SINGAPORE, 15 SEPTEMBER 2008 - Identity theft now threatens the growth of e-commerce and the provision of financial and government services online, according to Microsoft researchers.
In a new white paper, released today, the researchers maintain online fraud is undermining confidence in the Internet and the ad hoc way in which online identities are managed today cannot withstand the increasing assaults from expert criminal attackers.
In the white paper - Online Identity Theft: Changing the Game Microsoft argues that a new approach to securely managing online identity is essential. The researchers call for a system that uses an interoperable, vendor-neutral framework and gives end users more direct control over their digital identity. The white paper can be downloaded here.
Billion dollar crime
Armed with personal information gathered online and offline through phishing attacks, spyware, social engineering scams and other illicit methods, identity thieves are stealing billions of dollars through unauthorized transactions and new lines of credit opened fraudulently in the name of unwitting consumers, the white paper states.
Widely publicized leaks of sensitive data from custodians such as financial institutions, credit bureaus and government agencies are eroding public trust in the Internet and threatening to dampen online commerce and services, the report said.
The researchers say that while financial losses from offline and online identity theft have declined slightly, in 2007 they still totaled US$45 billion in the United States alone. In 2006, 12 per cent of EU residents aged 16 to 74 said they avoided online purchases because of security concerns. In comparison, 57 per cent said they had used the Internet and 30 per cent said they shopped online in 2007.
New information card
One key component of a new system, the Microsoft researchers say, is a new technology called an Information Card, which enables the creation of very secure digital entities.
The white paper recommends:
Adopting advanced digital identities in government, enterprise and online service environments, along with better data governance processes;
Creating a secure digital identification system that allows convenient online transactions and enables higher levels of security based on real-world verified identities when appropriate , and;
Convening stakeholders to build broad support for the use of digital Information Cards as a basic tool to reduce online identity theft and increase confidence in e-commerce and other online services
The issue requires a more comprehensive approach to protecting personal information, including consumer education, new technology tools, responsible business practices, a strong legislative framework, law enforcement engagement and expanded victim assistance.
Sign up for Computerworld eNewsletters.