Challenge

Online identity theft

Over the last decade organizations and individuals have moved vital parts of businesses, government services and social interaction to the Internet. Unfortunately as more sophisticated services move online, so do fraudsters.

Fundamental to sustainable online business is the ability to ensure that only the authorized user or group of users can access their information and services. This in turn requires that the legitimate users are properly identified and authenticated prior to gaining access.

The majority of online business applications are today accessed using simple username and password(s) schemes, and payments are processed with static credit card information, both being prime targets for fraud. Online fraud and identity theft is a rapidly growing global problem, ultimately undermining the confidence and growth in online business and services. It is today estimated that over a trillion US dollars are lost annually due to on-line identity fraud and this figure continues to grow at an alarming rate.

Weak authentication

In order to minimize the risk of online identity theft, users are advised to use different and complicated passwords for logging in to different services. Also, users are encouraged to change passwords frequently. In reality, most users use one simple password for most of their applications.

Static passwords, as well as any other simple “single factor” authentication mechanism, including many that are held in smart-phones and on laptops are as vulnerable to duplication as the numbers printed on a credit card.

To enhance security, many online banks and enterprises have deployed hardware authentication tokens, in the form of smart cards or bank authentication tokens. A hardware device that is separate from the computer and generates encrypted one-time pass codes, significantly raises the level of security compared to static passwords. Many companies have also deployed mobile phone authentication technologies. However, without a widely deployed standard for re-using strong authentication technologies for multiple services, cost and complexity are limiting scalability of these solutions.

  • 7258

    “Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves.”

    - World Economic Forum, Davos, 2009