Identity theft is a crime of the information age that is increasingly affecting Canadians as access to and sharing of information has become easier due to poorly protected electronic information, according to one security expert.
“We leave digital footprints all over the place because we are connected all the time,” said Robert Parker, a retired partner with Deloitte & Touche LLP, to a group of financial industry practitioners during an event held last month in Toronto entitled, Combating Online Identity Fraud.
Financial institutions need to question whether the clients they are dealing with over the Internet are actually who they say they are, Parker said. Banks are often looking for more effective ways to authenticate those individuals online, he said.
”A whole lot of things can and do go wrong when dealing with identity theft. It can present risk to both individuals and businesses,” he added. As individuals, Parker said people readily disclose personal information through activities like joining loyalty programs.
But while individuals contribute to the growth of identity theft, Parker added their involvement in its prevention is minimal. “[People] can’t affect the robustness of security software or the encryption [businesses] put in,” he said.
Encryption and VPNs are technologies that are good for general security to keep “the bad guys out,” said Gary Miller, national director for security with MTS Allstream. On the other hand, he added technologies like identity management software are about letting “the good guys in. Think about the good guys coming in. You have to enable them to use corporate assets. This is where identity management technology comes into play,” said Miller.
Identity management is a series of business policies and technologies that enables organizations to issue and manage identities, authenticate users and provide single sign-on to applications.
Miller added that identity management is a process that needs to be rigorous end-to-end. Such processes include registration and enrolment that are the first points of contact for organizations where credentials are exchanged to prove one’s identity, Miller said.
Another step in identity management is provisioning, which is the automated process of creating a user’s credentials in an organization’s end system.
This helps reduce the potential of fraud because automation eliminates human errors of authenticating the wrong person, Miller said.
Authentication and access control is the process that ensures only proper users have access to the systems and information that they are entitled to.
Single sign-on gives users access to a variety of systems with one set of credentials instead of having to remember multiple passwords.
While a number of companies like Sun Microsystems, Oracle and Entrust are offering identity management suites, Miller said education is still the biggest component that a company must undertake to protect its customers from identity theft.
Organizations should be able to educate their customers about the potential threats of identity theft “without causing mass panic and causing them not to use their system,” Miller stressed. Let customers know how to become vigilant and aware of all information that allow them to ensure that they are transacting only with the legitimate organization, he added.