Fight identity theft and protect privacy on all fronts

People today have a greater appetite for security than ever before. They expect, even demand, security and protection in many more aspects of their lives – whether in their dealings with government agencies or as part of their online social lives. But, says Andrew Barkla, it takes the combined effort of governments, organisations and individuals to provide the most effective protection of personal data.

In August, 2008 the US Department of Justice began prosecuting its largest ever identity theft case when 11 people were charged with the theft and sale of more than 40 million credit and debit card numbers. They are accused of stealing the numbers by hacking into the computers of nine major US retailers.

The sheer scale of the crime is a timely reminder that the risk of identity theft and financial fraud remain ever present, and we need to be vigilant if we are to protect against it.

According to The Australian Federal Police (AFP), identity fraud costs the nation up to $4 billion a year.

Australians are already well aware of the issue. The Unisys Security Index™ is Australia’s only regular snapshot of public perceptions towards security. The Index, run in Australia since June 2006 and now conducted in 10 countries worldwide, has consistently found that Australians are more concerned about unauthorised access to - or misuse of - personal information and other people obtaining and/or using their credit or debit card details than they are about any other security issue .

But protecting personal information takes more than being simply aware of the issue. Responsibility rests with not just us as individuals, but also the organisations we deal with. And legislation also has a vital role to play, as is seen in the current review of the privacy law here in Australia.

Ultimately the fight needs to be fought on many fronts – and we need to work together in doing so.

As consumers and members of the community, we of course want, and expect, our private data to be protected by our government and the organisations that we deal with. In today’s fast paced, web-connected and mobile environment, the challenges to the security of that data are becoming much more complex. For public and private sector organisations, this means that issues of privacy, confidence and trust are becoming critical operational issues.

Not surprisingly, organisations such as banks, health providers and social service agencies are beginning to introduce more stringent methods to verify our identity, and new technology is a key part of that.

For example, protecting your personal information with a simple PIN number (or “something you know”) is no longer good enough as it is now too easy to find information like birth date, address and mother’s maiden name when we freely post them on social networking sites like Facebook and MySpace.

Additional security can be provided by combining “something you know” with “something you have” (such as a bank issued smartcard) as another level of protection for consumers against identity fraud. For example, since the introduction of chip and PIN card technology in the UK, bank card fraud losses have fallen by nearly £80 million since 2006.

But in some instances, where even greater assurance of identity is required, organisations are seeking even better protection via another layer, “something you are”. Biometrics is the use of technology to prove identity using biological identifiers, such as the patterns in your fingerprint, iris, voice or even the veins of your hand, that are unique to each individual.

The Unisys Security Index has shown that 98 per cent of Australians would be happy to use one or more techniques, such as photographs and fingerprint scans, to prove their identity. This includes 72 per cent of Australians who said they would be willing to use a fingerprint scan and 66 per cent who would be happy to provide an iris scan, 61 per cent facial scan and 47 per cent facial scan.

Government and, increasingly commercial organisations are beginning to realise the value biometrics provide within a contemporary security strategy. Moreover, the community is beginning to appreciate that such initiatives provide greater privacy, improve security and offer convenience. The ability to build consumer confidence and trust is an additional benefit of biometrics and identity-based measures that is beginning to be realised.

In the workplace for example we are seeing more sophisticated identity and access management systems which allow organisations to manage user access to company resources and customer information that go beyond basic user ID and password access.

Companies can now pair higher resolution CCTV cameras with intelligent video software linked to facial recognition systems – comparing captured footage against a database of images.

Identity credentialing is of course about people. Biometric and other identity based measures are one of the more visible approaches organisations can take to reassure customers that their personal information is protected.

However, if people are to embrace new security measures they need to be informed and educated about how they work and what they are designed to achieve. Why is a fingerprint being taken? Where will their photograph be stored? It is sharing this knowledge that helps build trust and confidence in the organisations that we deal with. People are then more likely to willingly do some things they might not have once done; forgoing some degree of privacy – such as providing a fingerprint or voice recording - in return for better protection.

Research of Australian retail bank customers, conducted on behalf of Unisys, found that 91 per cent of respondents would welcome more biometric technologies to protect their identity and transactions. Clearly, consumers recognise the role biometrics and other technology-enabled identity verification techniques can play in ensuring their personal information and assets are secure. Organisations that adopt these technologies and make their security measures transparent will take the lead in creating trust and confidence among their customers and achieve the biggest prize of all - loyalty.

Of course today’s security landscape is a global one and these issues need to be addressed beyond national borders. In 2007, the global Centre for Ethical Identity Assurance (CEIA) was created – an alliance of industry, government and academia – to establish consistent, global practices for identity assurance. Key among CEIA’s initiatives is the development of a draft Consumer Bill of Rights to protect personal information and safeguard against identity fraud.

What this serves to highlight is that if the benefits of any security initiative are to be fully realised, there needs to be ongoing dialogue with the customers that they serve, wherever they may be located. Knowing what is being implemented and why, and what standards of privacy protection it will it deliver are essential elements to convey in order to build confidence and trust.

However, the individual must be part of any solution to identity theft and privacy protection - we are all responsible for the protection of our own information and data.

The bottom line is that even the best protective measures can fall short if people don’t take even the most simple steps to protect themselves. As organisations and as individuals – education and awareness will remain critical. It is only then that we will win the battle against ID theft on all fronts.

About the author: Andrew Barkla is Vice President and General Manager of Unisys Asia Pacific

REFERENCES: 

[1] Australian Federal Police referenced by National Fraud Identity Awareness Week 2008:   http://www.stopidtheft.com.au/

[1] Unisys Security Index: www.unisyssecurityindex.com.au

[2] APACS UK Payments Authority – Card fraud facts and figures: http://www.apacs.org.uk/resources_publications/card_fraud_facts_and_figures.html

[2] Unisys Security Index, November 2008

[3] Customer Centricity in the Australian Retail Banking Market: Rewards and Sacrifices, March 2007.