Following the Optus data breach, Queenslanders are now required to give banks, telecoms, and utility firms a second number on their driver’s license to verify their identity.
People will have to supply both the card number and the license number starting this week.
Every time a license is issued or changed, a new card number is shown on both the front and back of the document.
People will be asked for both of those numbers when they enter a telecom, bank, or other establishment where their identification and driver’s license must be verified. Why they do so is because all of those significant organizations and banks verify documents through a system in the background managed by the federal government called the document verification system.
Companies who requested card information “went a long way” toward fixing” the problems brought on by the Optus attack and other data breaches.
The Queensland licenses that were disclosed, for instance, consisted just of license numbers when the data from the Optus breach was made public.
Therefore, it follows that under the previous method, anyone could have checked that number. However, as of this week, if someone check that second number, it implies that authentication will be validated and they will be aware that you are the legitimate holder of that license.
However, individuals expressed worries that it was not two-factor authentication because the digits were available on the same card when officials wrote about the modified criteria on social media.
Despite coming from the same ID source, there were two separate numbers.
But they countered, “That [card] number] changes every time a card is changed, so if there’s ever a disclosure of information in the future, it’s far faster for us to replace people’s licenses by changing the card rather than having to update the actual license number itself.”
“Over the last month, we’ve worked really hard to replace many driver’s licenses – well over 170,000 people have walked through our doors.
“In the future, we might not need to do that since the danger may be lower. Instead, we might just mail individuals new licenses and new card numbers, which would solve the problem.
It’s an excellent concept since you can acquire a new card and it will be void if data is ever compromised.
They will still have to go through the hassle of acquiring a replacement card, but they won’t have to worry about the data being compromised all the time.”
Banks and businesses still needed to make sure the data they held was secure.
If businesses were simply collecting data to confirm a customer’s identification, they would be required by the government to destroy license and card numbers, which would offer an additional degree of protection. A company simply needs to make sure they’re storing it for as long as they need it and then getting rid of it, If for any reason they need to hold it because they need to perform numerous verifications or anything like that, or send it on to third parties and stuff.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
