Reducing risk of online ID theft

By on
Reducing risk of online ID theft

The total cost of U.S. identity fraud in 2004 was $52.6 billion, with 11.6 percent of stolen identity information obtained online, according to Javelin Strategy & Research and the Better Business Bureau. The proliferation of online applications providing access to confidential identity data has magnified vulnerabilities that are not adequately addressed by traditional network security techniques. The following policies, procedures and systems are recommended to implement a security program for online applications.

  • Develop secure web applications: Follow best practices in web application development, as represented by the Open Web Application Security Project (OWASP).
  • Check identities and backgrounds before authorizing access: The Identity Theft Assistance Center is one resource where members can quickly check application information against a database of known identity thefts.
  • Institute strong authentication procedures: Strong authentication, such as a PIN token, a smart card calculator or another soft mechanism, makes fraudulent access more difficult, but not impossible.
  • Monitor and compare user activity to detect suspicious behavior: Strong authentication is not sufficient to protect sensitive customer information, especially from employees and other authenticated users who may succumb to the temptation of theft or malicious conduct. 
  • Develop a comprehensive incident response plan: There is no absolute means by which an incident can be prevented. Therefore, it is imperative that companies develop appropriate incident response plans, including remediation and communication strategies.

Bruce Pharr is director of marketing for Covelight Systems

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?