NO2ID

Card Validation Service

You may be aware that IPS already offers approved organisations the ability to validate British passports via our Passport Validation Service as part of our commitment to fight fraud and support UK business. From later this year approved organisations will also be able to validate identity cards against the National Identity Register maintained by IPS.

Introducing the Card Validation Service
The Card Validation Service allows approved organisations to check the validity of an identity card and helps prove the identity of the card holder. With the consent of the card holder, approved organisations will be able to contact IPS to check the card is genuine and to confirm the details against those held on our records. This service provides assurance of the validity of the document presented and helps prevent the use of lost, stolen or counterfeit identity cards.

Key benefits of the service:
* A simple call centre service providing excellent customer service
* Provides high level of assurance as checks are made against the issuing authority's records
* Real time verification - for the majority of checks, a straightforward response in minutes
* Dedicated fraud support services
* Easy to understand training material and no system development required

Find out more
If you would like to discuss CVS or future potential verification services, please contact the Market Development Team on 020 3356 8117 or email the team at IDservices@ips.gsi.gov.uk.

With the consent of the card holder, approved organisations will be able to contact IPS to check the card is genuine and to confirm the details against those held on our records.

When Chelsea used PVS, David, did PVS talk to you at all?

As part of our commitment to supporting UK business, we operate the Passport Verification Service (PVS) to support public and private sector organisations in preventing fraud.

IPS operates a 'green, amber, red' system to establish the validity of a passport through PVS.

Our clients make enquiries to our central team either via a call centre or secure systems. If a passport is validated, we can confirm that the passport exists, matches our records, has not been reported lost/stolen and that we have no concerns over its issue.

If a passport is not validated, it may be because the passport is either expired or cancelled (e.g. due to a change of name). A 'not validated - retain if possible' response means that the document is fraudulent. In the event of an attempted fraud, our staff will direct customers to a member of the IPS Fraud Team who can further assist.

Government agencies use access our PVS via a highly secure, read-only system. This system uses the Government Secure Intranet (GSI) (and selected secure government networks) to access passport data, which is made available through a web browser. All access given to government departments is in accordance with the Data Protection Act 1998.

Some details on the Passport Validation Service (PVS) referred to above, as opposed to the Card Validation Service, are available on the IPS website.

PVS has already been discussed a little on this forum. May I add this:

The other day, I opened an account with the Chelsea Building Society.

I know that.

The Chelsea Building Society know that.

And thanks to PVS, so do the Identity & Passport Service.

(do DVLA offer a similar service?)

Any commentator in the broadcast media or the press tempted to misinterpret Gordon Brown's speech at the Labour party conference last week, to the effect that Labour has now abandoned ID cards, may care to ask himself or herself why, in the same week, the card validation service was trailed and IDSmart was launched.

The passport validation service is one that should be avoided if possible. In fact, it might be said to be "good practice" (apologies for use of that ridiculous term) to do so. Just imagine, you go into the bank to get some foreign currency, hand over your passport, they "validate" it, and there's an error - so they retain it! Bang goes your holiday!

Like I said above, use some other form of identification - never your passport - if this is the way institutions arr now carrying on. Anyway, if the modern passport can't be forged, why do they need to be validated?

Woah, just a minute guys. Validation against central records is exactly what banks do with credit and debit cards; and yes, it does add security. Nothing wrong with validation as such.

Can anyone confirm if the IPS retain data relating to each approved organisation enquiry?

Re: Passport Validation Service (PVS), http://www.ips.gov.uk/cps/rde/xchg/ips_ ... sl/563.htm

Suppose that someone opens an account with a building society which uses PVS. Suppose that that person's passport number is sent to PVS and the passport is validated.

Does the Identity & Passport Service retain the name of the building society and the passport number, together with the date and time of the application to PVS and the response from PVS?

If so, for how long is this data retained? Is this linked to the National Identity Register and/or is it proposed that it should be linked to the National Identity Register? And who has access to the data?

If not, what data is retained and for how long?

Isn't there an important difference though. I would expect my bank to know about my credit card transactions - and that's all they should know about. I would not expect the IPS to know about my opening a new bank account; obtaining a mortgage etc. For any validation service to have value to both parties there must be an audit trail to address disputes and provide additional security.

Reference: FOICR 12976/09

Date: 17 November 2009

Dear Mr Moss

FREEDOM OF INFORMATION REQUEST

Thank you for your email of 5 October in which you asked for information about the Passport Verification Service (PVS).

I am pleased to be able to disclose the information that you requested to you.

... <text of request> ...

The Identity and Passport Service (IPS) response is:-

1. IPS retains details of passport checks carried out by legal and financial services firms through the Passport Validation Service (PVS) call centre. This includes the organisation name, the passport number, the date and time of the passport check and the outcome.

2. The current process is for the data to be retained by IPS 36 months from the date of enquiry; after which it is destroyed.

3. Access to this data is restricted to IPS staff that has responsibilities for the delivery of PVS.

4. Data may be held for longer periods and shared more widely, if required, for the purposes of the investigation and detection of crime and/or passport fraud, and the protection of national security.

5. Data held for passport purposes is not currently linked to the National Identity Register (NIR). However, at some point in the future, it is intended that passports will be designated under the Identity Cards Act 2006. Where an individual applies for a designated document, the Identity Card Act requires that individual to also make an application to be entered on to the NIR.

...

Is the approved organisation going to be required to hand the phone to me, so that I can confirm my mother's maiden name (or some other "shared secret")? If not, then how will they verify consent? The call could be a fishing expedition to find out if a stolen card still works.

When Chelsea used PVS, David, did PVS talk to you at all?

Answer for Kibby.

Received by email, 18 November 2009 18:49 (about 12 days late):