Protecting your personal information with "what you know" is no longer good enough as it is now easy to find information like a birth date, address or mother's maiden on social networking sites such as Facebook and MySpace.
Additional measures of combining "what you know" (eg Pin numbers) with "what you have" (eg smartcards or tokens) do provide another level of protection for consumers against identity fraud. For example, since 2006 and the introduction of chip-and-Pin card technology in the UK, bank card fraud losses have fallen by nearly £80 million, according to the APACS UK Payments Authority.
But in some instances, where even greater assurance of identity is required, organisations are seeking even better protection via another layer, "what you are". Biometrics is the use of technology to prove identity using biological identifiers, such as fingerprint, iris and vein patterns that are unique to individuals.
The Unisys Security Index of September 2007 shows that 62 per cent of UK residents are extremely or very concerned about the issue of identity management. However, if people are to embrace new security measures they need to be educated about how they work and what they are designed to achieve. Why is a fingerprint being taken? Where will their photograph be stored?
As the use of biometrics continues to mature along with public acceptance of the technology, innovation will inevitably expand into new domains beyond the familiar methods of voice, face, finger and iris recognition. One promising alternative is vascular recognition technology, using the biological information encoded in the wrist, back of hand or finger's vein pattern. Similarly, rapid automated DNA matching is likely to become more widely accepted as a biometric technology. Continued investment in biometrics will drive research and development and expansion into new markets, such as home access and aged care services.
The most significant applications will combine multiple biometric solutions with other security or identity measures, such as radio frequency identification (RFID) and smartcard technology. The most effective approach to security is a holistic one, which assesses all possible security risks, internal and external.
The next step for business and government is to define and maintain a consistent global approach to applying security enhancing solutions within an ethical privacy framework. In 2007, the global Centre for Ethical Identity Assurance (CEIA) - an alliance of industry, government and academia - was created. Key among CEIA's initiatives is the development of a draft Consumer Bill of Rights to protect personal information and safeguard against identity fraud. In the UK, Unisys is also a board member of the Information Assurance Advisory Council (IAAC), which is just completing a two-year research stream on identity assurance.
The reality is technology-based security improvements in identity and biometrics can enhance people's privacy, convenience and choice.
There is growing recognition of this, but if the benefits are to be fully realised, government and business need to clearly convey the facts to consumers, highlighting that privacy and security aren't mutually exclusive ideals. ●
This was first published in July 2008