• United States



by Dave Gradijan

Malaysia’s Smartcard Rollout Holds a Lesson

May 02, 20063 mins
CSO and CISOData and Information Security

If the Australian government is to implement 11 million smartcards, then benefiting from lessons already learned overseas is critical in keeping project scope under tight reins.

More than a decade ago, the Malaysian government began rolling out its own smartcard project dubbed the Government Multi-Purpose Card.

Cards were issued to every citizen over the age of 12. Malaysia currently has a population of 23 million, and since the official rollout in September 2001, 19 million Malays have begun using the smartcard, dubbed MyKad, at a total project cost of US$71 million.

Datuk Azizan, director general of the Malaysian national registration department, said the government wanted one card solution for use in multiple government and private-sector applications, to improve service to citizens and ensure the security of information on the card.

But there were two hurdles hindering rollout: technology and fear of change.

“But people now seem to be very happy, especially with the toll and ATM features,” Azizan said.

People like the security provided by the chip technology; for the ATM feature, there are two keys for security checks—one is a bank key and one is a government key, so the card cannot be cloned like the old bank cards.

“The smartcard makes it easier to deal with any government department, and not only do the citizens get faster service, but government employees are more productive.”

The MyKad card is the size of a credit card embedded with an ATMEL 64KB electronically erasable programmable read-only memory chip with embedded PKI.

The card works as a national identification card and driver’s license, passport and e-purse that is accepted at government agencies, restaurants, clinics and petrol stations in designated areas, and can be used to store e-cash for toll-roads, car parking, bus fares and light rail.

Azizan said using chip and biometric technology ensures data on the card is kept accurate and secure.

“With a thumbprint image, photograph and surface information, we can verify the cardholder’s identity with a card-acceptance device rather than the naked eye. This helps prevent forgery and the misuse of cards,” Azizan said.

“Getting a passport from the immigration department is much easier, because the department can now positively verify the person’s identity using the fingerprint biometric feature in the card instead of relying on the time-consuming verification against databases of different agencies.”

Today, Unisys announced a two-year contract extension to manage the further rollout of the project worth US$5 million, which includes maintenance and support of hardware and software.

The backbone of the MyKad system is based on Unisys ES7000 and ES2045 servers.

Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage.

By Michael Crawford, Computerworld Australia