Essential Features for COVID-19 Vaccination Certificates

Vaccination certificates may be the bridge towards helping economies recover from the burden of COVID-19. Countries all over are implementing different systems as their COVID-19 vaccination verification systems.  These range from physical certificates to digital health certificates.  What are the essential features for these certificates?

Israel is one of the countries that have successfully implemented vaccination and the use of digital certificates. As other countries and even the WHO consider developing a digital COVID-19 vaccination certificate, here are some of the essential features of a successful certificate:

Essential Feature: Minimum Data

Data is a valuable asset for businesses and criminals alike.  We have covered some of the ways criminals have exploited data during the pandemic on the RKN Global blog. Healthcare data is especially sensitive.  This is because it contains personal and medical information that criminals can exploit for different types of fraud.

Therefore, COVID-19 vaccination certificates need to provide access only to information that proves the holder is vaccinated without disclosing other sensitive information. The European Commission and the World Health Organization offer recommendations on the biographical information to include and to leave out.

1st of the Essential Features: Inclusive Formats

One consistent concern that has arisen over the use of digital vaccination certificates is how they alienate people without access to technology. A good vaccination certificate needs to provide citizens and users with alternative formats of their vaccination certificates.  This would include both e- and hard-copy formats.

Additionally, vaccine certificates should be portable to allow citizens to prove their vaccination status wherever they are.

COVID-19 vaccine passports should also accommodate differences between and changes in the effectiveness of different vaccines.  This includes effectiveness in preventing infection and transmission.  It also includes the duration of immunity and the frequency of vaccine passport renewal.

2nd of the Essential Features: Remote Verification

Remote verification is important in COVID-19 vaccination certificates. Certificates should allow for a secure, contactless remote verification using smartphones or tablets as verification devices.


Standardization is an important feature in COVID-19 vaccine certificates. Ideally, COVID-19 vaccination certificates should be built for interoperable technologies that allow different verification bodies to determine a person’s vaccinated status.

In addition, these vaccine passports should have verifiable credentials across the board. The Common Pass and the COVID-19 Credentials initiatives are working towards developing standardized digital solutions in this regard.


Affordability for governments and individuals is another key feature of vaccine certificates. Governments must have sufficient resources to develop and maintain a vaccination passport. In addition, the individuals of that nation must be in a position to afford the vaccination passport to prevent issues with the marginalization of low-income groups.

Meet Legal and Ethical Standards

The legality and ethics of vaccine passports have caused divisions across stakeholders and other experts. For vaccine passports to work, they must meet both legal and ethical standards.  These include international, regional, and national human rights laws, data protection laws, COVID-19 legislation, and equality and anti-discrimination laws.

Vaccine passports should be inclusive, have defined uses, and avoid worsening existing inequalities.  They should protect users’ privacy and offer them control over their own data.

Bottom Line

Vaccine passports are established to serve different purposes including vaccination status and COVID-19 infection status.

These certificates have certain features that are essential to their function and integrity.  Examples include the ability to maintain the privacy of the vaccinated person, to remain standardized, and to prevent exacerbating existing inequalities such as differential rollout access.


What You Need To Know About Vaccine Passports

We have talked a lot about COVID-19 related matters, from identity theft to COVID-19 vaccines, here on the RKN Global blog. In this article, let’s look at vaccine passports.

What are Vaccine Passports?

A vaccine passport is a digital record you get after vaccination and the app you use to access the vaccination record. Countries across the world have developed, or are in the process of developing, different vaccine passports. These allow citizens to access higher-risk activities like attending concerts or traveling.

Different states and the public sector in the US have developed systems to help them verify the vaccination status of people. New York State was the first to release a state-backed vaccine passport.

New York’s Excelsior Pass allows vaccinated New Yorkers to download their health records onto a smartphone app. There, they receive a QR code that businesses and venues can scan to verify their vaccination status. Despite efforts from states and the public sector, the federal government has expressed that it will not mandate vaccine passports.

The Benefits

The pandemic came with numerous restrictions and cancellation of events that would increase the spread of the disease. Among these restrictions were bans on travel and on social events such as sports and entertainment.

With vaccines promising immunity against the coronavirus, governments can slowly reopen borders, allow social events, and restore their economies. The benefit of lifting certain restrictions also incentivizes citizens to get vaccinated against the virus.

The Cons and Concerns

Vaccine passports are seen as a direct route to reopening economies.  But critics have pointed out the risk of further marginalization of marginalized groups.

Although countries like Israel have recorded high vaccination rates of more than 70-80% of the eligible population, places like the US are still seeing disparities in vaccination statistics.

The African-American and the Hispanic-American communities have recorded low vaccination rates, as have low-income individuals. A recent report shows that 72% of the US adult population has received at least one dose of a COVID-19 vaccine.

In addition to concerns of unequal vaccine distribution and marginalization of certain groups, vaccine passports need careful design to ensure privacy and data protection.

Countries Using Vaccine Passports

Countries around the world have developed different COVID-19 vaccination certificates to allow their citizens to access certain activities or travel. Here are some of the countries that have rolled out their vaccine passports:

  • Israel launched the Green pass that allows vaccinated citizens to access leisure venues such as gyms and restaurants.
  • The EU launched the EU Digital COVID Certificate for citizens within the EU’s 27 member states, and Switzerland, Norway, Iceland, and Liechtenstein. Estonia and Lithuania are among the first countries to adopt the EU Digital COVID Certificate within the region.
  • Denmark launched its digital certificate through its Coronapass system.
  • Bahrain offers its vaccinated citizens a digital certificate through the Be Aware app.
  • China uses a digital certificate through WeChat.
  • Cyprus issues the digital green passport.
  • Singapore started using the IATA Travel Pass in May 2021.
  • The UK adopted the NHS COVID Pass App to allow fully vaccinated citizens to avoid quarantine when returning to the UK. It also allows them to verify their vaccination status when entering larger venues where large crowds typically gather.

Wrapping Up

Many countries are looking at vaccine passports as the path towards reopening their economies and verifying that their citizens are vaccinated. The use of vaccine certificates in different countries may also influence the travel requirements for anyone wishing to leave or enter the country. Therefore, if you are traveling, it is important to check the vaccination requirements of your destination country.






Why You Need to Link Your Passport to Your COVID-19 Vaccine Certificate

As countries across the globe ramp up vaccination, governments and international organizations are increasingly embracing COVID-19 vaccination certificates. Such certificates already play a critical role in lifting travel restrictions while maintaining the safety of international travel.

Whenever you travel abroad, you will have to show proof of vaccination or test results. Vaccine certificates have become a popular way of ascertaining that you received your COVID-19 vaccination.

Countries like India have developed a system for linking vaccine certificates with passports to make it easier to travel. Such systems aim to help travelers prove their vaccination status with ease.  These certificates include travelers’ name, passport number, and the vaccine which they received.

Reasons why you should link your vaccine certificate to your passport

Here are some of the top reasons you should link your vaccine certificate to your passport:

        Airports will scan you for COVID-19 before you leave. When you are vaccinated, authorities may exempt you from some COVID-19 mandates.  These include quarantine at your destination or a COVID-19 test before you travel.

        Linking your vaccine certificate to your passport provides reliable proof of your vaccination. Since they are directly linked to your passport, digitally-linked certificates are more reliable than easily falsifiable physical certificates. Even with a vaccine passport linked to your passport but presented in physical format, authorities can authenticate it by scanning a QR code.  

        Linking your passport and vaccination certificate makes for a smooth travel experience as far as regulatory concerns. When you can provide reliable proof of your vaccination, foreign countries are less likely to interrupt your travel due to regulatory hiccups.

How to link your vaccine certificate

There are different ways of doing this, depending on where you live.  If you are in India, for example, the CoWIN Portal makes it easy to link your COVID-19 vaccine certificate with your passport details. This can make it easier for you to travel to the UAE, the UK, Australia, the US, Europe, and other foreign countries.


COVID-19 passports have become a valid method of verifying vaccination status against the coronavirus. Countries like India have taken vaccination an additional step further by allowing their citizens to link their passport and their vaccine certificates through portals like CoWIN.


How Digital Vaccine Passports for Global Travel Work

Countries around the globe are turning to digital vaccine passports to allow people to travel and enter into their borders. Different countries, including China, France, the UK, the US, the EU, and Australia, have introduced different versions of COVID-19 digital vaccine passports and certificates to allow tourists and citizens to visit different attractions and events.

But as more countries introduce these certificates, the question remains: how will vaccine passwords for global travel work?

Digital Vaccine Passports: The Rise of COVID-19 Vaccine Certificates

Countries like the US rolled out various contact-tracing applications in the wake of the pandemic as a measure to track infected people. In addition to these applications, there are digital certificates for proof of vaccination. These serve as an additional measure to control the spread of the virus and its variants across borders.

Countries like the UK have adopted the NHS app to allow their citizens to prove their vaccinated status when traveling abroad. Even the WHO has consulted in developing a Smart Vaccination Certificate. This is despite its discouraging requiring digital vaccine certificates for international travel.

In expressing its concerns, the WHO has cited the likelihood of alienating certain groups of travelers and countries. Various groups have also raised privacy concerns with these passports.  One concern is that cyber criminals are likely to target them due to the personal information contained therein.

Countries like the UK have adopted a password-protected system to ensure that the vaccine passport does not disclose any other health records except proof of vaccination or negative test results.

COVID-19 vaccination certificates rely on smartphones. In the case of EU’s COVID-19 Travel Pass, the vaccine certificate contains a QR code. The destination country scans the QR code to verify the traveler’s vaccination status.

These vaccine passports will likely to work together with various travel apps that already exist to allow travelers to verify their COVID-19 status before traveling.

The International Air Transport Association (IATA) has the IATA Travel Pass, which allows travelers to verify their COVID-19 results at their destination country. IATA Travel Pass adopters include airlines such as Qantas, Emirates, British Airways, Virgin Atlantic, and Japan airlines. A rival app, the CommonPass, has adopters such as airlines Cathay Pacific, JetBlue, Lufthansa, and United.

Digital Vaccine Passports and The Question of Fakes

In recent months, RKN Global has drawn attention to the phenomenon of fake Coronavirus certificates. Authorities have arrested travelers using or selling fake coronavirus result certificates.  Media outlets have interviewed others, who have openly admitted their activities.

With this in mind, the question of travelers faking their vaccination passports arises. But digital vaccine certificates have the potential to combat fakes and counterfeits.

Public Perception of Digital Vaccine Passports

In countries like the US, citizens increasingly support the use of digital or print COVID-19 vaccine passports for domestic and international travel.  Part of this may be attributable to the surge of the Delta variant through different parts of the world.

Stakeholders in the tourism industry have also supported the use of vaccine passports for international travel.

Bottom Line

Vaccine passports present a ray of hope for the tourism industry as well as travelers moving from country to country for business or pleasure. With these certificates, travelers can prove their vaccination status and avoid mandatory quarantine.


Data Breaches and Cyber Attacks during the Pandemic

COVID-19 affected more than our health.  It forced us to change the way we work, learn, and interact with others. With these changes came an increase in cyber attacks, as criminals found new ways to exploit the sudden disruption that COVID-19 has caused. As criminals reinvent themselves, they have launched a number of cyber attacks on institutions and businesses throughout 2020 and 2021. Here are some of the high-profile data breaches and cyber attacks.

1.       Data Breaches and Cyber Attacks: Kesaya

IT Company Kesaya was hit with a sophisticated cyber attack early in July 2021. The attack targeted the company’s VSA software, which IT departments use to manage and monitor computers remotely. While Kesaya said only about 0.1% of its clientele was affected, about 800-1500 small to medium-sized businesses may have been compromised in the attack.

According to Huntress, a cybersecurity firm helping Kesaya deal with the cyber-attack, the attack began through an authentication bypass vulnerability on Kesaya’s web interface.

Once the attackers exploited the vulnerability, they circumvented authentication controls. They then uploaded a malicious payload, and executed commands through an SQL injection.

The ransomware group REVil claimed responsibility for the attack. The group has also been linked to other high-profile attacks against Acer, JBS, and Travelex.

2.      Data Breaches and Cyber Attacks: Colonia Pipeline

Colonial Pipeline became the victim of a cyber-attack in late April 2021. The attack by the DarkSide gang disrupted gas supplies along the US East Coast, causing panic and reckless behavior among consumers.

The attack against Colonial Pipeline targeted its billing systems and internal business networks. In the end, the company paid the demanded $4.4 million in bitcoin.

The hackers also stole about 100 GB of data, threatening to release the data to the public if the company failed to pay the ransom.

The company finally resumed operations on May 12, after a six-day disruption to its pipeline operations.

Fortunately, the FBI recovered most of the bitcoins used to pay the ransom. However, it did not disclose how it obtained the private key.

3.       Data Breaches and Cyber Attacks: Volkswagen & Audi

A marketing service supplier in June 2021 left exposed the data and personal identifying information of 3.3 million people in the US and Canada. The data breach revealed the names, mailing addresses, email addresses, and phone numbers of those affected. The breach also exposed extensive details about vehicles, including vehicle identification numbers. Driver’s license numbers for about 90,000 people in the US were also leaked in the data breach.

According to Volkswagen, the marketing service collected data between 2014 and 2019, and left that data unsecured for 21 months up to May 2021.

4.       Data Breaches and Cyber Attacks: Forefront Dermatology

A data breach of Forefront Dermatology exposed the personal data and medical records of up to 2.4 million patients. The breach also exposed the private employees of the healthcare provider.

The data leaked included names, dates of birth, addresses, and insurance information of patients.  It also included medical record numbers, accession numbers, clinical treatment information, and dates of service. The criminals gained access to Forefront Dermatology’s IT systems between May 28 and June 4, 2021.

Overcoming Cybersecurity Challenges

These cyber attacks and data breaches are barely the tip of the iceberg of the increasing cyber attacks facing governments, institutions, and businesses. With cyber attacks on the rise, it may well be only a matter of time before your business is the next victim.

Ronald K. Noble, former Secretary General of INTERPOL, recommends that businesses take action to protect themselves from cyber attacks.  Taking preventive measures to protect your business as much as possible can help minimize the “attack surface,” the areas which criminals can exploit. In addition to preventative measures, organizations should have a plan of action in place to guide them when responding to cyber attacks or data breach incidents.




How Remote Work during COVID-19 has Increased Business Vulnerability to Cyber Attacks

Cybersecurity has long been a concern for organizations around the world. Businesses have responded in the past by providing secure work devices, screening and approving software, and hiring an IT team to maintain the company’s cybersecurity efforts.  But coronavirus has led to changes which have increased business vulnerability to cyber attacks.

The ongoing health and economic crisis related to the COVID-19 pandemic is upending business operations and has forced many organizations to introduce telework. In this post, we explore how the hurried transition to remote work has increased business vulnerability to cyber attacks, and what you can do about it.

Increased business vulnerability to cyber attacks #1: Blurred Boundaries

While remote work has allowed most businesses to remain operational, it has obscured the boundaries between work and personal life. Employees can not only work from their kitchen tables, but they can also access corporate data on personal devices.

Organizations take security precautions with their work devices, but the same protection might not exist on personal devices. This lack of protection exposes an organization’s data to cybersecurity threats,.

Employees are not the only people likely to use work devices for personal use. For example, their family members might gain access to their devices and unknowingly download malware.

Employees are also less likely to keep up with software updates, meaning their devices remain exposed to vulnerabilities which an update fixes.

In addition to a rise in the use of personal devices for work, remote working has seen an increase in “shadow IT.”  Shadow IT is the phenomenon whereby employees find tools and software on their own to help them fulfill their responsibilities.  This increases the attack surface and vulnerabilities.

Increased business vulnerability to cyber attacks #2: Unsafe Networks

Remote working has given employees the freedom to work anywhere, and this is not limited to their homes. Employees can easily work in public areas such as cafes and libraries, and even use the free Wi-Fi provided in these areas.

However, this introduces the risk of connecting to an unsafe network, where their traffic and data are intercepted or credentials harvested.

Free Wi-Fi is, however, not the only potential attack surface. Poorly secured home networks are as risky as public Wi-Fi. Criminals can easily hack into unsecured or poorly secured home networks.

Increased business vulnerability to cyber attacks #3: Human Error

Long before the pandemic, human error was a contributing factor to cyberattacks. But the number has increased since 2020, with 95% of cyber breaches resulting from human error. Unintentional actions by employees, such as downloading a malware-infected file, can lead to data loss.

Human error also increases with sophisticated social engineering attacks, which trick employees into handing over sensitive corporate data.

Poor password practices are another common source of human error. When working remotely, your employees have to set up conferencing and work applications, which often require credentials. Creating passwords constantly can be overwhelming,  leading employees to use the same password for all their accounts. Using similar credentials makes it easier for criminals to attack, as they can simply try using known passwords.

How You Can Protect Your Business

Work from home during the pandemic has fueled the growth of cybercrimes. Malicious actors continue to identify and exploit vulnerabilities that came with the transition to remote work.

The good news is that there are simple measures you can take today to protect your business from cyberattacks and the costs associated with a data breach. They include:

  • Develop a remote work cybersecurity policy with provisions for the security measures your remote team should take
  • Educate your remote employees on the importance of cybersecurity, the common cyber-attacks, and the steps they can take to protect their devices and networks
  • Limit the access employees have to corporate data (let them access only what they need to perform their duties).