Part of a series on credential issuance and management
There was a time when enrolling in an ID system involved keying in some data, gluing a photo to a card and laminating it all together.
So much for your father’s ID badge.
Today, most enrollment systems are digital and new technologies are making the process more mobile, efficient and able to incorporate a multiple ID technologies. But amid the advances, enrollment remains the critical first step in the lifecycle of an ID system.
“It’s your one chance to ensure you’ve completely validated this person’s information so now you can begin to establish that trust for the future,” says Steve Purdy, business development director for government affairs at Gemalto.
The primary goal of enrollment is to ensure that there is only one identity for each individual, and that there is no opportunity for fraud or duplication during the enrollment process, says Robert Smith, general manager for Mountain View, Calif.-based LaserCard Corp. “Secure and tamperproof enrollment is key to the creation of a trustworthy secure ID system,” he says.
Enrollment in and of itself requires a multi-step process to ensure the quality and accuracy of the applicant’s data from the start. “As the (ID) lifecycle goes on, you’ll be looking at securing the credential itself to make sure no fraudulent activity has altered the ID in any way,” says Purdy, who works closely with driver license, airport security and passports for North America.
A breeder document such as a passport, driver license, birth certificate or some other primary form of identification is needed to initiate enrollment. Depending on the type of ID being produced, the process might call for two or more of these documents. Some enrollment systems have software that will scan the breeder document to ensure it is authentic. Others check breeder documents using external sources and databases to ensure legitimacy.
Once a person establishes who they say they are, the next step is to capture the applicant’s demographic information such as address, date of birth, full name and phone number.
In the past that meant manually entering information but modern digital systems have automated this process. “The sophistication of enrollment has really grown in the last 10-plus years, so everything is all in one process,” Purdy says.
He stresses, however, that while the digital age has brought about mobile and remote systems capable of capturing a person’s information, doing so face-to-face remains an effective way to verify documents.
In addition to capturing demographic data, today’s enrollment systems often incorporate a camera to capture the applicant’s facial image and a signature capture pad to add an electronic signature to the record. “Depending on the program, you could also have biometrics–fingerprints, iris scans–and all of that gets tied to your ID as a way to verify your identity in the future,” Purdy says.
Data quality is key
Beyond just capturing the applicant’s data, it is essential to ensure its quality. Text, images and biometrics stored on the credential are only effective if they are accurate and usable for comparison in the field.
In recent years, standards have been issued governing the quality of data captured for ID documents. This has long been true for passports, Purdy says, but driver licenses and federal ID programs are also following suit.
Standards set forth by the International Civil Aviation Organization (ICAO) ensure the quality of an image, and the International Organization for Standardization (ISO) specifies proper lighting requirements.
Such standards are designed to facilitate use in the field and to prevent an individual from obtaining multiple IDs with the same facial image but different name and demographic data. “There is a battery of tests that validate whether someone has their mouth closed or eyes open (and) that they have a standard background,” Purdy says.
At the final stage of the enrollment process, an applicant often undergoes background checks and a unique applicant check to prevent duplicate identities. Until recently, these key steps were the exception–employed only in the most secure of enrollment environments.
Today, however, more and more issuers are incorporating external watchlist-style checks to identify problem applicants as well as internal biometric searches to identify already-enrolled individuals before an ID in another name is issued.
It is also crucial to protect against insider fraud in the enrollment process. “During every stage of enrollment, checks and double-checks must be conducted to ensure that systems operatives are accountable and traceable,” Smith says.
Mobile enrollment helps West African country secure elections
New technologies have allowed the enrollment process to go mobile in recent years. Case in point is Gemalto’s Coesys enrollment system, which the West African Republic of Benin selected to manage the secure biometric registration of voters for its presidential and legislative elections.
The Coesys solution comes in multiple forms, including a desktop enrollment station for driver license and passport offices, a mobile option and an automated kiosk version.
Benin chose Coesys’ mobile enrollment system that comes equipped with a laptop, camera, fingerprint scanner and signature pad. The entire system fits into a suitcase and is ruggedized for use in remote environments. The system is self-contained and requires no external power or connectivity.
Having a mobile enrollment system was of particular importance to Benin because of its lack of infrastructure in certain areas. Gemalto supplied the republic with 3,215 mobile units. “They’ll be able to register the vast majority of the population in months as opposed to years,” Purdy says.
Benin has been holding multi-party elections since 1991, but hey didn’t have a sound database of registered voters. “The government basically said, ‘We want to ensure that in the next election we have a valid, trustworthy system.’ Adding biometrics and going through this process now gives them a database with a high degree of confidence,” Purdy says.
Benin has enrolled about 80% of the republic’s population since it began the process in September. Purdy estimates 6 million people will be registered in the system by election time. “From what I understand, the government feels confident that they’re going to meet their target for the March elections,” Purdy says.
Angola’s national ID goes mobile
LaserCard also relied on mobile enrollment in providing Angola’s national ID card. In 2009, LaserCard delivered a decentralized card personalization system that was integrated with the country’s national database. “Because of the widely dispersed and rural nature of the majority of the population, the enrollment and issuance process relies on mobile data capture and card issuance units, in addition to approximately 50 urban facilities,” Smith says.
Data is securely uploaded in batches once the mobile units return to a city data center or sent back to a center via a real-time secure data transmission. The mobile units also issue the finished credential in the outlying areas.
To obtain a new card, each cardholder must provide a fingerprint, which is matched against biometric data on the card. “Although the program is currently at a relatively early stage of issuance, this has already prevented a number of attempts at fraud,” Smith says.
As credentials evolve, so too must enrollment systems. Enrollment processes are adapting to meet the growing trend of integrating multiple technologies on a single credential. Technologies such as integrated circuit chips, contactless chips and optical security media are being offered to provide more security and functionality, Smith says.
“Enrollment systems therefore must mirror the complexity of the card design, capturing a variety of data from fingerprints, facial images and iris scans to unique ID numbers which will be stored in different media,” explains Smith, “to enable not only authentication but also access to systems ranging from health care to vehicle tax records.”
Such is the case with the Kingdom of Saudi Arabia’s national ID card that combines a contact chip and optical security media. The chip enables storage of demographic data and fingerprint biometrics. It also incorporates a PIN application for online access to e-government programs enabling citizens to pay taxes and perform online transactions, Smith says. The optical security feature stores a high-resolution color photo of the cardholder, along with personal data, fingerprint images and a fingerprint biometric for automatic identity verification.
In the case of Saudi Arabia, the enrollment system developed by LaserCard had to capture all the necessary data and prep it for encoding on the various ID media.
The future of enrollment will certainly require continued flexibility and change.
Already we see enrollment trending more toward self-service. That means more kiosks and online enrollment systems are becoming available so applicants don’t have to spend as much time in front of a staff member. Many systems are being designed to encourage pre-enrollment for certain data thus limiting the time required for actual face-to-face interaction.
There’s also a growing demand for verification in the enrollment process. “The importance of enrollment is growing because the government wants to establish more of a trust with the citizen. Validating someone’s identity up front in the enrollment process is becoming more and more critical as we add more virtual services,” Purdy says.
Multi-modal portable biometrics will likely be the norm in secure ID documents. “The credential itself will store facial, finger and potentially iris scan data, providing a higher level of security and flexibility, making counterfeiting significantly more difficult,” Smith says.
But as issuers strive to make fraud more difficult and documents more secure, the demands on the front end of the ID lifecycle process–the enrollment process–will continue to increase. Only with consistent improvements in both the processes and the equipment can we ensure that future ID documents will be able to meet future needs.