SA brain builds secure online ID

2012-07-12 11:20

Cape Town - A South African entrepreneur has developed a secure platform that should reduce criminals' ability to commit identity theft.

"We've implemented great security measures on our system and what I find quite funny is that everyone is questioning the security which I understand, but we give this information on a daily basis to guys behind counters all over the show," Marnus Broodryk the brain behind Virtual iD told News24.

The programme aims to eliminate paperwork in filling in forms and give users control of the information and who is allowed to access it.

"We're creating this platform where you're going to give it [personal information] in a very secure platform and we're going to manage it and you're going to be in full control of all your information because you're going to authorise everything with your cellphone," said Broodryk.

The process begins when users go online and register for the free service. When applying to service provider (buying aeroplane tickets, opening clothing accounts) the system means that you won't have to fill in application forms.


Instead, users will give an eight digit virtual iD number to the service provider and immediately get an SMS for confirmation. Once a confirmation is sent, the provider can access the information.

Broodryk rejected suggestions that the system would imply that service providers would recoup their cost by levying additional charges on consumers.

"We can already prove to the service providers that they are going to save so much money by being on our system. They would eliminate all paper work, so if they've got any application forms, they would save on that.

"And then all the human resources that they are using capturing information and not only capturing but we are human so we make errors so we need to correct those errors as well. So all the time and energy they're currently spending on that would be saved by our system," he said.

The programme launched on 5 July to consumers, in the company is in negotiations with service providers to switch to the system.

"We are currently talking to a couple of partners and service providers to get on board; we're just encouraging the users to go and subscribe and that's also making our sale a lot stronger when we talk to the service providers," Broodryk said.

The company is on a drive to target users of the service and registration is relatively simple.


On the website, you are presented with an interface that requests personal information, including the details of a spouse as well as medical conditions. The platform also allows a user created password to update information.

In order to incentivise users to signup, the company is running a competition to win a Sony Bravia LCD TV.

"Our problem is like the chicken or the egg: We go to the service providers; they say there's no-one on the system; we go to users, they say there're no service providers," said Broodryk.

The system limits identity theft because every request for information has to be confirmed by an individual user and the company operates without sending e-mail.

"When we launched this application we eliminated e-mail completely and we said: 'What's your most personal device?' And that's your mobile phone and we going to work on mobile only. So when you authorise details, you're going to authorise it on your mobile phone," Broodryk said.

The system should limit opportunities for hackers to send phishing e-mails for information and users should have more control over any company that wants to use personal information.

Companies may still be able to use information that users have consented to among their various subsidiaries, but the user could arguably still trace the firm first authorised to use their personal information.

"For the first time the user will really be in charge and in control of his own information," said Broodryk.

- Follow Duncan on Twitter

Here is a YouTube video on the Virtual iD:

  • gennath - 2012-07-12 11:32

    I've signed up on - this will make life so much easier!

  • lydonmcg - 2012-07-12 12:10

    Signed up. Really hope service providers come on board as this could make that aspect of life a whole lot simpler!

      marnusbroodryk - 2012-07-12 13:17

      Thanks Lydon!

  • efgous - 2012-07-12 12:40

    What would happen in the case your phone gets stolen for the specific reason of identity theft? Verifying by sms only is risky.... hopefully there is a personal verification code attached to this so the sms verifies the one sending it... just a thought

      marnusbroodryk - 2012-07-12 13:28

      Hi Eduard! Thanks for the comment! When your phone gets stolen, one can easily cancel your SIM and there is also a delay in SIM swaps now (making it more difficult to get control over your number). If someone does steal your phone and authorise a service provider access to your information, you can easily remove the link by logging in to your profile and we will be able to track and trace the incident to service provider, user within organisation, etc. This is much more than what we can say about the hundreds of service providers and websites where we submit personal details to on a daily basis. Cheers to an easier way of doing business! =) Regards, Marnus

  • John - 2012-07-12 12:43

    system needs to be proven to be stable first before i can sign up....

  • eyesears.handsfeet - 2012-07-12 12:51

    No Thank You! Not long before someone wants something and hold you hostage for your info at gun point where they will have access in any case. Then you'll have to buy them things from certain service providers but plan their escape on a flight with your detail. Hell no! Sounds more like a mission of SA Stats, SARS, Dept of Health and ITC to get all your info for free and also not long before the hackers have access to your info. No! No! No!. I'd say the less in this case seem to be the better. Also no temptation to spent money I don't have. Where is the master data going to be kept and who will have privvy to that? It's a question of you can complete bits and pieces of your profile and not long before you (the creators) actually have the full profile almost for "cia", etc kind organisations to access, to sell and to make money. Thanks but no thanks

      arthur.hugh - 2012-07-12 13:20

      Agree, I'm not giving all my personal details to some guy on a get rich quick scheme.

      lydonmcg - 2012-07-12 13:55

      How's that tin foil hate treating you?

      stefan.ulland - 2012-07-12 14:39

      where is your information stored now: Banks, Mobile Companies, FaceBook etc Walk into a building and register yourself at the door: Name, Number, License Plate, Company When last did you enter a competition: Provide email, Mobile and Name... How much spam do you get? How many unsolicited SMS's do you get? Someone misappropriated your information in that case too and you have no control over it. In this case you have a way of tracking what information is sent and you provide it in a secure format rather than walking around with copies of your life and the clerk at the service provider leaves your information on their desk for everyone to see when they leave for the day.

      Michael Ross - 2013-04-16 12:50

      The primary reason for individual companies doing credit checks, etc. is to ensure that the necessary valid documentation is provided and processed at the time of application, eg. bank statement, proof of residence, proof of employment, etc. whereas if it was controlled and managed by a single institution, it would be easier to commit fraud within that institution by forging a higher salary, etc. and using that as leverage to open more accounts with higher profile limits, thus exposing the retailers to greater risks (that they will never be reimbursed if the individual decides not to pay back any debts). The other point of conflict is that the account is managed by the individual, which could result in incorrect / inconclusive information being submitted, where a retail institution would ensure that the checks are done themselves. Its all well and good to set up a falsified profile as a Coca-Cola employee earning R500,000 a year and set up accounts with huge credit limits everywhere, go on a spending spree, sell all the Gucchi, furniture, etc. and make off with the money, but that's just one of the risks involved in centralizing credit profile information whilst giving administrative rights to that profile to the individual whose name it is held in. I'm not saying this is the case, but it is possible. If it cannot be verified, it cannot be safe. (If you could link your bank account profile directly to the iD in a "Read Only" mode, that could verify income / contact details)

  • chris.balak - 2012-07-12 14:43

    It's about bloody time. I had this idea years ago that we should at least have a card which contains all the usual info on it. Since every place you go and open and account or do something you always need the same info time and time again. If they could just swipe the card and all the info would pre-populate then the world would be a better place. Let's hope this venture pulls off...I have my doubts as to get everyone to use it will be tricky..and that's why I never pursued the ID card idea either. I take my hat of to them if they manage!

  • ruanseprofile - 2012-07-12 16:31

    Marnus, dude! Go global with this - go big! Well done on the initiative!

  • Kurt - 2012-07-12 19:21

    Marius, I checked your terms and conditions and it does not comply to ECT or CPA law. Suggest you sort that out before you get into deep trouble.

      marnusbroodryk - 2012-07-14 10:06

      Hi Kurt, We take consumers' rights and complying with the law very seriously. We have done everything to ensure that our terms comply with both the ECT Act and the CPA. Our terms have been drafted by Michalsons Attorneys, who we regard as one of the leading law firms in the tech space. You are welcome to contact us and tell us why you think our terms do not comply with the law. Regards, Marnus

  • omo.naija.750 - 2012-07-12 21:26

    @marnusbroodryk - Is this service for South Africans only? I am a Nigerian professional and i am interested in this service.I am also sure that a lot of people in the foreign African community will be interested in this service too.

      AsGodIsMyWitness - 2013-04-16 11:11

      Are you asking how it will affect Nigerian 419 scams?

  • tclarkez - 2012-07-18 09:36

    Sounds like a good concept, particulary in light of the Protection of Personal Information Act that is about to come into effect. It may be a nice way for customers to provide their details to companies (e.g. opening of accounts) and resulting in a win-win situation with companies not having to deal with manual forms containing personal information retaining, filing securely and destruction of information as required by the Act). It would be great that if a person updates information on this system, the updates are sent to all the companies that contain the information so that records are kept up to date (e.g. contact details), which right now is a pain because one has to contact several places when your contact details change. Great opportunities, good timing!!

  • hallo.daar.56 - 2012-07-19 17:55

    Get better hosting

  • guy.venter.37 - 2012-09-11 17:10

    Cool stuff. Not the first in the world, but a great start for SA. UPS, Australia Postal Service and Kiwi Bank provide commercial Extended Identity Services with the added security of biometrics and secure mobility.

  • AsGodIsMyWitness - 2013-04-16 11:09

    Legislation states that in many cases, companies need to do FICA checks with rigid guidelines on how this is done, what paperwork needs to be seen in person, copies stored and so on. I wonder how this would be done with part of the process "outsourced" ?

  • Charl Naude - 2013-04-16 11:31

    What service providers are currently signed up?

  • Kevan Foxcroft - 2013-04-16 11:52

    Just another company wanting access to your information, ever heard of the term data mining ? Signed up for gmail lately ? See the stuff you have to add? Then notice how you get mails that are directly related to your interests ? Your info is NOT safe. Your interests are sold to marketing agencies to make money via advertising through emails.. Lemmings....

  • pages:
  • 1