Experts look to digital IDs to boost Net security
Identity theft is eroding trust in the Internet, security experts say
IDG News Service - Rampant identity theft is eroding users' trust in the Internet and could threaten to erase some of the progress companies have made in doing business online, security experts warned today.
One possible solution is to create digital identities to curtail ID theft, but the move also comes with liabilities, the experts said while speaking on a panel at the CeBIT trade show in Hanover, Germany.
"We actually run the risk of taking a step back on the Internet. We're starting to see a lack of confidence and even worse, companies are scaling back what they are doing on the Web," said Art Coviello, president and CEO of RSA Security Inc.
Beat Perjes, head of IT security architecture at Credit Suisse, said that the customers at his bank are still doing online transactions but are also asking a lot more questions about whether it's secure. This is a concern because what banks actually sell customers is trust, Perjes said.
Cases of online identity theft have gained prominence in recent months, and the U.S. Federal Trade Commission has labeled such theft as one of the fastest-growing types of consumer fraud. Internet users are reporting cases of unauthorized access to their online bank accounts as a result of phishing scams and the increased prevalence of spyware, which can record users' passwords and log-ins.
Digital identities, which provide two measures of authentication, could help improve Internet security, as well as having various other uses, such as digital passports, the experts said. Dual authentication often involves something a user knows or possesses, such as a smart card, and something that he is, which can be represented by biometric information, Coviello said.
"Password-only IDs should be a thing of the past," said Detlef Eckert, Microsoft Corp.'s chief security adviser for Europe, the Middle East and Europe.
In addition to improving online security, digital identities would also allow users to reduce the number of credit cards, loyalty cards and other proofs of ID that they carry, the experts said.
Smart cards, digital passports and national ID cards could carry information for multiple purposes, as long as the authenticating body is trustworthy. So, if multiple credit cards were stored on a smart card, each credit card company would have to trust the other company's means of identifying and authenticating users, the experts said.
Authentication done by one body and then trusted by another is called federated identity, said Hellmuth Broda, chief technology officer at Sun Microsystems Inc. Broda is also the spokesman for the Liberty Alliance Project, a consortium of more than 150 companies working to develop
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts