Keeping personal identity information and confidential data secure, especially from unauthorised users and fraudsters, continues to be a major security threat for Small to Medium Enterprises (SMEs) and home users. Data security is becoming increasingly important as the trend towards mobile computing grows. This is according to John Mc Loughlin, managing director of J2 Software.
SMEs and home users are becoming more vulnerable with the growing threat of identity theft. Whenever the Internet is used to communicate private or confidential information, it can be captured by fraudsters or data thieves. This includes applications such as Internet banking, online shopping, e-government transactions and insurance queries.
Recent reports on identity theft from local Internet banking users highlights the real danger of this 'open-neck' traffic between some organisations and their customers. The Federal Financial Institutions Examination Council (FFIEC) issued statements last year on "Authentication in an Internet Banking Environment" whereby financial institutions were advised to provide security protection to high-risk online financial transaction services with by the end of 2006. This high-level security protection needed to be similar to that of credit card verification.
Mc Loughlin says in the case of credit cards, there is a physical element and a pin or signature check. "Imagine that this could be extended to cover all online transactions that require some sort of verification or transmission of personal information."
This could take the form of "multi-layer authentication" rather than just a single mechanism of a password. Multi-layer authentication would provide three main types of authentication of which any two or more could be used. These include unique personal attributes like handwriting, fingerprints or retina scans; or digital certification by means of a swipe card, USB key or token; or a pin and a password.
"Many organisations use layered security which asks multiples of the same type of authentication e.g password, account number, secret question. This is by far better than a single method like a password, but less robust than multi-layered authentication. Layered security also costs less to implement on a mass-market level," he explains.
Large organisations that provide online applications understand the online risks and many have combative and rigorous security measures in place. SME's and home users seldom share this security culture; they are often left to fend for themselves in these types of communications.
One of the solutions is to put a "face on a faceless world" by providing these users with a trusted identity by providing affordable means of identification, personal authentication and privacy in computer-based systems through cryptography such as a global protocol such as Public Key Infrastructure (PKI). This means providing some means of coding the information sent to identify the source, authenticate and authorise the contents and provide privacy against eavesdroppers when communicating private or confidential information.
PKI would allow users to encrypt and decrypt private information such as files and emails by creating digital signatures, ensuring documents can only be read by the recipients. Creating digital certificates, a kind of passport or credential that means only the user and sender can decrypt the file preventing malicious impersonation by a third party, to authorise transactions.
Ease-of-use and ability to work across multiple applications, without unduly restricting the ability of individuals or organizations, is important. If users find security measures cumbersome and time consuming, they are likely to find ways to circumvent them. However, consumers are more ready to accept a little more inconvenience.
PKI can be incorporated into a personal and uniquely identified, portable physical device, like a USB key, to provide identification and authentication of consumers for online applications. PKI can be managed at a corporate level as part of online application delivery and customer management.
Technology has certainly improved where this can be a reality. An affordable, mass market, multi-authentication solution could improve trust and consumer confidence and help the online transactional market grow and protect not just those at most risk, but all users.
Share
J2 Software, a local data security solutions provider and distributor of T3 Security Suite, provides easy to manage, easy to implement and easy to use data security solutions. The Company offers solutions for everyone, from single-users up to large corporations.
J2 Software came into existence because of the increasing demand for data protection products that are effective, simple to deploy and easy to use. J2 Software provides effective and easy to manage data security solutions. We offer you complete peace of mind through the cost effective delivery of world beating data security, encryption and protection tools. We also offer you the ability to effectively implement and monitor your internal corporate IT Policy. With the continued increase in identity theft and confidential data leakage, the need for our products are not only an advantage, but an absolute necessity.
Editorial contacts