By Joris Evers, 14 June 2005 09:15
NEWS In the wake of several high-profile data breaches, the Liberty Alliance is branching out to take on identity theft.
The organisation, formed to develop technology standards for online authentication, is set to launch its Identity Theft Protection Group today. Headed by representatives from American Express and Fidelity Investments, the new effort plans to release an identity theft glossary next month and to subsequently come up with ways to prevent ID theft.
Michael Barrett, co-chairman of the Identity Theft Prevention Group and a security executive at American Express, said in an interview on Monday: "I am concerned that unless we do something as an industry, this problem is going to get worse and worse, to the point that it is no longer a question if your identity gets stolen, but when."
Identity-related crime such as phishing threatens the growth of the internet, Barrett said. The Identity Theft Prevention Group hopes to become a hub for efforts to combat the issue. It plans to first define and dissect the problem and then develop solutions, which could be technical specifications, policy best practices or business guidelines, Barrett said.
The launch comes in the wake of several high-profile data loss incidents that exposed US consumers to identity risk. Last week, CitiFinancial said tapes containing unencrypted information on 3.9 million customers were lost by the United Parcel Service while in transit to a credit bureau. CitiFinancial is the consumer finance subsidiary of Citigroup. In past months, data leaks have been reported by Bank of America and Wachovia, data brokers ChoicePoint and LexisNexis, and the University of California at Berkeley and Stanford University.
The alliance's Identity Theft Prevention Group claims to be the first to address the issue from a multi-organisational perspective. It includes technology vendors, financial services organisations, law enforcement and others, Barrett said. Non-Liberty members can participate through a liaison program.
Liberty is not alone in fighting the problem. Organisations such as the Better Business Bureau and the Federal Trade Commission have efforts to educate consumers and prevent identity theft. So have groups including the Anti-Phishing Working Group.
A larger, collaborative effort is welcome, said James Van Dyke, a principal analyst at Javelin Strategy & Research, which publishes an annual report on identity fraud. However, Liberty should start by renaming its working group to the Identity Fraud Protection Group, he said. "The ultimate thing we are trying to stop is identity fraud," Van Dyke said.
Education is key to the push, Van Dyke said. He noted that the internet is a double-edged sword, in that it can be abused to commit identity fraud but consumers can also use it to monitor accounts and get rid of paper statements that could be used by dumpster-diving ID fraudsters.
Also, contrary to popular belief, ID fraud in most cases is not committed by hackers far away in another country, Van Dyke said. In 54 per cent of the ID theft cases, the perpetrator is somebody the victim knows, such as a relative, friend or domestic employee, he said.
Jonathan Penn, an analyst at Forrester Research, said the Liberty Alliance should not overreach. The group could be a clearinghouse for ID theft issues but its real strength is in developing technical specifications, he said. "There should be some definition of Liberty's purpose and scope - for example, focusing on technical solutions that would be adopted across various industry sectors," he said.
Liberty has scheduled its first Identity Theft Workshop on 20 July in Chicago.
Joris Evers writes for CNET News.com
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below