Protecting your personal information with "what you know" is no
longer good enough as it is now easy to find information like a
birth date, address or mother's maiden on social networking sites
such as Facebook and
MySpace.
Additional measures of combining "what you know" (eg Pin
numbers) with "what you have" (eg smartcards or tokens) do provide
another level of protection for consumers against identity fraud.
For example, since 2006 and the introduction of
chip-and-Pin card technology in the UK, bank card fraud losses
have fallen by nearly £80 million, according to the
APACS UK Payments Authority.
But in some instances, where even greater assurance of identity
is required, organisations are seeking even better protection via
another layer, "what you are".
Biometrics is the use of technology to prove identity using
biological identifiers, such as fingerprint, iris and vein patterns
that are unique to individuals.
Very concerned
The
Unisys Security Index of September 2007 shows that 62 per cent of
UK residents are extremely or very concerned about the issue of
identity management. However, if people are to embrace new security
measures they need to be educated about how they work and what they
are designed to achieve. Why is a fingerprint being taken? Where
will their photograph be stored?
As the use of biometrics continues to mature along with public
acceptance of the technology, innovation will inevitably expand
into new domains beyond the familiar methods of voice, face, finger
and iris recognition. One promising alternative is vascular
recognition technology, using the biological information encoded in
the wrist, back of hand or finger's vein pattern. Similarly, rapid
automated DNA matching is likely to become more widely accepted as
a biometric technology. Continued investment in biometrics will
drive research and development and expansion into new markets, such
as home access and aged care services.
The most significant applications will combine multiple
biometric solutions with other security or identity measures, such
as
radio frequency identification (RFID) and smartcard technology.
The most effective approach to security is a holistic one, which
assesses all possible security risks, internal and external.
The next step for business and government is to define and
maintain a consistent global approach to applying security
enhancing solutions within an ethical privacy framework. In 2007,
the global Centre for Ethical
Identity Assurance (CEIA) - an alliance of industry, government
and academia - was created. Key among CEIA's initiatives is the
development of a draft Consumer Bill of Rights to protect personal
information and safeguard against identity fraud. In the UK, Unisys
is also a board member of the
Information Assurance Advisory
Council (IAAC), which is just completing a two-year research
stream on identity assurance.
Enhance privacy
The reality is technology-based security improvements in
identity and biometrics can enhance people's privacy, convenience
and choice.
There is growing recognition of this, but if the benefits are to
be fully realised, government and business need to clearly convey
the facts to consumers, highlighting that privacy and security
aren't mutually exclusive ideals. ●