By Joseph Naujokas

Lynn McCullough, ICMA's association manager, sent me an email the other day and asked what I thought was the true definition of a "secure" card. Lynn is working on the web training program for new employees in card manufacturing, and there was some disagreement on the issue. My first reaction was to say cards like Visa, MasterCard, American Express, Discover, Europay and JBA are secure cards.

But when I started writing out my answer and thinking about it, I slowly began to change my mind. Words started pouring out in trying to define a secure card and I realized that my first reaction wasn't the whole answer.

Then I started thinking about the September 11 terrorist attacks on the U.S. in relation to phony drivers licenses and the difficulties that the USA ANSI NCITS B10 Standards Committee is having in getting a Drivers License/ID (DL/ID) standard published. The retailers say that the DL/IDs should have machine readable structures so that they can be machine read by existing equipment at the POS for age and ID verification. The government drivers license agencies said no, they are just issuing a document to prove the cardholder's right to drive and they don't have the budget to do anything else. Well, I believe they're both wrong.

We all knew that the DL/IDs in the U.S. were not all that secure. The September 11 investigation is revealing things like fake and altered DL/IDs; fooling, lying or bribing the state into getting illegal DL/IDs; even stealing equipment and materials from the state to make their own. We all knew this was going on, but nobody really cared — after all, the DL/ID is just being used to prove that the cardholder can drive and maybe a teenager can buy cigarettes and alcohol. Unfortunately we were kidding ourselves, as anyone who has traveled on commercial flights knows. The September 11 bombings certainly have shown us that.

The bankcard associations have been talking and experimenting for years about how to make their cards more secure. But what card has the best record as being a secure card with minimum losses? The Debit Card. And what makes that card so secure? I believe it is three things:

1. The card operates only in an online environment (cardholder account).
2. The card has a biometric ID,
(the PIN).
3. The Biometric ID and access data are machine readable (mag stripe).

You might say, "Is a PIN a biometric ID?" Yes, the PIN is (or should be) stored only in your brain cells. Granted, it is not a very secure biometric ID compared to fingerprint and the like, but it is a biometric ID nonetheless.

A truly secure card needs all three elements, even though two out three wouldn't be bad. Levels of security can be increased on a secure card by the technology and implementation selected for each element, but all three or at least two basic elements must be present.

Now that we clearly understand and admit to the importance of a secure Drivers License/ID, it's time the U.S. government and its citizens get serious about creating and implementing a truly secure one.

Please note that the opinions expressed here are the author's own and have no sanctions, positive or negative, from U.S. or international standards committees of which he is an officer and ICMA whom he represents on the committees.