[LINK] Consumer Credit-Card Risks

Stephen Wilson swilson at lockstep.com.au
Thu Jan 14 14:05:05 AEDT 2010



Steven Clark wrote:
> On 13/01/2010 11:19 AM, Stephen Wilson wrote:
>> ... If we're keen on chip cards in payment security, then we should also 
>> be looking for properly designed smartcards to secure e-health records and 
>> the like.  Different cards for different domains of course.
>>   
> this is/was a purpose of the defunct access card ... 
Not to nitpick, but it's important that these applications were actually 
not intended for the Access Card.  eHealth uses (and any integration 
with NEHTA's work on EHRs) was expressly ruled out by DHS at the time.  
Further, in stark contrast to the suggestion (by e.g. the APF) that a 
range of existing identifiers be managed in the chip (and my specific 
proposal that multiple IDs be secreted in discrete digital 
certificates), the Access Card proposed a new identifier, and was not 
specific as to how that ID would be protected.  The default position was 
to simply keep the new ID in memory rather than protect its integrity 
via a certificate. 
> ... and it's lesser sibling being 'developed' for all those lucky 
> guests of the centrelink system. 
I'm not aware of a smartcard being developed for Centrelink users in 
general.  Centrelink is rolling out smartcards internally for 
employees.  And then there is the BasicsCard for certain 
"income-managed" welfare recipients, but that's still a mag stripe card.

Cheers,

Steve Wilson
Lockstep
www.lockstep.com.au





More information about the Link mailing list