Banks and online retailers are struggling to protect
their customers from criminals who covet their personal financial
information and account details. But as problems like phishing
scams change from phenomenon to endemic threat, technology
companies are launching products and services to end, or greatly
reduce, the threat of online identity theft.
There are five main technologies aimed at curbing online
identity theft:
Antiphishing toolbars
These lightweight applications were some of the first tools
designed to stop online scams like phishing. AOL, eBay and others
offer these programs free to customers. Usually plug-ins adding an
extra toolbar to a user's web browser, the programs verify website
URLs and warn about websites that hide their true addresses.
Antiphishing tools are effective against the use of spam to
direct internet users to websites controlled by thieves but
designed to look like legitimate sites. But such tools do nothing
to secure sensitive financial information online.
Antiphishing services
Designed to spot and thwart new threats, phishing prevention
services include MarkMonitor's FraudProtect, Symantec's Online
Fraud Management Solution, VeriSign's AntiPhishing Solution and
services by NameProtect. Most use a distributed network of sensors
to monitor e-mail traffic, newsgroups and web domain registrations,
spotting new scams such as phishing attacks.
Antiphishing services promise to allow companies to move quickly
in cracking down on fraudulent websites that use their names and
also give customers advanced warning about scam e-mails making the
rounds.
Payer authentication and smartcards
Online security advocates often cite smartcards as a cure-all
for online fraud. The cards contain chips that can store far more
information about the cardholder than older, magnetic-strip cards.
Among other things, they can store PINs or biometric identifiers
that can be used at the point of purchase to verify the purchaser's
identity, making theft of an account number or credit card
inconsequential.
Smartcards are ubiquitous in Europe, and the UK banks have
recently rolled out a chip and PIN smartcard programme to replace
magnetic-strip cards and do away with signed receipts for "card
present" purchases. Obstacles to the widespread use of smartcards
in the US include the inability of existing card readers to support
them.
Fraud screening and prevention
Without strong authentication at the point of purchase, most US
companies turn to fraud screening technology as their first and
best defence. Companies such as VeriSign, ClearCommerce and
CyberSource use a variety of filters to analyse transaction
patterns for individuals or groups, and to identify suspicious
activity.
For example, companies might flag up a pattern of rapid,
high-value transactions and spot discrepancies between the
geographical location from which the order was placed and the
invoice address, or look askance at transactions with different
invoicing and delivery addresses, according to ClearCommerce
co-founder and vice-president Julie Ferguson.
Consumer authentication services
Recent deals between security technology companies and major
ISPs and software suppliers could bring multifactor authentication
technology into the mainstream. Since September, AOL has encouraged
its customers to use RSA SecurID tokens to protect account
information. And RSA has released SecurID for Windows, a secure
token that will make it easier for users to log on and off Windows
machines using multifactor authentication.
Consumer strong-authentication programs could also create an
infrastructure that banks and online retailers build on to
strengthen interactions with their own sites, according to Gil
Danieli, vice-president of technology at online bank EverBank
National. For now, SecurID for Windows doesn't protect access to
online banking or e-commerce services, but such applications aren't
out of the question in the future, according to Ned Brody, senior
vice-president of premium services at AOL.
Paul Roberts writes for IDG News Service