Ottawa believes it has solved the challenges of protecting confidential data on its websites: a tool from SecureKey in Toronto that allows Canadians to identify themselves using their bank data.
A solution the government has just provided for many of its other services and could soon include a possible vaccination passport.
The Canadian Revenue Agency (CRA) has been using SecureKey’s identification solution for several months. Upon accessing the CRA website, internet users are redirected to their online bank accounts to prove their identity to the government.
This type of authentication appears to be popular with users. Since the start of the pandemic in March 2020, this system has been used to identify itself in 70% of cases, at an average of 20 million connections per month, SecureKey confirms.
Therefore, the Canadian government decided, a month ago, to include this definition tool in all services provided by Canadian employment and social development. It’s called “Verified.Me,” and it’s fully integrated with the online identification service GCKey used by the federal government.
People who wish to obtain employment insurance or disability benefits or who wish to consult a Canadian pension plan can do so by introducing themselves to one of the major Canadian banks, excluding the National Bank.
Underestimating compromised data
But is it responsible for giving the major banks the keys to accessing millions of Canadians’ confidential data? It’s not like they’ve never experienced a data breach. Nobody forgot the leak of 1.8 million files in Desjardins in 2019 …
“There have been leaks and there will be more, but the banks are intersecting with various factors to authenticate their customers, including the location and the device used, thus making each piece of information less sensitive,” he said in an interview with Task Greg Wolfond, CEO and Founder of SecureKey.
“Our tool is safe and inexpensive to use. It takes advantage of the fact that banks are already spending tens of millions of dollars securing their own infrastructure, so the government doesn’t have to do that either.”
It is not just the federal government that is interested in SecureKey. Ontario uses it to protect online health records for Ontario residents.
In Quebec, the Quebec Government Identification Service clicSÉQUR is also integrating it. It is also used by Costco retailers, notaries, insurance companies, and other private companies.
Greg Wolfond quickly admits: his tool is inspired by a similar solution called BankID, which some European countries like Sweden are using. BankID is proof of identity and a legally binding electronic signature. There are other safe ways to identify yourself, but BankID is the most popular one.
In Sweden, it also secures a QR code given to people who have been vaccinated against COVID-19, such as the one that the Quebec Ministry of Health is currently sending via email.
If at any time this QR code was requested to become a vaccination passport, it would not be impossible for us to access it from our bank details.
“Subtly charming problem solver. Extreme tv enthusiast. Web scholar. Evil beer expert. Music nerd. Food junkie.”