Preventing Identity Fraud
There are at least two ways to combat the identity fraud problem:
- One
way is to better secure personal information so that it can’t
fall into the wrong hands. This is certainly a
laudable goal,
and
every effort should be made to secure this information by encrypting it
for electronic storage and transmission, or making doubly sure that
only authorized
people can access it. But all too often, these steps are not
taken. And even when they are, personal information may still be
available in other places or formats that are less secure. There
are just too many ways for sensitive personal information to fall into
the wrong hands to completely rely on better information security for
preventing identity-related fraud. >"Secret" Personal Information That Isn't Really Secret
- Another approach is to change business practices so that stolen passwords, Social Security Numbers, and other personal information, by themselves are insufficient for breaking into existing online accounts, or for opening new accounts, or for commiting other types of identity fraud.
We
believe that although better information security is essential for
protecting the privacy of individuals, relying solely on trying to keep
personal information "secret" will not prevent identity theft or other
types of identity-related fraud.
Better information
security needs to be augmented with better ways to verify that those
seeking to establish new accounts, or to access
existing accounts, are truly authorized to do so.
The real
problem is the
widespread assumption that knowledge of personal information, by
itself, "proves" the identity of the person who knows the information.
We believe that the way to deal
with this problem is through adoption of better forms of
authentication.
>Authentication for Identity Fraud Prevention