As the incidence of online identity theft has steadily climbed in recent months, banks and online retailers have struggled to stay on top of the problem and to protect their customers, whose personal financial information and online account details are coveted by criminals.
But as problems like phishing scams change from e-crime phenomenon to endemic online threats, technology companies – both large and small – are bringing products and services to market that they claim can end, or greatly reduce, the threat of online identity theft.
These are some of the technologies aimed at curbing online identity theft:
The programs are usually plug-ins adding an extra toolbar to a user's web browser interface. The programs verify website URLs and warn about websites that hide their true addresses.
Antiphishing tools are effective against phishing scams that use spam to direct internet users to websites controlled by thieves, but designed to look like legitimate e-commerce sites. However, such tools do nothing to secure sensitive financial information online.
Most of these services use a distributed network of sensors to monitor email traffic, news groups and web domain registrations, spotting new scams, such as phishing attacks. The services promise to enable companies to move quickly to crack down on fraudulent websites that use their names and also give customers advanced warning about scam email messages making the rounds.
Among other things, smart cards can store PINs (personal identification numbers) or biometric identifiers that could be used at the point of purchase to verify the purchaser's identity, making theft of an account number or credit card inconsequential.
Smart cards are ubiquitous in Europe, and the UK banking industry has recently launched a major, nation-wide rollout of smart card technology through the "chip and PIN" program, which will replace magnetic-strip cards and do away with signed receipts for "card present" purchases.
Companies in this space, including VeriSign, ClearCommerce and CyberSource, use a variety of filters to analyse transaction patterns for individual consumers or groups of consumers, and to spot suspicious activity.
For example, companies might flag a pattern of rapid, high-value transactions and spot discrepancies between the geographical location from which the order was placed and the billing address, or look askance at transactions with different billing and ship-to addresses, according to Julie Ferguson, co-founder and vice president of emerging technologies at ClearCommerce.
On the same day, VeriSign announced its Unified Authentication program, which it said will reduce the cost of "strong authentication," such as one-time passwords or hardware smart cards.
In October, RSA announced the availability of SecurID for Windows, a secure token that will make it easier for users to log on and off to Windows machines using multifactor authentication, while VeriSign and AOL said they would investigate ways to extend the Unified Authentication program to AOL members.