Experts look to digital IDs to boost Net security
Identity theft is eroding trust in the Internet, security experts say
IDG News Service - Rampant identity theft is eroding users' trust in the Internet and could threaten to erase some of the progress companies have made in doing business online, security experts warned today.
One possible solution is to create digital identities to curtail ID theft, but the move also comes with liabilities, the experts said while speaking on a panel at the CeBIT trade show in Hanover, Germany.
"We actually run the risk of taking a step back on the Internet. We're starting to see a lack of confidence and even worse, companies are scaling back what they are doing on the Web," said Art Coviello, president and CEO of RSA Security Inc.
Beat Perjes, head of IT security architecture at Credit Suisse, said that the customers at his bank are still doing online transactions but are also asking a lot more questions about whether it's secure. This is a concern because what banks actually sell customers is trust, Perjes said.
Cases of online identity theft have gained prominence in recent months, and the U.S. Federal Trade Commission has labeled such theft as one of the fastest-growing types of consumer fraud. Internet users are reporting cases of unauthorized access to their online bank accounts as a result of phishing scams and the increased prevalence of spyware, which can record users' passwords and log-ins.
Digital identities, which provide two measures of authentication, could help improve Internet security, as well as having various other uses, such as digital passports, the experts said. Dual authentication often involves something a user knows or possesses, such as a smart card, and something that he is, which can be represented by biometric information, Coviello said.
"Password-only IDs should be a thing of the past," said Detlef Eckert, Microsoft Corp.'s chief security adviser for Europe, the Middle East and Europe.
In addition to improving online security, digital identities would also allow users to reduce the number of credit cards, loyalty cards and other proofs of ID that they carry, the experts said.
Smart cards, digital passports and national ID cards could carry information for multiple purposes, as long as the authenticating body is trustworthy. So, if multiple credit cards were stored on a smart card, each credit card company would have to trust the other company's means of identifying and authenticating users, the experts said.
Authentication done by one body and then trusted by another is called federated identity, said Hellmuth Broda, chief technology officer at Sun Microsystems Inc. Broda is also the spokesman for the Liberty Alliance Project, a consortium of more than 150 companies working to develop
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!