With $10 trillion of U.S. commerce conducted online every year, basic username and password “security” is just not strong enough – not strong enough to protect the amount of information people volunteer or are required to give to complete an ecommerce transaction.
While this is not a new revelation and none of you have suddenly been awakened to this reality, recent moves by the Obama administration to push stronger online identity protection helps bring to light a real human concern and we hope starts a process resulting in better identity protection for all internet users.
Last week in Washington D.C. , top officials from the Commerce Dept., Department of Homeland Security (DHS) and others launched the National Strategy for Trusted Identities in Cyberspace (NSTIC), which President Obama has now signed.
“The Internet has transformed how we communicate and do business, opening up markets, and connecting our society as never before. But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year,” said President Obama in a released statement.
It’s about time we got serious about this topic and with this statement the Obama administration has elevated protecting online digital identities to a national priority.
Is this just political positioning? Far from it.
Identity is the very essence of who we are.
Yet ID theft has been the #1 consumer complaint to the Federal Trade Commission for the last ten years. During that time the threat landscape has evolved from a labor intensive paper chase to super automated botnets and a global network of computers pushing out phishing, keyboard loggers and other attacks by the millions.
The threat is so pervasive that the Anti-Phishing Working Group (APWG) states that 25 percent of all PCs are infected with banking Trojans or downloaders aimed at stealing account credentials or hijacking online banking sessions. Cyber criminals are particularly focused on businesses, municipalities and high net worth individuals where they can get a much bigger payout.
While NSTIC recognizes there is a place for anonymity and many low level password-protected personas online, there is a clear message that high value transactions, especially e-commerce and banking, need to move to a higher level of identity protection based on a smart card or secure USB token.
Speaking at the launch event, U.S. Commerce Secretary Gary Locke said, “We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords. Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them.”
Protecting online identity is not a luxury – it is a mandate. As more of our world becomes connected, protecting online identity needs to be a top priority. As more people use (and in some ways implicitly trust) the internet for e-commerce, personal finance and social interaction, the amount of personal information placed online warrants a real identity protection solution. The NSTIC call for a strong identity credential is a great foundation to protect the individual identity with standardized industry proven technology. While it will take some time to see the true impact of NSTIC, it is certainly a move in the right direction.