IDG News Service - Rampant identity theft is eroding users' trust in the Internet and could threaten to erase some of the progress companies have made in doing business online, security experts warned today.
One possible solution is to create digital identities to curtail ID theft, but the move also comes with liabilities, the experts said while speaking on a panel at the CeBIT trade show in Hanover, Germany.
"We actually run the risk of taking a step back on the Internet. We're starting to see a lack of confidence and even worse, companies are scaling back what they are doing on the Web," said Art Coviello, president and CEO of RSA Security Inc.
Beat Perjes, head of IT security architecture at Credit Suisse, said that the customers at his bank are still doing online transactions but are also asking a lot more questions about whether it's secure. This is a concern because what banks actually sell customers is trust, Perjes said.
Cases of online identity theft have gained prominence in recent months, and the U.S. Federal Trade Commission has labeled such theft as one of the fastest-growing types of consumer fraud. Internet users are reporting cases of unauthorized access to their online bank accounts as a result of phishing scams and the increased prevalence of spyware, which can record users' passwords and log-ins.
Digital identities, which provide two measures of authentication, could help improve Internet security, as well as having various other uses, such as digital passports, the experts said. Dual authentication often involves something a user knows or possesses, such as a smart card, and something that he is, which can be represented by biometric information, Coviello said.
"Password-only IDs should be a thing of the past," said Detlef Eckert, Microsoft Corp.'s chief security adviser for Europe, the Middle East and Europe.
In addition to improving online security, digital identities would also allow users to reduce the number of credit cards, loyalty cards and other proofs of ID that they carry, the experts said.
Smart cards, digital passports and national ID cards could carry information for multiple purposes, as long as the authenticating body is trustworthy. So, if multiple credit cards were stored on a smart card, each credit card company would have to trust the other company's means of identifying and authenticating users, the experts said.
Authentication done by one body and then trusted by another is called federated identity, said Hellmuth Broda, chief technology officer at Sun Microsystems Inc. Broda is also the spokesman for the Liberty Alliance Project, a consortium of more than 150 companies working to develop
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
