A bevy of online heavyweights, including IT vendors, e-commerce and financial services institutions, are joining forces to combat digital identity theft.
The Coalition on Online Identity Theft, however, faces a major challenge. A recent Federal Trade Commission report said that 27.3 million Americans were victims of identity theft during the last five years (including 9.9 million last year alone). Such activity cost businesses almost $48 billion last year, the report found.
The coalition hopes to educate users about how to avoid potential problems online and ensure that enterprises managing customer identities have the proper security controls in place. In addition, the coalition aims to improve information sharing about online fraud with the public, law enforcement agents and lawmakers.
Not all identity theft originates online. The old-fashioned ways of stealing personal information are still around. The FTC report said that 4% of thefts involved information gathered from stolen paper mail. Fourteen percent of victims report their sensitive information was taken from a lost or stolen wallet, checkbook or credit card.
In many ways, e-commerce is at the same point that credit cards were when they were first introduced in the 1970s. There's still some hesitancy on the part of customers to use a novel payment method.
"Years ago, people used to be nervous about giving a waiter a credit card," says Trevor Healy, vice president of VeriSign Inc.'s payment services group, which is projected to handle $22 billion in online transactions this year.
VeriSign is one member of the coalition, which also includes Microsoft, McAfee Security, RSA Security Inc. and others. The Information Technology Association of America administers it.
The coalition has a complex agenda, part of which is to encourage businesses to secure customer data, said Shannon Kellogg, director of government affairs for RSA Security. "E-commerce originating from all sites, whether large or small, needs to be protected," he said.
Things such as requiring two-factor authentication would help, Kellogg says. Also, proper management of the authentication process is imperative for ensuring data integrity. Sometimes there are malicious insiders who seek to steal data, but some security holes are simply mistakes. "A door isn't being shut, and that is a problem," he said.
Recent regulations such as the federal Sarbanes-Oxley Act and California's Security Breach Information Act (SB 1386) could force companies to addresses security issues linked to identity theft. Both laws have provisions to ensure that organizations appropriately protect sensitive data.
Members of the coalition realize they are only playing a part in protecting against identify theft. They plan to work with the FTC and other government agencies to share information and strategies.
"Industry can't do it alone. Government can't do it alone. We will have to work, hand in hand," Kellogg said.
FOR MORE INFORMATION:
FEEDBACK: What will a coalition like this do for enterprises with regard to identity theft?
Send your feedback to the SearchSecurity.com news team.