My name is Fran Rosch and I manage the group that writes this blog and develops VeriSign's identity and authentication solutions.
I just got back from a 2-week trip to India, Israel and London talking to customers, prospects, and VeriSign team members. I spent much of the time talking about how customers should deploy solutions that are very "risk based." When consumers access lots of critical data or financial assets on their website, a user name and password is probably not enough. But how much is enough? Does one solution fit all? How much should we change user experience? How much should we spend on security and authentication?
As I traveled through the airports in San Francisco, Frankfurt, Bangalore, Delhi, Mumbai, Amman, Tel Aviv and Heathrow, I was struck by the very different security policies and I realized that they also deploy "risk-based" approaches just as we recommend on our customer's Web sites. Here were some different approaches I noticed: