Taiwan Legislator Raises Concerns Over Digital ID Security And Government Response

Legislator Ko Ju-chun of the Chinese Nationalist Party (KMT) voiced concerns over the government’s handling of cybersecurity threats related to its Taiwan digital ID system, calling for greater accountability, according to a report by Taipei Times.

Speaking at a press conference on 11 June 2025, Ko criticised the government’s response to the misuse of the Natural Person Certificate system, a key component of its e-governance strategy. The Taiwan digital ID program has issued approximately 8 million certificates, with around 4 million in use, Ko shared.

Citing data from the Financial Supervisory Commission (FSC), Ko noted that “watched” bank accounts, those flagged for suspicious activity, had been opened four times more using Natural Person Certificates compared to other identification forms.

He added that scammers might be deceiving individuals into disclosing personal information, which enabled them to obtain the certificates fraudulently and subsequently open bank accounts.

At least 17 financial institutions, comprising private and state-owned banks, have reportedly suspended acceptance of the certificate for identity verification, Ko said.

He expressed concern over the government’s responses. These included suggesting that users switch off digital messaging services, applying fund transfer limits, and requesting that banks suspend transactions on accounts that have been inactive for 6 months.

In light of the Electronic Signature Act passed last year, Ko called for the adoption of stronger authentication protocols, such as the Fast Identity Online standards, biometrics, multi-factor authentication, or limiting operations to bound mobile devices.

Highlighting broader concerns around digital governance, Ko referenced a recent Google Security Blog post on 30 May 2025, which apparently indicated Chrome’s loss of confidence in Chunghwa Telecom’s role as a certification authority.

The move could result in browser security warnings when users attempt to access official government websites.

He also cited a recent cybersecurity breach involving Kiwi86, a local insurance system provider, which resulted in the alleged theft of 20GB of data and its subsequent holding for ransom by the hacker group Dire Wolf.

Featured image: Edited by Fintech News Hong Kong, based on images by Frolopiaton Palm via Freepik, and lifeforstock via Freepik