Experianand Microsoft have developed
ane-commerce securitysystem that avoids
users having to remember multiple passwords and tightens security
between them and online merchants.
The "proof of concept"
identity management service, using the Microsoft Windows
CardSpace system, streamlines identity authentication and provides
a safer and simpler way to
pay online, said the partners.
The identity management service will enable organisations to
dramatically reduce the customer support resources needed for
web-based activity, such as resetting forgotten passwords, said the
companies.
Consumers could also have a better customer experience as they
are required to remember fewer verification details and are able to
rely on Experian, a trusted third party, to verify that the
organisation they are dealing with is bona fide.
At the outset, Experian verifies both individuals and
organisations via a straightforward registration and ID
authentication process. Once this process is complete,
organisations and individuals are able to communicate, reassured
that both parties are legitimate.
Windows CardSpace runs on the consumer's computer desktop and
acts as an identity selector to enable the individual to better
control what information they choose to share online and with
whom.
For instance, if an individual wants to renew their car
insurance, they select their "Experian Card", which would contain
confirmation of identity details and age plus, in this instance,
other facts that form part of money-laundering legislation.
Windows CardSpace then sends a request to Experian, the identity
provider, to validate the identity of the website.
Once the requesting website is identified, Experian then forms
and returns a signed and encrypted "token", which contains a
confidence level as to whether that person exists and is who they
say they are to Windows CardSpace and then to the website.
All interactions between the individual, Experian and the
organisation are encrypted and digitally signed to protect the
information from data security attacks.
"As online security tries to keep up with ever-evolving ID fraud
tactics, consumers are having to create multiple passwords to
transact online," said Paul MacKinnon, senior identity advisor at
Microsoft UK.
"Consumers are overwhelmed with the plethora of passwords and
user names they are expected to remember and are reverting to
offline transactions. Businesses are also looking for ways to
ensure the public are in a safe environment when online to improve
the customer experience and protect web-based transactions," he
said.
Peter Brooker, director at Experian, said, "Consumers are
becoming more concerned about who they are buying from and seeking
reassurance that the organisation they are dealing with is
legitimate.
"This service will work both ways, validating the consumer and
the organisation's credentials, delivering a more secure and less
stressful online experience for all."
The partners say they are talking to organisations that could
potentially deploy the system.