From time to time, I share a post in Facebook that exposes my NRIC. Several people sending private message to warn me about this exposure. I asked them - what is the risk that someone knows my NRIC?
Mostly, they are not able to give me a credible reason. They just think that it is risky to let other people know the NRIC.
To me, the NRIC is a public data, just like my name.
Some people said that the NRIC could be used by a borrower to borrow money from the loan shark.
I do not think that the loan sharks are stupid. They will not lend a few thousand dollars based on a false NRIC. The loan shark may insist on viewing the physical NRIC and will verify that it belongs to the borrower. Maybe a few loan sharks are stupid. But most of them are not.
Throughout the first 60 years of my life, the NRIC is a public data. It is used widely to identify a person.
This practice changed when one person, who happens to hold a senior position in a government agency, decides that it should be a private data. This person also happens to be related to a prominent government leader. I shall call him L.
L was responsible for the SingPass database, which used the NRIC as the ID and password for access. When a fraudster (say F) uses the NRIC of another person to access the SingPass database and gives the wrong password three times, L locks the account "for security reason". This caused inconvenience to the NRIC owner , who has to take a lot of trouble to unlock the SingPass account.
This probably happened to many people, causing a lot of problem to countless NRIC holders and the agency that manages the SingPass database.
To overcome this problem, L then decided that the NRIC should be a private data and not used publicly.
I consider L to be an idiot. He does not need to lock the account. It would take F a few million tries to guess the correct password. Does F has so much time to waste? Even if F manages to have access, he cannot really do much harm.
L should learn how the big social media platforms, like Google and Facebook, manages this issue. They use the email address as the ID to log into the account and alert the account owner if there is a wrong password is used. They do not lock the account.
I use Google and Facebook frequently and do not have any problem with unauthorized access by other parties.
Now, I return to the use of NRIC.
I cannot see any harm that my NRIC is known to the wider public. I do not see how anybody can use the NRIC to access my private information, either from SingPass or other databases that use it as an ID.
It is a common practice for all accounts have to be accessed with an ID and protected by a password and sometimes by a 2FA PIN.
Many accounts use the email address or phone number as the ID, and these are widely know. Actually, the email address or phone number is more risky than the NRIC as marketers can send marketing emails and SMS to the owner. They cannot do anything with the NRIC.
It is clear to me that the NRIC can be used publicly. I am puzzled why so many people worry about the NRIC being known widely. Even if one idiot called L says that it is risky, the people should think and access if it is really the case.
Tan Kin Lian
http://tklcloud.com/Feedback/feedback2.aspx?id=5695
No comments:
Post a Comment