Following an encouraging uptake of the digital licence in other states, Victorians will have access to this advanced technology in 2024. A cyber security expert says in addition to convenience, it’s also safer than the physical option.
Dr Arathi Arakala, RMIT Centre for Cyber Security, Research and Innovation
Topics: digital ID, identification, advanced technology, driver licence
“Victoria began its pilot roll-out of its digital driver’s licence in Ballarat in mid-2023 with more than 2,500 local licence holders participating.
“The take up demonstrates that Victorians are eager to adopt the new ID technology where their licence is digitally accessible via the Victorian Government’s dedicated phone apps.
“Victims of identity theft and fraud have reported stolen of lost driver licence cards as the most common identity document used by perpetrators.
“In addition to enhancing user convenience, a digital licence has several security features that protects a user’s privacy and security against fraud, starting with the requirement to log-in to the app with a pin or face ID to access it.
“The Victorian Government claims that the Service Victoria app and myVicRoads apps that will house the digital licences are going through rigorous penetration testing during the pilot phase. We hope common attack points will be studied and fixed before the full rollout this year.
“If the phone is lost or stolen a user can get the licence revoked and a new licence number can be applied for. These new credentials will reflect in real time on the Victorian Licensing Registry database.
“When a user presents their ID, data will be pulled from the Victorian Licensing Registry database that reflects information about licence revocation or suspension, address change and so on, updated in real time.
“Information can be validated by the verifying authority using a timed QR code on the digital driver’s licence. The 2-minute timer expiry ensures that data is valid and current, and prevents any old credentials being used for fraud.
“Screenshots of the digital licence are not acceptable for verification. This makes identity theft using the digital driver’s licence hard for a malicious entity.
“The licence has three levels of information access allowing users to show only as much information as needed – age only; identity that includes photograph, full name, address and signature; or the full licence displaying the front and back of the card.
“Some of the challenges of having everything on a mobile phone extends to the digital ID too. For example, low battery, severely damaged phone screens and poor network connection could hamper the use of the digital licence. In those situations, a user can always fall back on the physical licence.
“The digital driver’s licence is a great step toward a more secure and convenient licence system.”
Dr Arathi Arakala is a Lecturer in Mathematics and member of RMIT’s Centre for Cyber Security Research and Innovation. Her research program includes developing mathematical algorithms to protect biometric data and user privacy.
