NASCIO Recognition Award Nomination. Title: Central Issuance of State Drivers Licenses. Category: Digital Government Government to Citizen

Transcription

1 NASCIO Recognition Award Nomination Title: Central Issuance of State Drivers Licenses Category: Digital Government Government to Citizen State: North Carolina

2 Executive Summary The NCDMV wanted to reduce identity theft and identity fraud. They determined that central issuance of drivers licenses in combination with verification of social security number, facial recognition and verification of other required applicant supplied documents was the most effect way to meet this goal and protect North Carolina s citizens. The NCDMV worked with the NC General assembly to pass legislation to implement the central issuance process. The Central Issuance Project was a joint effort between the North Carolina Division of Motor Vehicles (NCDMV), the Department of Transportation (NCDOT) and the Office of Information Technology Services (NCITS). The project was implemented to meet the requirements of General Statue 20-7(f)5, which requires the Division of Motor Vehicles to issue a drivers license applicant a temporary driving certificate (TDC) valid for 20 days unless the applicant is applying for renewal by mail. The temporary driving certificate is valid for driving purposes only and is not valid for identification purposes. The Division produces the applicant s drivers license at a central location and sends it to the applicant by first class mail at the residence address provided. On July 1, 2008 the Central Issuance Project was approved for implementation. The Central Issuance project was one of the largest projects ever implemented for the DMV Drivers License application. The intense effort lasted 14 months from the time the project was approved to the full implementation. The effort required the setup of new secure infrastructure such as new facilities for the central print sites; new secure servers to support the applications and print solution, establishment of secure communications between the sites, and deployment of desktops and printers to 123+ branch locations throughout the state. Disaster Recovery failover capability and extensive enhancements to the current drivers license application were also required. On September 2, 2009 the Central Issuance project was successfully rolled out to all 100 North Carolina counties. The State of North Carolina was issuing drivers licenses from a central location, issuing temporary driving certifications at 123+ branches and mailing drivers licenses to the address provided by the applicant. The success of the effort was fully attributable to the collaboration of the NCDMV, NCDOT/IT and NCITS. This project serves as a model solution for the establishment of inter-office communications and collaboration as well as between state agencies. It also serves as a model for the verification and authentication of personally identifiable data. The implementation of Central Issuance has reduced wait time in 123+ Drivers License branch offices for the citizens of NC and it has significantly reduced identity theft of our citizens. This effort also sets the stage for the next effort to implement a more secure NC drivers license card.

3 Description Business Problem Prior to the Central Issuance Project, drivers licenses were processed, printed and then issued over the counter at 123+ drivers license offices. This drivers license process has been in operation since the beginning of issuing drivers licenses in NC (40+ years). The drivers license production equipment was vulnerable to theft at 123+ branches and wait times through out the North Carolina drivers license branches were unacceptable. Backup and recovery processes were obsolete at best. The verification of information provided by the applicant was completed after the drivers license was issued. This over the counter process allowed for an unacceptable rate of identity fraud; often times an offender had already transferred their NC drivers license to another state before the verification process was complete. The solution had to address the following: Facilitate and improve the flow of customers through 123+ North Carolina Drivers License branches and five mobile branches with the goal of reducing customer wait time. Provide updated facial recognition capability. Facilitate the timely verification of applicant information to allow an average of 10,000 daily issuances to be delivered within the specified time. Install and support a secure central printing facility. Develop and support a new mail and return mail process. Establish a backup central printing location. Set up a backup facility for applications and data. Provide sufficient communications to all citizens of the state of the process change. Implement a process for continued support and collaboration between the three agencies. A solution was provided by evaluating each major requirement individually and holistically. The successfully implementation of this project was the responsibility of and managed by NCDOT/IT personnel. An assessment of the workflow of all the branches was taken. The busiest branches were given multiple work stations and printers. The permanent card production equipment was removed from the branches. Printers for printing Temporary Driver Certificates (TDC) were installed. Under the previous system, there was a wait after the picture was taken and before the card was produced. The TDC prints almost instantly, relieving the wait time for card production in the branches. Once the pictures were taken in the drivers license offices, images were stored on servers at NCITS. Twenty three million existing images had to be migrated to the new central image server at NCITS. Secure access was established between 123+ branches and the servers located NCITS.

4 The established facial recognition vendor for NC deployed an upgraded facial recognition (FR) engine. The facial recognition process was moved to Billerica, NJ to be supported by the vendor. Secure lines were installed. Virtual Private Network (VPN) and firewall rules had to be established to protect the data. New secure processes had to be established to stabilize and define changes to the production environment. A new release process was established using the information Technology Infrastructure Library (ITIL) methodology. Upgraded fraud investigation software was deployed to facilitate the verification process. The DMV facility was designated as the secure location to establish the central printing facility. Extensive enhancements were made to the existing Drivers License mainframe application to facilitate the tracking of the card from the time of issuance until the printing and mailing of the card to the applicant. Secure connectivity had to be established in the facility, and large commercial size mailers and printers had to be set up. A secure means for protecting the consumables- (card production paper, ink, etc) was established by installing locked cabinets. Only authorized employees could have access to the facility which was protected by card access locks. Vendor staff was responsible for providing continued support for printing the cards and stuffing the mailers. The DMV mail room handled the mailing of the cards. A backup data center was established at the state s Western Data Center. Secure connectivity was established and failover capability was established. This backup facility could operate at 50% capacity. A backup print facility was also established in Elizabethtown, NC. A secure cage houses the printers and consumables. Vendor staff would also support the backup print facility at 50% capacity in the event of a disaster. News media communicated the upcoming change in process at the NC Drivers License Branches to the citizens. A phased rollout approach was selected because of the deployment of equipment in all 123+ branches located through out the state. NCDOT personnel were responsible for installation of the equipment. Four branches were rolled out daily in strategically established locations. Communications were also displayed to citizens at the branch offices during the phased rollout of the project. As prescribed by ITIL best practices, Service Level Agreements and Operational Level Agreements were established between the agencies and the supporting vendors. Helpdesk processes were established. Employees were trained on the new processes. NC law enforcement also attended training to familiarize them with the new TDC that would be presented to them if they stopped a citizen before the citizen had received their drivers license in the mail.

5 Significance The Central Issuance Project has reduced facility security vulnerabilities as well as improved the issuance process for driver license and identification cards by incorporating additional verification checks from the beginning of the process until the card is mailed to the customer. Now NC DMV has a secure Central Print Facility within its headquarters. The ability to physically print a driver license or identification card has been removed from driver license field offices, therefore minimizing the risk of theft of card production equipment. The Central Issuance Project affords DMV time to electronically verify applicant s information prior to mailing the license to the customer. If the customer information fails the verification process, the customer is notified and the issuance is withheld. The Central Issuance Project deters the attempt to obtain an issuance under false pretenses. The Central Issuance electronic verification process includes verification of lawful status in the United States, address verification which combats address fraud, confirmation of a customer s social security number which foils identity theft, facial recognition which detects multiple identities and the verification of out of state licenses that are transferred to NC. Central Issuance has not only changed the manner in which we conduct business with the citizens of North Carolina. The State s effort to elevate security and the protection of citizen data reaches far beyond the NCDMV, NCDOT, NCITS and its citizens. Benefit Within the eight months that the Central Issuance Project has been implemented, all expected benefits are being realized. Per the manager of the NC Fraud investigation unit; before the implementation of the Central Issuance Project, an average of 45 potential fraud cases was identified daily. Each case took approximately 3 hours to work at an average of $20.00 per hour. Since the implementation of Central Issuance, the fraud cases have been reduced to an average of 1 new case per week. This translates to a cost reduction of $53, per month. Reduced print time in 123+ Drivers License Branches - Per the manager of the NC DMV Helpdesk Support, Central Printing has reduced the time to print a card from 3 minutes per card to 10 seconds per TDC in the branches. Before Central Issuance it took approximately 500 hours daily to print 10,000 cards in the branches. After the implementation of Central Issuance, it takes approximately 28 hours per day to print TDC s at the local branch offices. It takes approximately 8 hours to print 10,000 cards in the central print facility. The implementation of Central Issuance has reduced the time it takes to print an issuance in the office significantly. The reduction in print time has also had a positive impact on the waiting time for DMV customers.

6 Improved data collection and storage Customers must provide accurate address information in order to receive their drivers license in the mail. Accurate information is extremely important because of the sharing of information among agencies such as the Department of Revenue, Department of Justice, etc. Often the information retrieved by the NCDMV is the most current data available on a citizen. Improved disaster recovery process Central Issuance implemented a process where there is a primary site and a backup site. The data is immediately sent to the backup site, facilitating the ability to failover to the backup facility in less than 1 hour in case of a disaster. Reduced vulnerability of theft of card production equipment in the branches- The card production has been removed from the branch offices into a secure centralized location. This all but eliminates the risk of theft of the card production equipment. Reduction in identity theft Citizens are less likely to experience identity theft as the safeguards from the centralized issuance program are implemented. The state drivers license has become a de facto form of official identification for residents of a state. Protecting a citizen s information is a key responsibility of the State.