Commenting on the controversy surrounding the potential IT security risks associated with the UK Government's Universal Credit Scheme to help the country's unemployed, Thales' Director of Cyber Security, Ross Parsell commented:
“Identity access management will prove a major challenge for UK government when Universal Credit comes into force in October 2013. Replacing Jobseeker’s Allowance, Income Support and a range of other benefits aimed at helping those with no or low income, the government intends that recipients of Universal Credit will manage all their claims online into a single, streamlined payment.
“Being able to verify, manage and protect the identity of claimants will be central to the success of the Universal Credit programme. Currently, it is possible to apply for a passport or renew a driving licence or tax disc online. However, all these examples are cases where citizens make payments to the government. We are yet to have a government system which pays money in the other direction to the public.
“The Public Services Network (PSN) will provide the back-end communications infrastructure to Universal Credits and is intended to address security concerns. The PSN is intended to provide a shared IT network for all public sector departments. One of the key advantages of this is that security is built into the design. Security parameters in the PSN are established in relation to the sensitivity of data. For example, bank account details of benefits claimants will be protected with high levels of security.
“Nevertheless, administering such payments online could present fraud risk. For example, an elderly person not savvy with computers might be vulnerable to a criminal knocking on the door to supposedly help him or her out with the Universal Credit process. With 1.56 million people claiming Jobseeker’s Allowance at a minimum of £56.25 a week, just that element of welfare presents a £4.56 billion fraud risk over the course of a year.
“How can the government ensure a security identification system? Piggybacking on a bank’s identification system could be a low cost solution for the government in using two-factor authentication with chip & pin. In return, a bank could receive opportunities for marketing to claimants.”