PUTRAJAYA: The MyDigital ID system will only be used to verify a user’s identity for logins to government platforms and transactions, and data will not collected.
With security as a major consideration, the system itself will not hold any data, the Malaysian Institute of Microelectronic Systems (Mimos) has clarified.
Mimos was appointed by Prime Minister Datuk Seri Anwar Ibrahim to develop the national digital identification system.
“The system only compares the information contained within a MyKad and a user’s fingerprints against existing data held by government agencies like the National Registration Department,” Dr Saat Shukri Embong, chief of techno-venture at Mimos, told a media briefing yesterday aimed at addressing security concerns surrounding the national digital identification system.“When a user registers with this information at a MyDigital ID kiosk, it will only be used for verification, with none of it stored by the system.
“The kiosk only generates the cryptographic identification, consisting of a person’s name, their MyKad number and certification, then transfers it over to the smartphone app via QR code.
“This allows it to serve as online identity verification. Mimos will hold none of this data,” he said.
According to Saat Shukri, data breaches are not a concern under the MyDigital ID system, as it doesn’t host a database.
He said the development of the system was not an overnight decision and had been in the works from as far back as 2016.
“The code used was created by Mimos as a homegrown, original solution for the Malaysian digital landscape without reliance on external vendors.
“We took lessons from the implementations overseas, took their benchmarks into account, and developed it all with local talent. This is why we opted for a more secure approach without storing any data ourselves.”
On possible theft of a device and subsequent compromise of the cryptographic ID, he said, the likelihood was minimal.
“Such an incident would require a user to give someone else their device password and MyDigital ID password as well. In such an event, a user can reach out to a call centre to un-enrol the specific device before enrolling a new one.
“Other measures are also in place, such as artificial intelligence (AI) detection of user behaviour, which would catch aspects such as login requests at strange times of the day,” he said.
The MyDigital ID system is intended to unify logins to government services, removing the need for multiple credentials split across various government portals and agency websites.
It is also capable of serving as eKYC (electronic know-your-customer) for private companies that opt to integrate the technology.
Currently, registration for the system is open to government administrators and workers.
Official registration will start once more widespread uses are available, with the next phase being for government beneficiaries such as recipients of eKasih from March 1. The public can enrol from July 1.
Saat Shukri said there were plans to allow online registration, albeit with a medium security level that did not allow for financial transactions.
The security level can be upgraded to a high level after in-person verification when booking a service at a location such as a government clinic.
There has been talk that the system could be used for the targeted petrol subsidies next year, but Sat Shukri said no concrete plans for that had been reached.