as possible.

"Electronic identity cards offer secure, reliable electronic authentication to internet services, but banks and governments must co-operate better to be able to use national electronic ID cards for banking purposes," he said.