We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Online identity theft: many medicines, no cure

Banks and security plugging away, but only around the edges of the problem

As the incidence of online identity theft has steadily climbed in recent months, banks and online retailers have struggled to stay on top of the problem and to protect their customers, whose personal financial information and online account details are coveted by criminals.

But as problems like phishing scams change from e-crime phenomenon to endemic online threats, technology companies – both large and small – are bringing products and services to market that they claim can end, or greatly reduce, the threat of online identity theft.

These are some of the technologies aimed at curbing online identity theft:

  • Antiphishing toolbars: These lightweight applications, or applets, were some of the first tools specifically created to stop online scams like phishing. They have been offered free to customers by eBay, Internet service providers (ISPs) EarthLink. and AOL, and other companies.

    The programs are usually plug-ins adding an extra toolbar to a user's web browser interface. The programs verify website URLs and warn about websites that hide their true addresses.

    Antiphishing tools are effective against phishing scams that use spam to direct internet users to websites controlled by thieves, but designed to look like legitimate e-commerce sites. However, such tools do nothing to secure sensitive financial information online.

  • Antiphishing services: Phishing prevention services are designed to spot and thwart new threats, including brand monitoring services such as FraudProtect by MarkMonitor, Symantec's Online Fraud Management Solution, VeriSign's AntiPhishing Solution and services by NameProtect.

    Most of these services use a distributed network of sensors to monitor email traffic, news groups and web domain registrations, spotting new scams, such as phishing attacks. The services promise to enable companies to move quickly to crack down on fraudulent websites that use their names and also give customers advanced warning about scam email messages making the rounds.

  • Payer authentication and smart cards: Online security advocates often cite smart cards as a cure-all for online fraud. The cards combine traditional plastic credit cards with microprocessor chips that can store far more information about the cardholder than older, magnetic-strip cards.

    Among other things, smart cards can store PINs (personal identification numbers) or biometric identifiers that could be used at the point of purchase to verify the purchaser's identity, making theft of an account number or credit card inconsequential.

    Smart cards are ubiquitous in Europe, and the UK banking industry has recently launched a major, nation-wide rollout of smart card technology through the "chip and PIN" program, which will replace magnetic-strip cards and do away with signed receipts for "card present" purchases.

  • Fraud screening and prevention: Lacking strong authentication at the point of purchase, most credit card companies and merchants in the USA name fraud screening technology as their first and best defence against fraud.

    Companies in this space, including VeriSign, ClearCommerce and CyberSource, use a variety of filters to analyse transaction patterns for individual consumers or groups of consumers, and to spot suspicious activity.

    For example, companies might flag a pattern of rapid, high-value transactions and spot discrepancies between the geographical location from which the order was placed and the billing address, or look askance at transactions with different billing and ship-to addresses, according to Julie Ferguson, co-founder and vice president of emerging technologies at ClearCommerce.

  • Consumer authentication services: Recent deals between security technology companies and major ISPs and consumer software vendors could bring multifactor authentication technology into the mainstream. In September, RSA Security and AOL announced a new program called "AOL PassCode" that will encourage AOL customers to use RSA SecurID tokens to protect account information.

    On the same day, VeriSign announced its Unified Authentication program, which it said will reduce the cost of "strong authentication," such as one-time passwords or hardware smart cards.

    In October, RSA announced the availability of SecurID for Windows, a secure token that will make it easier for users to log on and off to Windows machines using multifactor authentication, while VeriSign and AOL said they would investigate ways to extend the Unified Authentication program to AOL members.


  • IDG UK Sites

    Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

    IDG UK Sites

    LED vs Halogen: Why now could be the right time to invest in LED bulbs

    IDG UK Sites

    Christmas' best ads: See great festive spots studios have created to promote themselves and clients

    IDG UK Sites

    Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad