Format Preserving Encryption — Why Do We Still Store Citizen IDs on Databases?

Living in a world of 20th Century identifiers

What a 20th Century world we live in, where we still store sensitive identifiers for citizens, and which map to their health record, their social care number, and credit card. The systems we have created think that the IDs are a great secret, but many now can be guessed (or discovered). At the core of any breach is the resolution of the person to the identity, and too often we reveal these identities on our databases.

We need to preserve IDs

After the BT hack, over the weekend, I’ve seen growing interest from finance sector leads asking about Format Preserving Encryption (FPE) as a way to protect credit card details. The industry does seem to be worried, but every organisation which stored citizen identifiers need to be worried too.

With FPE we aim to encrypt a value, and then end up with a result which actually still looks valid. So let’s say that your credit card is “4012888888881881” (and where Visa cards start with a “4”). Now if an intruder gets this, they may be able to hack your bank account.

But let’s say we use a secret key to encrypt the value, and then come up with a value which is valid for a Visa card. This…