The Authentication Challenge
The assumption that knowledge of personal information about someone "proves" the identity of that person leads not only to account takeovers and other financial identity theft, but also to medical identity theft, criminal identity theft, and other forms. In the past, access to online banking services, especially for retail (or consumer) banking, has been based solely on the use of traditional login IDs and passwords. Fraudsters have employed increasingly sophisticated means to steal this information, giving them access to customer's financial accounts. Other types of stolen personal information, especially Social Security Numbers, enable fraudsters to commit identity theft and open new credit accounts using someone else's identity.
There are at least two ways to combat this problem:- One
way is to better secure personal information so that it can’t
fall into the wrong hands. This is certainly a laudable goal,
and
every effort should be made to secure this information by encrypting it
for electronic storage and transmission, or making doubly sure that only authorized
people can access it. But all too often, these steps are not
taken. And even when they are, personal information may still be
available in other places or formats that are less secure. There
are just too many ways for sensitive personal information to fall into
the wrong hands to completely rely on better information security for
preventing identity-related fraud.
- Another approach is to change business practices so that stolen passwords, SSNs, and other personal information, by themselves are insufficient for breaking into existing online accounts, or for opening new accounts, or for commiting other types of identity theft.
Authentication for Preventing Financial Identity Theft
Authentication for Preventing Other Identity Theft