Saturday, May 08, 2010

HOW CAN COMPANIES DEFEAT IDENTIY THEFT?

When was the last time you counted the number of cards you carry around with you? You would be shocked at the identity, bonus, credit, debit, ATM and other plastic identifiers that line up our wallets/purses. These cards identify and authenticate us at various transactions be they an ATM withdrawal or a purchase in your local supermarket. The common thread in all these transactions is that every time you transact you give away some more of your personal data.

The interesting fact is that these companies you transact with cannot prove that you are who you claim to be. The supermarket you bought your groceries from in Kisumu, when using your credit card, does not have a mechanism to verify that you are the same person who used a debit card to purchase an airline ticket from a travel agent in Nairobi.

This means you are enjoying pseudonymity. This is where you are guaranteed a degree of privacy because your identity information is not shared between the companies you transact with. Whereas this might be good news for you, this situation presents a security risk to companies.

This absence of data sharing or matching, between companies, means that they are prone to identity theft and abuse. A response to this risk is the establishment of credit reference bureaus who attempt to establish a relationship between these disparate commercial entities. This process, as an end in itself, is however not error free and is expensive. It is at this point identity management gains relevance.

Identity management seeks to establish the eligibility of each individual to conduct a transaction, and to assign the limitations of liability in the event of a failure. Eligibility is assured when databases are interconnected so as to determine a few fundamentals.

The first is establishing who you are. Whether you can be found in various databases as the same person you claim to be. The second fundamental is determining whether you are a unique person within a database. If you use your credit card to pay your hospital bill for the first time the Hospital Management System should be able to pick this up and use further eligibility criteria to ensure accurate identification.

Lastly eligibility is assured when it can reliably be proven that you are the legitimate holder of the credentials you have presented for a transaction. This can, for example, be achieved by using biometrics in tandem with a credit card.

No comments: