[LINK] Consumer Credit-Card Risks
swilson at lockstep.com.au
Thu Jan 14 14:05:05 AEDT 2010
Steven Clark wrote:
> On 13/01/2010 11:19 AM, Stephen Wilson wrote:
>> ... If we're keen on chip cards in payment security, then we should also
>> be looking for properly designed smartcards to secure e-health records and
>> the like. Different cards for different domains of course.
> this is/was a purpose of the defunct access card ...
Not to nitpick, but it's important that these applications were actually
not intended for the Access Card. eHealth uses (and any integration
with NEHTA's work on EHRs) was expressly ruled out by DHS at the time.
Further, in stark contrast to the suggestion (by e.g. the APF) that a
range of existing identifiers be managed in the chip (and my specific
proposal that multiple IDs be secreted in discrete digital
certificates), the Access Card proposed a new identifier, and was not
specific as to how that ID would be protected. The default position was
to simply keep the new ID in memory rather than protect its integrity
via a certificate.
> ... and it's lesser sibling being 'developed' for all those lucky
> guests of the centrelink system.
I'm not aware of a smartcard being developed for Centrelink users in
general. Centrelink is rolling out smartcards internally for
employees. And then there is the BasicsCard for certain
"income-managed" welfare recipients, but that's still a mag stripe card.
More information about the Link