Electronic identity system DigiD is not so secure after all

Some 150 people from the Amsterdam district of Zuidoost were prospective victims of identity fraud involving the government’s DigiD security number, the home affairs ministry confirmed on Wednesday.

The crooks tried to change bank numbers attached to the DigiD security codes so that social security benefits were paid to them rather than the rightful claimants.

The ministry said it was unable to say how much money was involved or how the thieves managed to make the switch, Nos television reports. However, a spokesman for Logius, the agency which runs the government’s IT systems, said no money had been paid out.

Attempts were made to change the bank numbers, the spokesman said. ‘But then security systems came into play and the DigiDs were blocked,’ he told RTL news.

Official code

DigiD stands for digital identity, an official log-in code which gives access to all sorts of online government services. The code acts as a sort of digital signature on transactions which involve either money or confidential documents.

For example, people who do their tax returns by internet need a DigiD to prove they are who they claim to be. It is also used by health insurers and hospitals.

The codes and passwords are sent separately by post and experts are looking in to how the crooks managed to get hold of the relevant details. If they had dates of birth and other private information, they would also have been able to order replacement codes.

The Logius spokesman told RTL news he suspects the crooks were able to get hold of the activation codes and that the problems concerned a single postcode area.

Students

In November, five people were picked up in Groningen for fraud involving DigiDs and for stealing hundreds of thousands of euros from dozens of students.

The government said in December it is improving and expanding DigiD security and including a chip card for added protection.


blog comments powered by Disqus