EXPERT RESPONSE
It really depends on the type of business. Birth certificates and passports aren't really that useful when running an online business -- they're essentially paper documents in an increasingly digital world. In any case, corporations should verify identity based upon a credit card lookup to make sure that the card number, address and CVV2 number are consistent. For an financial transaction, that usually suffices and meets the risk criteria of the merchant bank that is underwriting the purchase.
In terms of a brick-and-mortar retail or other business services environment, it's a different ballgame and corporations need to walk the fine line between causing the transaction to be painful for the customer and ensuring that it is secure. Again, it gets back to an organization's tolerance for risk and to what degree a company wants to inconvenience its customers by making them bring all sorts of supporting documentation to prove who they are.
The final point I'll make is that employees need to be trained to spot fake credentials and to ask the appropriate questions if they get suspicious. If employees don't enforce with the same level of scrutiny, then the tightest policy in the world won't matter too much. An enterprise also needs to have a defined process to deal with such situations quickly and effectively. Front-line employees shouldn't solely bear the brunt of a hacker that is trying to commit fraud.
More information:
|
