GS Logo
The Green Sheet, Inc

Please Log in

A Thing
View Archives

View flipbook of this issue

Care to Share?


Table of Contents

Lead Story

Apple: Friend or foe?

News

Industry Update

MCX hits the rocky PR road

The line-busting potential of in-app payments

Add smart TV payments to the omni-channel experience

Features

Addressing the digital identity crisis

Mobile payments, mobile acceptance

Preparation is key for mobile prosperity

Views

Growing in giving

Thom Aldredge
The Give Back Campaign Inc.

Dare to think like Square

Alex Nouri
EFT Direct

Education

Street SmartsSM:
Merchant attrition - Part 1: Resisting the tide

Tom Waters and Ben Abel
Bank Associates Merchant Services

POS imitates life

Dale S. Laszig
DSL Direct LLC

Professionalism and pocketbooks

Vicki M. Daughdrill
Small Business Resources LLC

Don't get gouged by pass-through, pass-through, pass-through

Adam Atlas
Attorney at Law

Company Profile

National Merchants Association

New Products

Online fraud protection

RiskGuardian
Worldpay

NFC made easy

"Tap Into NFC" Developer Program
NFC Forum

Inspiration

Thankfulness breeds prosperity

Departments

Readers Speak

Resource Guide

Datebook

A Bigger Thing

The Green Sheet Online Edition

November 24, 2014  •  Issue 14:11:02

previous next

Addressing the digital identity crisis

One of the greatest challenges in today's electronically driven world is how to simplify digital identification. Whether they are buying products online, applying for health insurance, paying bridge tolls or traveling across country borders; it is usually necessary for the people carrying out these transactions to authenticate themselves.

The problem is that each type of transaction uses distinct identification requirements. People now typically access multiple digitally managed services daily, and they are thus responsible for handling various personal passwords, ID cards, tickets, key fobs, etc., each of which is vulnerable to fraud, cyber-attack and loss. And theft of this type of sensitive data is outpacing release of improved authentication solutions.

A global issue

This ID fragmentation is gaining attention from governments across the globe, many of which are taking a closer look at what can be done to create a more unified solution. Regulations have begun to emerge, with Europe leading the charge when it adopted the Electronic Identification and Trust Services (eIDAS) regulation in June 2012. After various amendments by the European Parliament, the final version of this regulation was set to commence in February 2014.

Countries such as Portugal and Cape Verde were early adopters, both launching versions of chip-enhanced citizen identity cards that store cardholder information such as digital certificates and signatures, fingerprints and other biometric data, and medical records. The cards are designed to combine multiple ID sources, and they use dual authentication.

The NSTIC mission

The United States responded to the need for centralized digital identification through a White House initiative known as the National Strategy for Trusted Identities in Cyberspace (NSTIC). An Identity Ecosystem Steering Group was enacted to "work collaboratively with the private sector, advocacy groups, public sector agencies, and other organizations to improve the privacy, security, and convenience of online transactions."

The NSTIC website states, "Cyber crime is growing and has become more organized and sophisticated. As we increasingly perform high-value transactions online such as mortgage applications, buying stocks, or reviewing health care information, our vulnerability to theft, fraud, and privacy violations increases proportionately."

The goal is to develop a user-centric "identity ecosystem" or an online environment where individuals and organizations are able to trust each other through agreed upon standards for obtaining and authenticating digital identities, as well as the digital identities of devices. It is expected this system will be built around a set of collaborative private partnerships, which, among other things, will ensure that no one provider is in control of the entire system and cardholders can choose providers they prefer. It is believed this will increase security and reduce the risk of system-wide threats.

An identity ecosystem

How will it work? Just like a bank card and PIN, a password and a credential in physical form (such as a cell phone, token or smart card) is considered a more secure way of doing business than using passwords alone. An identity ecosystem "credential" can send different types of information to different service providers, thereby reducing the number of passwords and PINs needed. For example, you could log in as "John321" to an online subscription without your actual name, but you could also access medical records using the same credential, which can also prove you're really "John C. Doe."

It will also use a multifactor authentication system, which has been proven to be more secure than using passwords alone. One such method could be a digital certificate on a cell phone (something we have) which requires a password (something we know). Users who elect to use multiple certification methods will still have a short list of passwords or PINs to remember, but the list will be significantly smaller than today's. If a credential is lost, it will also be easier, quicker and more secure to notify one credential provider.

As far as progress, the NSTIC stated it will likely be "some years before the full promise of the Identity Ecosystem is in place," but it also noted that some providers are already launching products.

Meanwhile, Europe continues to move ahead in earnest. The sixth edition of the eID Conference was held in October 2014 in Budapest, Hungary, drawing participants from over 40 countries and featuring 200 electronic identity experts in workshops.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

previous next

Spotlight Innovators:

USAePay | Impact Paysystems | Electronic Merchant Systems | Inovio | Board Studios, Inc.