It’s a story that has sparked a fresh round of discussions about identity theft.
In November,
The New York Times published an article about Eric Wagenhauser, a Houston construction worker whose former wife used their children’s Social Security numbers to apply for nine credit cards in their names. She subsequently pleaded guilty to two counts of fraudulent use of a credit card and is now in a Texas prison.
The story shone a light on a little-publicized fact: Although most identity theft victims never learn who stole their identities, when the source can be identified, half of the victims say the thief was a family member, a friend, a neighbor, or an in-home employee. That’s according to recent surveys by the Federal Trade Commission and Javelin Strategy and Research, a private research firm. The surveys estimate that 9 million to 10 million Americans have their identities stolen each year.
The
Times quoted Betsy Broder, assistant director of the Federal Trade Commission’s division of privacy and identity protection:
"We see parents taking advantage of their children, and children taking advantage of their older parents. We can tell consumers and businesses to be careful about how they safeguard their personal information, but it’s hard to tell people to safeguard their information from the people that they love."
With the approach of another holiday shopping season, now is a good time to learn about the latest efforts to combat the growing threat of identity theft on the Internet.
As financial institutions launch new initiatives to bolster consumer confidence in their online transactions, government agencies have begun to recommend identity protection guidelines.
For example, the recent guidance issued by the Federal Financial Institutions Examination Council recommends that financial institutions offering Internet-based products and services to their customers should use effective methods to authenticate the identity of customers using those products and services. Specifically, the guidance considers single-factor authentication as the only control mechanism to be inadequate in the case of high-risk transactions.
With these new guidelines in mind, VeriSign has developed VeriSign Identity Protection (or VIP), a suite of identity protection and authentication services designed to strengthen and protect consumers’ digital identities. Delivered across a trusted, shared network, VIP helps manage reputational risk for financial services, e-commerce companies, and enterprises that digitally interact with consumers’ personal data.
VeriSign Identity Protection delivers invisible as well as visible identity protection to enable credential sharing and provide Internet-level intelligence.
The VIP Fraud Detection Service provides an invisible means of delivering protection to consumers. Using advanced anomaly detection technology, the service detects fraudulent logins and transactions in real-time, without affecting legitimate users’ Internet experience. The solution takes a self-learning approach to fraud detection, adapting to customer usage habits unique to that individual. Using policies and pattern recognition technology, the service flags potentially fraudulent activities based on known types of fraud and behaviors not associated with the user. Because the service is self-learning, it can adapt to changing criminal behavior without manual intervention. This approach does not require any change to a Web site and remains invisible to the consumer until fraud is detected.
The visible part of VIP is the VIP Authentication Service. VIP Authentication Service allows a business to issue and accept two-factor authentication from users. This eliminates the need to distribute and manage traditional hardware authentication tokens, which has hampered the adoption of stronger authentication technologies.
At the same time, Symantec announced Norton Confidential Online Edition, an online transaction security solution that helps banks strengthen the security that links them to their customers. Financial institutions will now be able to extend protection from phishing, pharming, and password-stealing programs to their customers’ computers.
Norton Confidential Online Edition authenticates the bank’s Web site at every login so customers know they’re on a legitimate site; it also alerts customers if they’ve arrived at a phishing site. Transaction security protects customers when they enter passwords, make purchases, or bank online. In addition, the software will block key logging and screen-capture programs.
Symantec has also launched the
TransactSafely Web site. This new site helps consumers understand today’s increasingly sophisticated online threats in simple terms and offers practical tips on security measures users can take to protect themselves while browsing, shopping, or banking online.
How timely are VeriSign and Symantec’s initiatives? Recent studies from Harris Interactive show that fear of identity theft has stopped 53 percent of Internet users from giving personal information to Web sites and 14 percent from paying their bills online. In addition, Symantec’s latest Internet Security Threat Report found that, in the first half of 2006, nine of the top 10 phished brands were in the financial services sector. As a result, financial institutions are demanding ways to provide security and confidence to their customers.
Ideally, these initiatives should enable financial institutions to incorporate multiple layers of protection benefiting both the consumer and the bank. Consumers will be protected against the threat of online fraud, strengthening their confidence in online transactions, while banks will be able to enhance the security and authenticity of their communication with customers.
Technorati
Digg
Delicious
Reddit
Newsvine
StumbleUpon
Buzz
Blinklist
Mixx
Google
