Authentication for Identity Fraud Prevention
Let's define "identity fraud" more precisely to include:
- Using stolen credit card numbers to make purchases.
- Using stolen checking account information to steal money from someone's account via ACH transactions.
- Breaking into someone else's online financial accounts using stolen passwords and other credentials.
- Making fraudulent onlline payments using someone else's payment account.
- Establishing new credit accounts under another person's identity.
- Accessing online government services to make changes to addresses, beneficiaries, or other personal information.
- Medical
identity theft; i.e., obtaining medical services and having the charges
falsely billed to someone else, or fraudulently accesssing the
electronic medical records of others.
This
definition encompasses a range of identity-related crimes that can
harm the victim in a number of ways. This harm includes privacy
breaches when sensitive financial and medical information is obtained
by an unauthrized person, money stolen from the victim's bank account, charges billed to the
victim that were incurred by the thief, erroneous and detrimental information appearing
on the victim's credit report, and erroneous medical information
appearing in the victim's medical record.
Better authentication can help to prevent these crimes by:
Better authentication can help to prevent these crimes by:
- Preventing an unauthorized person from making an online payment from a checking account. >more
- Preventing an unauthorized person from accessing an online financial account; i.e., account takeover. >more
- Enabling
a trusted third party to authenticate claims of identity. >more
- Enabling a consumer to easily authorize a credit reporting agency, or credit bureau, to release the consumer's credit information only in response to legitimate requests for credit. >more
- Preventing an unauthorized person from accessing electronic medical records. >more
Note that the kinds of authentication required to prevent
these different forms of identity fraud do not necessarily involve
authentication of a person's identity. In fact,
authentication of a claimed identity is really needed only when a new
account (or relationship) is being established, and it is important to
know the true identity of the person opening the account.
Once the account is established, authentication for subsequent
access to the account requires only verification that the person
seeking access is the same person who initially enrolled, or is otherwise authorized to do so. By analogy, consider the
ATM card. Possession of the card, and knowledge of the associated
PIN, doesn't serve to authenticate the holder's identity. It only
authenticates the holder's authority to access the account and withdraw
money.
While there are several technologies that can be used to provide stronger authentication to consumers to prevent these forms of identity fraud, we will focus on an emerging paradigm called "Information Cards", which are a kind of electronic version of the familiar physical credit cards and identity cards that people carry around.
>Information Cards for High Assurance Authentication for Consumers
While there are several technologies that can be used to provide stronger authentication to consumers to prevent these forms of identity fraud, we will focus on an emerging paradigm called "Information Cards", which are a kind of electronic version of the familiar physical credit cards and identity cards that people carry around.
>Information Cards for High Assurance Authentication for Consumers