Are fake ‘COVID-19 test certificates’, spreading faster than the pandemic ?

Rajesh Soundararajan
Jul 14, 2020
5 min read

How can governments and authorities ensure test reports have credibility?

Are fake ‘COVID-19 test certificates’, spreading faster than the pandemic ?

With a staggering 13 million cases and 500,000 deaths and counting, the spread of coronavirus does not seem to show any signs of slowing…..

At Qryptal, we have been involved in a few projects and have written multiple articles on this subject starting with one on what health authorities can do for COVID-19 test reports on March 6 . Then we spoke to you about ‘Digital Vaccine Certificates or Immunity Passports’ and COVID-19 Immunity Certificates in April and also very recently about how Kenya used this nifty technology to move essential goods during COVID-19 .

We write about it today again because the ‘pandemic’ of fake certificates seems to be increasing as fast as the virus is spreading and is showing very little scope of dying soon.

Here is a another story from Bangladesh - Fake Covid-19 test certificates invite disaster for Bangladesh . And this is similar to the problems of fake certificates in many other countries. The fraudsters entice the potential customers from among those waiting to be tested for COVID-19 in order to comply with work or travel requirements.

Dhaka Tribune article

As has been observed globally, there is a significantly high demand for COVID-19 test certificates as many countries (and even provinces for travel within different parts in the country) have made it mandatory for travelers to have a COVID-19 negative certificate for entry. There are also restrictions that this certificate should be issued within a certain time frame before entry.

On the one hand, COVID-19 testing kits appear in short supply world-over and the healthcare system is choked with more demand than supply. Added to that is the pressure for testing symptomatic patients, which is seeing a surge.

And at the same time, soon after the lockdown, factories and industries required returning workers to have COVID-19 certificates to rejoin the workforce. Labour and business movement between districts/ provinces also require a COVID-19 negative certificate.

All this is creating the right conditions for unscrupulous elements to step in and this is how the fake certificate syndicates thrive. These syndicates claim to “speed up” the queue and assure immediate certificates. They take advantage of this demand-supply gap.They are instances where they even resort to advertisements on social media for easier and better accessibility and less traceability . Once a potential customer makes a contact, they either collect “real samples” or sometimes even bypass that (!!) and promise to deliver the certificate by email or by post - all for a fee. They prepare fake reports based on their own observations of the patients’ symptoms or going by their declarations and urgency.

Making the COVID-19 reports tamper-proof

This puts immense pressure on the genuine certificate issuers to ensure that there is credibility to the certificates that are issued. They must ensure that the certificates issued are secure, tamperproof and easily verifiable - either in physical or in electronic/digital formats.

There may even be a requirement for the certificate to be updated by the issuing authorities to either extend the validity or even cancel/expire the certificate remotely.

The output report must be verifiable globally without compromising individual privacy and without the need for any database dependencies. Tens of thousands and millions of certificates are issued by approved agencies. These ‘documents’ will need to be verified by third-party government and non-government agencies for various purposes. It could be travel, school admissions, immigration, entry into restricted areas or designated areas and so on.

Should all this mean investment into complicated and expensive technologies like hyperledger or blockchain and artificial intelligence ? Or could the solution be far simpler, quickly actionable, leveraging on currently existing commercial technology with minimal set-up requirements ?

PKI based Secure QR code enabled certificates allowing de-centralised validation

Fortunately there is an answer based on existing and proven technology. Secure QR is a highly sophisticated technology that combines military grade cryptography with a PKI mechanism to allow simple day-day documents to have security and verification using ubiquitous QR code. Unlike traditional QR, ‘secure QR code’ has an inbuilt fail-safe mechanism. Such QR codes are generated only by authorized entities and laboratories using a private key to digitally sign the QR. This code encapsulates the key information that needs to be communicated and verified and can be generated in a small size. This secure QR code is tamper proof and can be easily verified by the corresponding public key.

You can use a dedicated smartphone app to validate such a document or even use web validation mechanisms in all of which the verifier would just need to scan the QR code and check the output. This entire system uses a standard public key-private key mechanism with appropriate levels of security and encryption.

Secure QR code provides an easy and foolproof way to create and verify authentic health and immunity certificates

This is how it works - Simple 3 steps

The issuing entity carries out the tests and issues the health certificate just as before but with an embedded secure QR code that stores the details on the ‘certificate’ itself. This certificate can be in an electronic or a physical format.
These secure codes are digitally signed by the private key of the issuer to make sure that they can only be generated by authorized entities and are tamper-proof.
The QR code on the certificate is scanned by an App which carries the corresponding public key to validate the information and present it to the verifier.

The image below shows how this can be done.