Card, mobile credential, payment and security
Don’t let the campus card be the weakest link
The identity chain can be a fragile thing when you consider the number of possible weak links. These weak links can be the result of insecure, “breeder” documents – documents like birth certificates and Social Security cards that can be used to obtain other higher value identity documents like passports and driver licenses. Fraudsters often use these easier-to-acquire breeder documents to then apply for more secure IDs.
In the current issue, we consider the limits of the student ID card, what cardholder information it should feature and how far beyond the confines of campus it should be accepted. While the student ID is, for the most part, well garrisoned within the walls of campus, there remain certain uses of the student credential – voter ID, for example – that may attach unintended value and thus risk to the student ID.
The worst-case scenario is that a fraudulently obtained student ID is used as a breeder document to obtain more secure IDs. And should that fraudster use those newly acquired credentials for identity theft or criminal acts, the paper trail could lead back to the university.
A quick scan of the Social Security Administration’s web site shows that in order to obtain an original or replacement Social Security card, an applicant must first produce a U.S. driver license, state-issued ID card or U.S. Passport. But if for whatever reason these documents are not available, other documents including the student ID card will be considered.
While the student ID card can’t be used on its own, it’s an acceptable link in the chain nonetheless.
Using a university ID to orchestrate identity theft or other fraudulent activities is, of course, an extreme case. But universities should be mindful of the power that the credential can have when used for purposes beyond higher education or when cardholder information like birthdates or other sensitive data are included.
There’s a reason Social Security numbers don’t appear on the fronts of student IDs anymore, but as identity theft and fraud becomes more advanced, it may be worth it to pay additional attention to the student ID once more. If not for the sake of the cardholders, then it should be done to avoid the liability that a university could incur if its credential was used illegally.
The cards are great tools for accessing student-facing services both on and around campus, but their use may not be worth the risk when it comes to larger utilities at the state or federal level.
Even if the student credential were deemed a good fit for use beyond higher education, it would likely raise new questions when it comes to issuance. If the student ID is to maintain a place on the identity chain, then it would likely fall to the university to ensure that its link remains as strong as the others.
The simpler and perhaps safer option is to keep the student ID within the walls of campus, leaving those use cases that reach beyond the institution’s borders to other identity documents.
