Upload
david-oladeji
View
227
Download
0
Embed Size (px)
Citation preview
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
1/27
1
Chapter 1: Smartcards
1.0 What are Smartcards?
A Smartcard is a plastic card with an integrated circuit that conforms to the International Standards
Organization (ISO) standards 7816, series 1-10, for contact smartcards, and ISO 14443 for contactless
cards.
A Smartcard is a type of embedded computer chip card, which could either be a memory type or a
microprocessorthat stores data. This data is usually associated with either value, information, or both
and is stored and processed within the card's chip. The card data is transacted via a reader that is part of
a computing system. Systems that are enhanced with Smartcards are in use today throughout the world.
Some key applications of Smartcards are in healthcare, banking, entertainment, and transportation. All
applications can benefit from the added features over its predecessors and security that Smartcards
provide. According to Eurosmart (the voice of the smart security industry), worldwide Smartcard
shipments will grow 10% in 2010 to 5.455 billion cards. Markets that have been traditionally served by
other machine readable card technologies, such as barcode and magnetic stripe, are converting to
Smartcards as the calculated return on investment is revisited by each card issuer year after year.
1.1 Categories of Smartcards
Smartcards are categorized according to the type of chip implanted within the card and its
capabilities. The categories are as follows:
1.1.1 Memory cards cannot manage files and have no processing power for data management. All
memory cards communicate to readers through synchronous protocols. In all memory cards
you read and write to a fixed address on the card. There are three primary types of memory
cards: Straight, Protected, and Stored Value. Before designing in these cards into a proposed
system the issuer should check to see if the readers and/or terminals support the
communication protocols of the chip. Most contactless cards are variants on the protected
memory/segmented memory card idiom.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
2/27
2
a. Straight Memory Cards: These cards just store data and have no data processing
capabilities. These cards were traditionally the lowest cost per bit for user memory. This
has now changed with the larger quantities of processors being built for the GSM
market. This has dramatically cut into the advantage of these types of devices. They
should be regarded as floppy disks of varying sizes without the lock mechanism. These
cards cannot identify themselves to the reader, so your host system has to know what
type of card is being inserted into a reader. These cards are easily duplicated and
cannot be tracked by on-card identifiers.
b. Protected / Segmented Memory Cards: These cards have built-in logic to control the
access to the memory of the card. Sometimes referred to as Intelligent Memory cards,
these devices can be set to write- protect some or the entire memory array. Some of
these cards can be configured to restrict access to both reading and writing. This is
usually done through a password or system key. Segmented memory cards can be
divided into logical sections for planned multi-functionality. These cards are not easily
duplicated but can possibly be impersonated by hackers. They typically can be tracked
by an on-card identifier.
c. Stored Value Memory Cards: These cards are designed for the specific purpose of
storing value or tokens. The cards are either disposable or rechargeable. Most cards of
this type incorporate permanent security measures at the point of manufacture. These
measures can include password keys and logic that are hard-coded into the chip by the
manufacturer. The memory arrays on these devices are set-up as decrements or
counters. There is little or no memory left for any other function. For simple applications
such as a telephone card, the chip has 60 or 12 memory cells, one for each telephone
unit. A memory cell is cleared each time a telephone unit is used. Once all the memory
units are used, the card becomes useless and is thrown away. This process can be
reversed in the case of rechargeable cards.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
3/27
3
1.1.2 CPU/MPU Microprocessor Multifunction Cards have on-card dynamic data
processing capabilities. Multifunction Smartcards allocate card memory into independent
sections or files assigned to a specific function or application. Within the card is a
microprocessor or microcontroller chip that manages this memory allocation and file
access. This type of chip is similar to those found inside all personal computers and
when implanted in a Smartcard, manages data in organized file structures, via a card
operating system (COS). Unlike other operating systems, this software controls access
to the on-card user memory. This capability permits different and multiple functions
and/or different applications to reside on the card, allowing businesses to issue and
maintain a diversity of products through the card. One example of this is a debit card
that also enables building access on a college campus. Multifunction cards benefit
issuers by enabling them to market their products and services via state-of-the-art
transaction and encryption technology. Specifically, the technology enables secure
identification of users and permits information updates without replacement of the
installed base of cards, simplifying program changes and reducing costs. For the card
user, multifunction means greater convenience and security, and ultimately,
consolidation of multiple cards down to a select few that serve many purposes.
1.2 Types of Smartcards
Smartcards types are defined according to how the card data is read and written. This could be
contact or contactless.
1.2.1 Contact Smartcards are required to be inserted into a Smartcard reader, making physical
contact with the reader. These are the most common type of Smartcard. Electrical contacts
located on the outside of the card connect to a card reader when the card is inserted. This
connector is bonded to the encapsulated chip in the card. Examples of Contact Cards are
ATM cards.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
4/27
4
Figure 1.1: Structure of a contact smartcard.
Figure 1.2: Segment of a smartcards contact Module
Source: www.smartcardbasics.com
1.2.2 Contactless Smartcards have an antenna embedded inside the card that enables
communication with the reader without physical contact. These are Smartcards that
employ a radio frequency (RFID) between card and reader without physical insertion of
the card. Instead, the card is passed along the exterior of the reader and read. Types
include proximity cards which are implemented as a read-only technology for building
access. These cards function with a very limited memory and communicate at 125 MHz.
Another type of limited card is the Gen 2 UHF Card that operates at 860 MHz to 960
MHz. True read and write contactless cards were first used in transportation
applications. They communicate at 13.56 MHz and conform to the ISO 14443 standard.
These cards are often protected memory types. They are also gaining popularity in retail
Module
contact Micro-Computer
Card Body
back
Card Body
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
5/27
5
stored value since they can speed up transactions without lowering transaction
processing revenues (i.e. Visa and MasterCard), unlike traditional Smartcards.
Variations of the ISO14443 specification include A, B, and C, which specify chips from
either specific or various manufacturers. A=NXP-(Philips) B=Everybody else and
C=Sony only chips. Contactless card drawbacks include the limits of cryptographic
functions and user memory, versus microprocessor cards and the limited distance
between card and reader required for operation.
Figure 1.3: Structure of a contactless smartcard.
Figure 1.4: Diagram illustrating relationship between categories and types of Smartcard
Source: www.smartcardbasics.com
Micro-Computer
Card Body
front
Antenna
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
6/27
6
1.3 Why Smartcards?
Smartcards improve the convenience and security of any transaction. They provide tamper-proof
storage of user and account identity. Smartcard systems have proven to be more reliable than other
machine-readable cards, like magnetic stripe and barcode. Smartcards also provide vital components
of system security for the exchange of data throughout virtually any type of network. They are a cost-
effective solution in these environments. Multifunction cards can also be used to manage network
system access and store value and other data. Worldwide, people are now using Smartcards for a
wide variety of daily tasks, which include:
1.3.1 SIM Cards and Telecommunication: The most prominent application of Smartcard
technology is in Subscriber Identity Modules (SIM), required for all phone systems under the
Global System for Mobile Communication (GSM) standard. Each phone utilizes the unique
identifier, stored in the SIM, to manage the rights and privileges of each subscriber on various
networks. This use case represents over half of all Smartcards consumed each year. The
Universal Subscriber Identification Modules (USIM) is also being used to bridge the identity
gap as phones transition between GSM, UTMS, and 3G network operators.
1.3.2 Loyalty and Stored Value:Another use of Smartcards is stored value, particularly loyalty
programs that track and provide incentives to repeat customers. Stored value is more
convenient and safer than cash. For multi-chain retailers that administer loyalty programs
across many different businesses and POS systems, Smartcards can centrally locate and
track all data. The applications are numerous, such as transportation, parking, laundry,
gaming, retail, and entertainment.
1.3.3 Securing Digital Content and Physical Assets: In addition to information security,
Smartcards can ensure greater security of services and even equipment by restricting access
to only authorized user(s). Information and entertainment is being delivered via satellite or
cable to the home DVR player or cable box or cable-enabled PC. Home delivery of service
is encrypted and decrypted via the Smartcard per subscriber access. Digital video broadcast
systems have already adopted Smartcards as electronic keys for protection. Smartcards can
also act as keys to machine settings for sensitive laboratory equipment and dispensers for
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
7/27
7
drugs, tools, library cards, health club equipment etc. In some environments, Smartcard
enabled- SD and microSD cards are protecting digital content as it is being delivered to the
mobile hand-sets/phones.
1.3.4 E-Commerce: Smartcards make it easy for consumers to securely store information and
cash for purchasing. The advantages they offer consumers are:
o The card can carry personal account, credit and buying preference information that can
be accessed with a mouse click instead of filling out forms.
o Cards can manage and control expenditures with automatic limits and reporting.
o Internet loyalty programs can be deployed across multiple vendors with disparate POS
systems and the card acts as a secure central depository for points or rewards.
o Micro Payments - paying nominal costs without transaction fees associated with credit
cards, or for amounts too small for cash, like reprint charges.
1.3.5 Bank Issued Smartcards: Around the globe, bank controlled co-ops (Visa, MasterCard,
Discover, and American Express, in Nigeria, Interswitch, CardBASE/ValuCard) have rolled
out millions of Smartcards under the EMV (Europay, MasterCard, VISA) standard. Often
referred to as chip and PINcards; these are the de facto types of cards for bank issuance in
most countries. Smartcards have been proven to secure transactions with regularity, so much
so that the EMV standard has become the norm. On the prompt of the Central Bank of
Nigeria, Banks and card issuers have also migrated to the EMV standard. Some of the
advantages for banks are:
o Smartcards increase trust through improved security. Two-Factor Authentication insures
protection of data and value across the internet. Threats such as the "Man in the middle"
and "Trojan Horses" that replay a user name and password are eliminated
o This is improving customer service. Customers can use secure Smartcards for fast, 24-
hour electronic funds transfers over the internet
o Costs are reduced: transactions that normally would require a bank employee's time and
paperwork can be managed electronically by the customer with a Smartcard
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
8/27
8
1.3.6 Healthcare Informatics: The explosion of health care data introduces new challenges in
maintaining the efficiency of patient care and privacy safeguards. Smartcards address both of
these challenges with secure, mobile storage and distribution of patient information, from
emergency data to benefits status. Many socialized countries have already adopted
Smartcards as credentials for their health networks and as a means of carrying an
immediately retrievable Electronic Health Record (EHR). Smartcard benefits in healthcare
include:
o Rapid, accurate identification of patients; improved treatment
o Reducing fraud through authentication of provider/patient visits and insurance eligibility
o A convenient way to carry data between systems or to sites without systems
o Reducing record maintenance costs
1.3.7 Embedded Medical Device Control: For years, embedded controllers have been in many
types of machines, governing the quality and precision of their function. In Healthcare,
embedded Smartcards ensure the best and safest delivery of care in devices such as dialysis
machines, blood analyzers and laser eye surgery equipment.
1.3.8 Enterprise and Network Security: Microsoft Windows, Sun Microsystems (a subsidiary of
Oracle Corporation) and all new versions of Linux have built-in software hooks to deploy
Smartcards as a replacement for user name and passwords. Business-to-business Intranets
and Virtual Private Networks (VPNs) are enhanced by the use of Smartcards. Users can be
authenticated and authorized to have access to specific information based on preset
privileges. Additional applications range from secure email to electronic commerce.
1.3.9 Physical Access:Businesses and universities of all types need simple identity cards for all
employees and students. Most of these individuals are also granted access to certain data,
equipment, and departments according to their status. Multifunction, microprocessor-based
Smartcards incorporate identity with access privileges and can also store value for use in
various locations, such as cafeterias and stores. Many hotels have also adopted ISO 7816
type card readers to secure staff-only rooms and facilities.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
9/27
9
1.4 Benefits of Smartcards
The first main advantage of Smartcards is their flexibility. There is no need, for example, to carry
several cards: one card can simultaneously be an ID, a credit card, a stored-value cash card, and a
repository of personal information such as telephone numbers or medical history. Such a card can be
easily replaced if lost, and, because a PIN number (or other form of security) must be used to access
information, is totally useless to people other than its legal bearer. At a few attempts to use it illegally,
the card would be deactivated by the card reader itself.
The second main advantage is security. Smartcards can be electronic key rings, giving the bearer
ability to access information and physical places without need for online connections. They are
encryption devices, so that the user can encrypt and decrypt information without relying on unknown,
and therefore potentially untrustworthy, appliances such as ATMs. Smartcards are very flexible in
providing authentication at different level of the bearer and the counterpart. Finally, with the
information about the user that Smartcards can provide to the other parties, they are useful devices
for customizing products and services. Other general benefits of Smartcards are:
y Intelligence: they can process and store information, and communicate with other
computing devices. The following are what make Smartcards Smart:
o Smartcards are capable of not just storing data but also have processing power.
o They have larger storage capacity when compared to magnetic swipe cards.
o The data stored can be protected against unauthorized access and tampering
o They are appropriate for secure and convenient data storage.
o Smartcards have the property of multi-functionality.
y Portability/Convenience: Owing to their small size, they can be easily carried along, and
can contain multiple applications on a single card, and can be updated without renewal.
y Increasing data storage capacity: As technology improves their memory can and will be
improved upon.
y Reliability: In other words, they are virtually unaffected by electrical and magnetic fields.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
10/27
10
Chapter 2: Privacy and Smartcards
2.0 What is Privacy?
The term privacy refers to individuals interests in preventing the inappropriate collection, use, and
release of personally identifiable information. Privacy interests include privacy of personal behavior,
privacy of personal communications, and privacy of personal data.
Privacy has been described in various ways ranging simply from the right to be left alone, to the
interest that individuals have in sustaining a personal space, free from interference by others.
Increasing requirements for identity confirmation and for transactions of almost any kind to require
personal identification have caused the definition of privacy to change. Modern privacy requires
constraints on the collection, use and release of personal information, as well as the imposition of
measures to protect such information. Its several dimensions can be summarized as:
y Privacy as a civil liberty: safeguarding the privacy of individuals, simply the right to be left
alone. Just like there is freedom of speech etc.
y Data protection: safeguarding the confidentiality of information about individuals, protection of
our personal data, also described as informational privacy or data protection. As individuals, we
do not want data about ourselves to automatically be made available to other individuals or
organizations. When another party holds our data, the individual must be able to exercise a
substantial degree of control over that data and its use.
y Security: safeguarding the infrastructure the systems and networks that hold and transport
electronic data and communications,
2.1 What Is Personally Identifiable Information? Personally identifiable information is one or more
pieces of information that when considered together or when considered in the context of how it is
presented or how it is gathered is sufficient to specify a unique individual. The pieces of information
can be personal characteristics, a unique set of numbers or characters assigned to a specific
individual, descriptions of events or points in time, and descriptions of locations or places.
2.2 What Are Civil Liberties? Civil liberties are fundamental individual rights or freedoms, such as
freedom of speech, press, assembly, or religion; the right to due process, to fair trial, and to privacy;
and other limitations on the power of the government to restrain or dictate the actions of individuals.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
11/27
11
Civil liberties offer protection to individuals from improper government action and arbitrary
governmental interference. Generally, the term civil rights involves positive (or affirmative)
government action, while the term civil liberties involves restrictions on government.
2.3 What Is a Privacy and Civil Liberties Policy? A privacy and civil liberties policy is a written,
published statement that articulates the policy position of an organization on how it handles the
personally identifiable information that it gathers and uses in the normal course of business. The
policy should include information relating to the processes of information collection, analysis,
maintenance, dissemination, access, and disposition. Privacy and civil liberties policies relate to the
role of government and how government agencies conduct themselves. Civil liberties offer protection
to individuals from improper government action and arbitrary governmental interference in the
conduct of their lives. The purpose of a privacy and civil liberties policy is to articulate publicly that the
agency will adhere to legal requirements and agency policy determinations that enable gathering and
sharing of information to occur in a manner that protects personal privacy and civil liberties interests.
A well-developed and implemented privacy and civil liberties policy uses justice entity resources
wisely and effectively; protects the agency, the individual, and the public; and contributes to public
trust and confidence that the justice system understands its role and promotes the rule of law.
2.4 Why is Privacy Important?
Think of your own privacy for a minute. Who knows what about you? If you begin with your wallet and
the cards you carry, you start to realize that a lot of companies, government and other organizations
know, and likely have stored somewhere, your personal information. Now, lets take that a step
further. Are you sure that you know every organization or company that has your personal
information in its possession? If a company that you gave information to has sold it to another
company, you might not know. In that case, you would find it very difficult to identify the new
companies who now have your personal information, to check the completeness and correctness of
that data, and to correct any errors or omissions.
Since your information belongs to you have a right to determine who has access to it, to authorize
what it is used for, and to be provided with a mechanism to review the data and bring about any
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
12/27
12
necessary corrections. Such information is a valuable commodity, which is regularly bought and sold,
usually without your knowledge.
2.5 Vulnerabilities of Smartcards in relation to Privacy Issues
Octopus Holdings card system (in Hong Kong) is the worlds first contactless card system.
95% of Hong Kong people make use of the card system. Octopus Holdings made 44 million
Hong Kong dollars ($5.7M USD) over 4.5 years. On July 15, 2010, despite Octopus' claims to
have never sold data, a former employee of the CIGNA insurance company claimed CIGNA
purchased records for 1.97 million users out of 2.4 million Octopus users (82% of users
data). On July 20, Octopus acknowledged the sales of customers' personal details to Cigna
and CPP, particularly by two of its subsidiaries: Octopus Connect and Octopus
Rewards. Roderick Woo Bun, Hong Kong's Privacy Commissioner for Personal Data, gave
radio interviews and called for transparent investigation, but his term expires at the end of
July 2010. Allan Chiang Yam-wang was announced as the incoming Privacy Commissioner.
This news was met with protests and international outrage, due to his prior history of privacy
invasions involving cameras used to spy on his employees at the Post Office, and disclosing
hundreds of job applicants' personal data to corporations. Outgoing Privacy Commissioner
Woo pledged to finish a preliminary report on the Octopus privacy abuse before his term
ends, and called for a new law making it a criminal offense for companies to sell personal
data.
As was earlier stated personal information is fast becoming valuable commodity especially when in
millions. Large companies with lax policies or practices may fall prey of the temptation to
trade/exchange such information without customers consent.
This is primarily due to the fact that Smartcards allow individuals to carry more information in their
wallets than they previously did. Like PCs, smartcards are capable of running multiple applications
that can store data from multiple sources and perform computations on that data, and like PCs, they
are capable of running multiple applications. In each of the applications of smartcards there is
personal information that should be protected, but that information is a part of the overall system, not
just linked to the card or the application. In the case of electronic payments, a person wants to know
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
13/27
13
who will have access to their information about their purchases. With transportation/ticketing, a
person wants to identify who will know where and when they have traveled. And yet, this is coupled
with the desire to have all the convenience and benefits offered by these cards.
With multi-application cards, there may be more than the card user and issuer involved. Third-party
suppliers or service providers may be used to manage card personalization, data management
including backup and restore functions, application loading, transaction processing and other
functions. In this event, they must be bound by the same privacy protection rules and procedures as
all other parties who have access to information related to the card. It is important to note that
information may reside not only on the card, but also on other devices such as servers or even tape.
All this becomes more complex when contactless technology is used. The person carrying the card
does not need to insert it into a reader, so may not always be aware of information being read. In
most cases, the distance needed between the card and the reader in order to read the card is very
small, so the consumer should be aware to protect his privacy, but it is important for card issuers, to
take additional steps to ensure privacy protection. It is important to note that in the case of identity
management; most reputable technology providers make available technologies such as mutual
authentication, as well as secure channel communication, to ensure that the transaction between the
reader and the contactless card is secure.
According to Dr. Stefan Brands in his whitepaper titled Private Credentials. The Smartcard systems
currently in use rarely do anything to prevent organizations from linking and tracing all
communications and transactions by the same cardholder. For security reasons, they operate by
transmitting in each transaction a unique card identifier that can be linked to central database entries
that hold all kinds of identifiable personal data. This enables organizations to compile extremely
precise personal records, containing detailed information about a person's financial situation, medical
history, lifestyle, habits, references, whereabouts, and so on. The records can be compiled, linked,
and updated in real time without human intervention. Since Smartcards shield their internal
operations from their holder, it is virtually impossible to verify that a card does not leak personal data,
its device identifier, its access control code, its communication and transaction history, data from
other applications running on the same device, and so on. It is important to understand that even if
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
14/27
14
nominative data is not stored or transmitted, the resulting profile linked to the identities on the card
can most likely be linked to the holder of the card. Certainly in legal investigations, the holder of the
card would be hard pressed to deny ownership of the data trail.
Many of the concerns expressed by consumers about privacy relate to the manner in which personal
information is collected, used and disclosed. When organizations collect information without the
knowledge or consent of the individual to whom the information relates, or use that information in
ways that are unknown to the individual, or disclose the information without the consent of the
individual, informational privacy is violated.
There is another compelling reason to protect our personal information. Identity theft is a serious
consumer fraud. The U.S. Federal Trade Commission says it accounts for 40 per cent of all consumer
fraud complaints. A September 2003 survey for the U.S. Federal Trade Commission (FTC) found that
within a one-year period nearly 10 million persons in the United States -- 4.6 per cent of the adult U.S.
population -- discovered that they were victims of some form of identity theft. PhoneBusters,
established in January of 1993, is Canadas national anti-fraud call centre jointly operated by the
Ontario Provincial Police and the Royal Canadian Mounted Police. PhoneBusters as the central
agency in Canada that collects information on telemarketing, advanced fee fraud letters (so called
Nigerian letters) and identity theft complaints. Their statistics show the extent to which complaints
have been registered. What is uncertain is the extent to which this problem will grow as more and
more personal information is stored electronically and becomes subject to attack. Identity theft or
fraud occurs when someone uses someone elses personal information without his or her knowledge
to commit fraud or theft. Thieves can use your drivers licence, birth certificate, Social Insurance
Number, and mothers maiden name along with other ID to convince people that they are you. It is
important to keep personal information out of the hands of criminals. There are several steps that
consumers can take to minimize becoming a victim of identity theft, but the problem is largely out of
their hands. Organizations have a growing need to protect personal information from external and
internal threats. Those who collect massive amounts of personal information and leave it largely
unencrypted, and in clear view of insiders and outsiders contribute to the problem. It is critically
important that organizations proactively protect the personal information of their customers and
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
15/27
15
constituents. Customers are becoming increasingly concerned about the loss and theft of data from
corporate databases. By providing well thought out and implemented privacy protection,
organizations may gain and retain more customers.
2.6 Tackling the Privacy Issues in relation to Smartcards
The concern for privacy as a result of smartcard usage is starting to affect business practices. When
companies fail to respond to consumer concerns they can lose revenue and jeopardize customer
relationships. Fortunately, companies are increasingly recognizing that responding to their clients
desire to control the use of their personal information makes good business sense that will provide a
competitive advantage in the marketplace. A set of privacy practices that combines the use of
personal information for business purposes taking into consideration an individuals right to privacy
protection. The practices that follow reflect these business practices, modified to fit the circumstances
relating to advanced card technologies. This set of principles is an abridged version adapted from
2.6.1 Privacy Protection Principles
The practices that follow reflect these business practices modified to fit the circumstances
relating to Smartcard. In regards to each of these principles, I would recommend that those
who own or design applications that use advanced card technologies, or those who market
them, to commit to the following.
Accountability
o There should exist a designated, accountable department or individual in the
organization for privacy issues.
o All staff should know about privacy policies and practices. They should be sufficiently
trained to enable them to reasonably and consistently recognize and respond to privacy
issues. They should also be accountable for adherence to those policies and practices.
o Conduct periodic reviews of your privacy policies and practices to ensure that they are in
line with your customers expectations, as well as international developments.
Recognition and Respect for Privacy
o Know that personal information always remains personal and customers should be
contacted before actions that may impact their privacy are taken.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
16/27
16
o Adopt privacy protection practices and apply them when handling all customer personal
information.
o Assess, prior to implementation, the impact on privacy of any proposed new policy,
service or product.
Openness
o Ensure there is openness about your policies and practices relating to your customers
personal information, and that the existence of any record-keeping systems containing
your customers personal information is not kept secret from them -- they should be
transparent.
o Develop and publicize a process for addressing and responding to any customer inquiry
or complaint regarding the handling of his or her personal information.
Purpose Specification
o Identify the purposes for which your customers personal information is to be collected,
used or routinely disclosed, before it is collected. The purposes must be clear and
understandable.
o Do not withdraw access to services or products if your customers subsequently refuse to
permit the use of their personal information for a purpose not identified at the time of
collection, including the exchange or sale of that information to a third party for
marketing purposes.
Collection Limitations
o Only collect personal information about your customers that is necessary and relevant
for the transaction(s) involved.
o Collect personal information about your customers directly from the individuals
concerned, whenever it is reasonably possible.
o Collect customers personal information with the knowledge and consent of the
customers, except in very limited circumstances, and inform the customers of these
circumstances at, or prior to, the time of collection.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
17/27
17
Notification
o Notify your customers, at or before the time of collection, of the:
o Purposes for which the personal information is to be used or/and disclosed; and
o Source(s) from which the personal information is to be collected, if not directly from the
customer.
o Notification must be clear and easy to understand. Short and/or layered notices should
be considered to facilitate customer understanding.
Use Only use personal information for the purposes identified to the customers at the time of
collection unless the customers explicitly consent to a new use, or law authorizes the
activity.
Right of Access
o Establish a right for customers to have access to their personal information, subject to
clear and limited exceptions (i.e., if such access would constitute an invasion of another
persons privacy).
o Provide customers with access to their personal information in a form understandable to
them, without undue delay or expense.
o If they are denied access, you should inform the customers of the reasons why and
provide them with a fair opportunity to challenge the denial.
o Where an incorrect inference has been made from the analysis of multiple sources of
information, the customers must have the right to correct the inference.
Right of Correction
o Establish a right for customers to challenge the accuracy of their personal information.
o Amend customers personal information if it is found to be inaccurate, incomplete,
irrelevant or inappropriate.
o Make note in customers files of any discrepancies regarding the accuracy or
completeness of their personal information.
o Take all reasonable measures to inform third parties who also use your customers
personal information, of corrections or changes that have been made.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
18/27
18
Accuracy Take all reasonable and appropriate measures to ensure that the personal information
you collect, use and disclose, meets the highest possible standard of accuracy, completeness
and timeliness.
Disclosure
o Obtain customers consent prior to disclosure of their personal information, except where
authorized by law or in exceptional circumstances. These limited, exceptional
circumstances should be identified and customer informed of them at, or prior to, the time
of collection.
o Obtain your customers consent prior to renting, selling, trading or otherwise disclosing
their personal information to a third party.
Retention and Disposal
o Retain personal information only for as long as it is relevant to the purposes for which it
was collected, or as required by law.
o Dispose of personal information in a consistent and secure manner, or remove all
references that would link the data to a specific identifiable person (thereby rendering it
anonymous), once it has served its purpose.
o For more information on retention and disposal, please refer to the IPC Fact Sheet #10
on the Secure Destruction of Personal Information . You might also refer to PHIPA order
HO-001regarding the inadvertent disclosure of health records in downtown Toronto as
part of a movie shoot, due in part, to improper procedures.
Security
o Adopt appropriate and comprehensive measures to ensure the security of your
customers personal information against loss or unauthorized access, use, alteration,
disclosure, or destruction.
o Where multiple sources of information are collected for different purposes, the security
measures taken must ensure that one person cannot link the different sources of
information together.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
19/27
19
o Where multiple sources of information are held on the same physical device, the
information must be separated so that an application controlling one set of information
cannot access the information controlled by another application.
Aggregation
o Where a company collects information about a customer for different purposes, that
information should remain separated unless the customer permits the information to be
aggregated.
o Information from different sources should not be collated and analyzed to infer additional
characteristics, behaviours, activities, or attributes of a customer without the prior
permission of the customer.
o Contractual Agreements
o Stipulate clearly right in your contract:
the privacy protection measures to be adopted by business partners or third
parties using your customers personal information; and
the purposes for which your customers personal information may be used and
disclosed by business partners or third parties.
Anonymity and Pseudonymity
o Reduce, to the greatest possible extent, the collection and retention of identifiable
transactions, i.e., those transactions in which the data in the record could be readily
linked to an identifiable individual. This can be achieved through the use of either:
o Anonymity - Ideally, there should be no personal identifiers involved in the transaction --
you have de-identified it.
o Pseudonymity - Where the functional or administrative needs of the application require
some link between transactional data and identity, it is often possible to use
pseudonymous techniques. These include such procedures as storage of partial
identifiers by two or more organizations, both of whom must provide their portions of the
transaction trail in order for the identity of the individual to be constructed; storing of an
indirect identifier with the transactional data which serves as a pointer to the personal
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
20/27
20
identifiers; and storing separately a cross-index between the indirect identifier and the
individuals true identity.
2.6.2 Data Protection PrinciplesConcern about informational privacy in Europe in the early
1970s gave rise to the need for data protection. Data protection focuses on peoples
personal information and the ability to maintain some degree of control over its use and
dissemination. What followed from the concern for data protection was the
development of a set of practices commonly referred to as fair information practices or
FIPS.
There have been several attempts to develop a complete and comprehensive set of
FIPs. One of the earliest was undertaken in 1980 by the Organisation for Economic Co-
operation and Development (OECD) in theirGuidelines Governing the Protection of
Privacy and Trans-border Flows of Personal Data. Efforts in the 1990s to protect
privacy included the European Unions Directive on the Protection of Personal Data
with Regard to the Processing of Personal Data and on the Free Movement of such
Data, adopted on July 25, 1995, and Qubecs The Act Respecting the Protection of
Personal Information in the PrivateSector, which sets out fair information practices for
businesses operating in Qubec. The Canadian Standards Associations Model Code
for the Protection of Personal Information was created in the mid 1990s and is
incorporated as the practices to be observed in Canadas Personal Information
Protection and Electronic Documents Act(PIPEDA). Global Privacy Standards adopted
by International Data Protection Commissioners Conference or the Generally Accepted
Privacy Principles (GAPP) that have been adopted by Canadian and U.S. accounting
bodies are standards that multinationals could also adopt. Data protection principles
accept Smartcard technology as being naturally invasive, and consequently try merely
to contain the privacy problem that the technology leaves us with. As an example, we
could consider how the UK Government framed its privacy concerns within its
Smartcard consultation document
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
21/27
21
It is important that data-protection issues be considered from the outset of the introduction
of any Smartcard scheme. ... The contractor shall implement procedures to ensure that
information held on the Smartcard, and on any associated data processing or storage
system, is accurate, current and the minimum necessary for the purpose. When no longer
required, information shall be purged from the card and associated systems.
The UK Government assumes that the "outset'' refers to merely the discussion on how personal data
is handled once gathered; the accumulation of personal data is considered to be the default.
Privacy authorities are skilled at investigating breaches of data protection, and at analyzing data-flows
and determining which instances of collection, use, and disclosure are justified and permissible in
law, and which are not. This expertise must be brought to bear in the development of standards and
technologies, because it is a rare to find a technologist who is totally familiar with the lexicon of
privacy protection.
Security and privacy should not be seen as two totally disparate issues. Adding privacy policies to
ensure data protection once data has been gathered does nothing to address growing security risks
from within and without an organization, from disgruntled employees, from hackers and industrial
espionage artists, from hostile actors in civil litigation cases such as divorce liability and copyright
infringement, and from ostensibly legitimate secondary users within the organizations themselves.
Both public and private sector data users are under increasing economic pressure to use data more,
to sell it to improve the bottom line, to analyse it intensively to minimize risk and ensure better returns
on investment, to establish long-term customer relationships. In this paper we argue that it is time for
privacy commissioners and other privacy advocates to take a more active stance. Methods exist to
design privacy into Smartcard/database infrastructures that meet the interests of all actors, including
industry, government, and privacy advocates. In fact, as we will argue, by considering privacy as a
design issue, everyone will have much less to worry about when it comes to security. We must insist
on no less.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
22/27
22
Chapter 3: Privacy, Smartcards and the Nigerian System
3.0 Introduction
The use of Smart cards in Nigeria is not as far established as the countries mentioned in previous
sections of this discourse. However, as a result of the large population and growth rate (about 3.2%
per year) of the country, Nigeria is one of the largest markets targeted by producers of smart-cards.
Since the introduction of Smartcards into the system, there has being a steady increase in the range
of applications in the populaces day-to-day transactions and activities. Although the application of
Smartcard cuts across most sectors of the Nigerian system, two applications stand out for the
purpose of this paper; highlighting the privacy concerns in the Nigerian System as regards
smartcards. The two applications are e-commerce and Telecommunications.
3.1 Major Applications of Smart cards in Nigeria thatbring privacy concerns
3.1.1 E-banking/E-commerce: Globally, Automatic Teller Machines (ATMs) have been adopted
and are still being adopted by banks. They offer considerable benefits to both banks and
their depositors. The machines can enable depositors to withdraw cash at more convenient
times and places than during banking hours at branches. In addition, by automating services
that were previously completed manually, ATMs reduce the costs of servicing some depositor
demands. These potential benefits are multiplied when banks share their ATMs, allowing
depositors of other banks to access their accounts through a banks ATM. Banks have
become the principal deployers of ATMs. A group of banks came together and formed the
ATM consortium, with earlymember banks such as: Afribank, Diamond, Finbank, First Bank,UBA, Union Bank, Unity Bank, Wema Bank. Recently, banks like Ecobank, GT Bank and
Oceanic Bank also joined this consortium. The consortium primarily is for offsite deployment
of ATMs (the QuickCash ATM network) and no doubt at the end of the day exchange of data
for interoperability. The number of ATM transactions through the Interswitch network had
increased from, 1,065,972 in 2004, to 14, 448, 615 between January 2005 to March 2006.
This is a rise of 92.6 percent with respect to the previous years. As at 2009, Nigerian banks
have issued over 25 million cards. These cards are being used to process payment
transactions on over 11,000 Point of Sale (PoS) terminals, 7,000 ATMs and 200 Web
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
23/27
23
locations, 50,000 mobile devices. This is to show the colossal amount of data gatherable
from ATM card users. A recent survey conducted by Intermarc Consulting Limited revealed
that ATM services provided by banks and non-financial institutions stood as the most popular
e-commerce platform in Nigeria.
3.1.2 The Role of National and International Regulatory Bodies
The Central Bank of Nigeria in its Standards and Guidelines on Automated Teller Machine
(ATM) states that All ATM deployers/acquirers shall comply with Payment Industry Security
Standards The PCIDSS is a worldwide information security standard defined by the Payment
Card Industry Security Standards Council. The standard was created to help payment card
industry organizations that process card payments prevent credit card fraud through
increased controls around data and its exposure to compromise. The standard applies to all
organizations that hold, process, or exchange cardholder information from any card branded
with the logo of one of the card brands. By the definition of the standard, all banks, switching
companies, ATM deployers/acquirers (mostly switching companies and banks respectively),
and other card processing companies in Nigeria should be compliant to this standard. In the
control objectives of the standard (v1.2: 01/10/2008) requirements for compliance include the
following:
a. Organizations concerned are expected to build an maintain a secure network by:
o Installing and maintaining a firewall configuration to protect cardholder data
o Not making use of vendor-supplied defaults for system passwords and other security
parameters.
b. Protect Cardholders data by
o Protect stored cardholder data
o Encrypt transmission of cardholder data across open, public networks
c. Maintain a Vulnerability Management Program
o Use and regularly update anti-virus software on all systems commonly affected by malware
o Develop and maintain secure systems and applications
d. Implement Strong Access Control Measures
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
24/27
24
o Restrict access to cardholder data by business need-to-know
o Assign a unique ID to each person with computer access
o Restrict physical access to cardholder data
e. Regularly Monitor and Test Networks
o Track and monitor all access to network resources and cardholder data
o Regularly test security systems and processes
f. Maintain an Information Security Policy
Another Standard by the PCI SSC, the Payment Application Data Security Standard (PA-
DSS), formerly referred to as the Payment Application Best Practices (PABP), was
implemented in an effort to provide the definitive data standard for software vendors that
develop payment applications. The standard aims to prevent developed payment applications
for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN.
In that process, the standard also dictates that software vendors develop payment
applications that are compliant with the Payment Card Industry Data Security Standards (PCI
DSS). The following are the PA-DSS requirements:
1. Do not retain full magnetic stripe, card validation, code or value, or PIN block data.
2. Protect stored cardholder data.
3. Provide secure authentication features.
4. Log payment application activity.
5. Develop secure payment applications.
6. Protect wireless transmissions.
7. Test payment applications to address vulnerabilities.
8. Facilitate secure network implementation.
9. Cardholder data must never be stored on a server connected to the internet.
10. Facilitate secure remote software updates.
11. Facilitate secure remote access to payment application.
12. Encrypt sensitive traffic over public networks.
13. Encrypt all non-console administrative access.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
25/27
25
14. Maintain instructional documentation and training programs for customers, resellers, and
integrators.
3.1.3 Attitude of the Payment card industry in Nigeria to privacy
In the standards cited above it is important to note that security of information is as a means
to guard cardholders data From the aforementioned principles, policies and standards, in this
chapter and the previous chapter, it can be said that standards are in place to caution all
stake-holders in the care of card-holders personal information.
Organizations such as Interswitch and Valucard are analogous to the Hong Kong Octopus
Holdings since they also possess large amounts of personal information of card users; Banks
also have large chunks of personal data which are potential sources of privacy abuse.
However, it is interesting to note that, the key players in the industry like Interswitch and
Valucard are PCI DSS compliant and strive continuously to keep abreast of national
standards and regulations (primarily put in place by the CBN) as well as international
standards in trying to be globally competitive. Also, interswitch, in 2009, announced its
partnership with Gemalto, the world leader in digital security, in deploying a complete Ezio
strong authentication solution to secure Interswitchs e-payment services in Nigeria.
Interswitch also launched its EMV migration program in partnership with Gemalto.
As far as the industry has gone, there has been no report of issues pertaining to privacy
intrusion by card issuers or organisations in the industry with such large data as Octopus
Holdings had.
However, this doesnt live out the fact that although these companies do not seem to be
interested in selling large chunks of users data, they might be have been able to withstand
the crooked nature of economy in their application of security to users data. They seem to
have failed in securing this data from external intrusion as it is said that 40 per cent of ATM
card users in Nigeria have in one way or the other been victim of ATM fraudsters. This
excludes cases in which liability shift is possible as stated in the CBN guideline concerning
ATMs i.e. carelessness or non compliance to security directives on the part of card users.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
26/27
26
3.2 Telecommunication
At the Inception of this industry in Nigeria, marked by the licensing of the first National carrier, MTN
(an operator of South African origin), the issue of privacy may not have been of concern in this sector.
However, the recent request for registration of Subscriber Identification Module (SIM) registration by
the Nation Communication Commission (NCC) brings up such concerns. The importance of the
registration is to curb crime and identify individuals with specific SIMs. Although the NCC assures that
only the commission and operators will have access to the subscribers database may raise a concern
on SIM card users privacy particularly pertaining to the approach by the wireless operators in
carrying out the exercise. In Nigeria, where there are approximately 75 million subscribers, MTN has
a chunk of 35.1 million subscribers (a little over 50 per cent of the whole lot). MTN was one of the first
companies to establish nation-wide walk-in shops and outlets for the implementation of the SIM
registration exercise. All other operators have also adopted the walk-in shop system. Although the
walk-in shops would speed up the process, this is contradictory to employee exposure to customer
information. The amount of personal information that will be gathered by MTN, if the process is
successful as is hoped, will be so large. It is interesting to know that not even the National Identity
management Commission currently has such details of the citizenry of Nigeria.
When SIM registration was required by the government in India, even before the government could
begin, the documents of the process were already being sold on the streets. In Nigeria, where fraud
(particularly identity theft as pertaining to our discourse) is no strange thing this is also very possible.
Based on the operators approach to the exercise, what are we putting ourselves in? I would say this
is tantamount to walking decisively into a position exposes SIM subscribers to privacy intrusion,
potential identity theft, potential privacy abuse accompanied with threats National Security. Threats to
National security in the sense that majority of operators with the largest market shares are not
indigenous.
8/8/2019 Term Paper: Privacy, Smartcards and the Nigerian System by David Oladeji
27/27
Chapter 4: Conclusion and Recommendations
The use of smartcards in the world is guarded by standards, policies which seek to caution
custodians of personal information in the use and dissemination of acquired customer database at the
same time imploring the use of appropriate technology in providing security for users data.
Regulatory bodies (like the Central Bank of Nigeria) have the responsibility of monitoring international
trends and enforcing it on the in-scope organisations (in the sector concerned) in this case banks,
merchants, card issuers, switching companies, ATM deployers/acquirers. However, compliance
seems not to be the issue here in Nigeria, as compliance is seen more as an edge over competition
(market strategy), for example the Valucard-Interswitch completion for supremacy concerning
compliance with the EMV standard. Rather, the problem that seems to be at hand is the protection of
user data from external Intrusion. Therefore, it is important that all stake-holders, card users,
merchants, card issuers, switching companies, and ATM deployers/acquirers take responsibility for
providing security against external intrusion or mount pressure on responsible individuals.