Unofficial digital IDs – what are the risks?

Last updated: 19 September 2023

Digital identification has rapidly become an integral part of our day-to-day lives, simplifying processes for both individuals and businesses.

What was once considered technology exclusive to “tech-savvy digital natives” has now become more mainstream, with large parts of the population embracing digital IDs. This shift has been significantly accelerated by the Covid-19 pandemic and associated lockdowns, which acted as a catalyst for the adoption of digital identity solutions.

Nowadays, using a smartphone to board a plane, store bank cards, or prove vaccination status has become second nature to many of us. The concept of digital identification is fast becoming well-established and has seamlessly integrated into various aspects of our lives, streamlining daily routines and interactions.

Concerns over insecure DIY approaches

Despite the adoption of digital IDs around the world, a Thales survey revealed a troubling trend. Nearly half (45%) of Europeans are currently relying on insecure, unofficial, “DIY” (do-it-yourself) scans and photos of their cards and documents to prove their identity and entitlements.

Storing scans of your official ID documents (such as a passport or a driver’s license) on your devices creates significant privacy and security risks. For example, if your device is lost, stolen, or hacked, then these DIY scans containing all your personal information are vulnerable.

These unofficial ‘DIY’ versions of ID are also susceptible to a specific type of cyberattack – Infostealer. designed to steal sensitive information from infected devices.

One of the biggest risks here is around compromised log-in credentials. Infostealers can steal log-in credentials, usernames, and passwords to access email accounts, which is where scans of a user’s ID documents are frequently found. ID scans stored in photo libraries on mobile phones can also be exploited.

Further to this, the sensitive and personal information contained in these unofficial IDs could be used by bad actors to commit identity theft and financial fraud.

The security versus convenience paradox

Results from Thales’ study revealed some conflicting attitudes towards security among digital ID users. Even though security is of paramount importance, a significant proportion are still taking unnecessary risks by storing scans of official documents on their devices.

This contradiction highlights the need for a comprehensive and universally accepted Digital ID solution that ensures both convenience and security.

The three pillars of trusted digital identity

At Thales, we believe that trusted digital identity relies on three key pillars: convenience, security, privacy.

As digital ID becomes increasingly integral to our lives, it is crucial to address the security concerns and replace insecure DIY practices. The growing threat of “infostealers” – alongside the contradictory priorities towards security – reinforces the urgency of a robust and reliable Digital ID infrastructure.

By embracing secure digital identity solutions, we can safeguard sensitive information, protect individuals and businesses from cyber threats, and foster a safer and more digitally integrated society.



Leave a Reply

Your email address will not be published. Required fields are marked *