Finding the right balance between privacy and convenience online is best left to individual consumers; they are more vested than anyone in protecting their personal information. More control will enable them to decide what information they want to share and how they want to share it.
The Internet, since its early days, has been largely shaped by the users who determine its function and evolution. While identity protection was not built into the fabric of the Internet, more and more users are seeking to map out the ground rules for privacy.
For example, more Internet users today indicate that they want the ability to limit the “digital footprint” of an identity. This refers to how long sensitive information like names and addresses can be kept and accessed, how many copies of the information exist, who has access to the information and, most important, the rules that must be followed when receiving identity information.
Consumers are beginning to understand that limiting digital copies of their personal information in cyberspace can cut down on possible abuse by fraudsters. Given recent high-profile security incidents, they have reason to be concerned.
Staying Ahead of Scammers
This year’s Federal Trade Commission report on consumer fraud cited identity theft as the No. 1 consumer complaint last year, accounting for almost one-third of all consumer fraud complaints. While more awareness, better credit-monitoring and more sophisticated methods to authenticate identity have helped curb fraudulent behavior, protecting personal information is still a challenge.
The cost of identity theft and fraud remains high in the U.S. In 2006, it amounted to an estimated US$49 billion paid out primarily by merchants and financial institutions, plus an estimated $4.5 billion tab for consumers.
More needs to be done to get ID theft numbers lower and the cost of fraud down. Meanwhile, scams keep getting get more sophisticated — requiring consumers, businesses and Internet technology developers to stay one step ahead.
Fraudsters continue to lure unsuspecting consumers by getting more sophisticated with well-known methods, as demonstrated by the indictment of 38 members of a Romanian-based global crime ring earlier this year.
The crime ring targeted financial accounts by phishing for consumers’ IDs, passwords and credit card information, sending more than 1.3 million spam messages in just one phishing attack alone, in a technologically complicated scheme to extract money from bank accounts.
Social Networks Lead the Way
Of course, once consumers become aware of the latest scheme, criminals start to devise new scams — and on it goes in an endless cycle. To develop a longer-term solution to online fraud and identity theft in an evolutionary manner, it may be helpful to look in an unexpected place: social networks.
One of the appeals of social networking is that individuals decide who to bring into their networks. Today’s job seekers, for example, are turning to social networking sites because they allow more control over their resumes and personal information than do job boards or Web sites, which provide access to any user.
Job seekers on social networks are notified when users access their resumes. Recently, when Facebook designed an advertising program to track the activities of its users, it met strong resistance because it took away the personal information control that users were accustomed to. Facebook soon pulled back.
End to U and P Chaos
Models for “user-centric identity management,” such as OpenID and Eclipse’s Project Higgins, have emerged as popular ways to save time registering for new Web sites, and they enable individuals to take more control and ownership of their digital identities.
OpenID is free technology that eliminates the need for multiple user names across different Web sites, helping individuals limit the sharing of personal information and reducing the pain of managing dozens — even hundreds — of user names and passwords.
OpenID has become popular with social networking sites and blogs, and the open community is working on its own security for OpenID to support its momentum across the open Web, particularly when crucial personal information such as credit card and social security numbers are involved.
Today, individuals are beginning to expect — and require — a greater degree of control over their personal information in all their interactions online. As the Internet matures, users become clearer in what they want and what they don’t want as part of their online experience.
The best way to limit fraud and increase customer loyalty is to increase consumer control over personal information and limit how much personal data needs to be revealed in order to interact safely online.
Anthony Nadalin is an IBM Distinguished Engineer and chief security architect for IBM Tivoli Software.