Each and every UAE resident must know this - If you have lost your Emirates ID card within the country or while travelling abroad and fear that someone will misuse or steal your identity, then you are wrong.
Emirates Identity Authority (Eida) states no one can steal your data stored in the ID card chip without knowing the PIN – the four-digit number chosen by the card holder.
Here is Eida’s response to questions sent by Emirates 24|7 on the issue.
Can a UAE resident become a victim of identity theft if he/she has lost Emirates ID?
The identity card does not include bank statements or accounts of its holders, but carries personal data printed on the card face and those stored on its electronic chip (e-chip).
The e-chip includes the written data such as name, address, date of birth, nationality and other vital data such as fingerprints and picture profile.
The loss of the ID card does not mean that the person is in a great risk, regarding safety of their data or the possibility of a theft. But, there could be traditional forms of fraud such as using the ID card illegally as a tariff card.
The data on the chip is protected by the password of the card, which consists of four numbers, which has to be selected by the card holder when completing the registration process (taking the fingerprint and photography) in the centers.
The person should save those four numbers (PIN) and keep it so to use the card electronically. One can reformat it either through self-service kiosks (service station) in main service centers and at a number of government agencies such as Dubai Municipality, or at Eida centres.
The PIN provides protection and secrecy to the card as it relates to electronic identity and without the configuring the PIN no person can sign electronic transactions.
So the smart card issued by the Eida contains personal data and fingerprint and picture, plus two digits in the card's smart chip and some other important information, such as serial number and expiration date of the certificate and its source.
Also the ID has two certificates (public and private). The private key represents the customer's electronic signature that sets it apart from the others, while the public key is linked to the validity of these certificates with a date of validity of the card itself. And, to activate the usages of the applications of the two certificates, PIN is required.
The importance of the first digital certificate lies in raising the level of security and privacy for online customers especially in the area of electronic commerce. As well, as identify the sender and the receiver electronically to ensure the credibility of the people.
While other digital certificate is encrypting the communication channel and confining the user identification when using the card for access to sites that offer electronic services via the Internet.
Whenever it is intended for the security of the sender and the receiver, the data is encrypted so no one can forge, or falsify the data, or impersonate the cardholder.
How safe is all the information in the chip?
The electronic chip can store information of up to 144 thousand characters (144 KB), containing personal data vital to be read automatically in applications that require identification and confirmation.
But the private data is encrypted and only the relevant authorities can read it so as to protect its confidentiality and privacy.
The ID also includes the latest smart card technologies including ultraviolet ink and accurate characters and line art, and has nine security features that make counterfeiting very difficult. Even the characteristics of the card are superior to the standards currently being used in many credit cards.
The ID security features also include data validation using negative verification feature (passive authentication), which enables to validate the contents of the chip and the encrypted data.
To confirm the authenticity and integrity of the data using the digital signature, positive verification mechanism (active authentication) prevents accurate reproduction of the contents of the chip or replaces the original chip with a replica.
Is it possible for someone to steal all the information from the ID chip?
No one can steal data stored in the chip without knowing the PIN.
The UAE is one of the leading countries in the world in privacy protection and population data. The digital certification portal project that is developed by the authority within its modern digital identity project is a model for the world and allows the UAE to maintain the privacy of personal data protection of its population identity.
Have you seen any such thing happening to date?
Emirates Identity Authority has not received any feedback on possible attempt of theft of data from the e- chip on the ID card. All the legal issues dealt by us regarding ID card fraud attempts were limited to changing of data printed on it, or by using an ID card belonging to others for a particular service, or to defraud people, or contacts.