Highlighting a need for identity protection in today's world of electronic transactions, Elliff lamented the lack of adoption an identity authentication standard that could be used by Australian banks, government services and ebusinesses.
"Online identity protection is in its infancy; worse than that, it's in an orphanage," he said.
Elliff described some the two-factor authentication measures currently employed by some Australian banks and online businesses. Such measures usually require users to log in to a Web site using one-time passwords that are generated on demand and instantly sent via SMS or displayed on physical tokens.
Due to the costs involved with producing and distributing tokens and sending SMS messages, however, businesses have been slow to roll out two-factor authentication.
The 2007 launch of a two-factor authentication service by eBay and VeriSign, for example, has achieved the distribution of hundred of thousands of devices across to date, across the U.S., Germany and Australia. In comparison, the online auction site currently boasts 5 million members in Australia alone.
Similarly, Elliff says, two-factor authentication used by banks mostly service customers with high value transactions.
"Banks seem to be focussed on risk management rather than completely eliminating the problem," he said. "Meanwhile, a lot of the government schemes are too ambitious, with too much politics involved."
Other identity authentication methods include digital certificates and the use of physical smart cards that are embedded with users' information.
Elliff raised the example of the controversial Health and Social Services Access card that was proposed by the Australian Liberal Government in 2006, only to be terminated by the Labor Government in November last year. The access card was designed to use smart card technology to replace 17 existing cards for a range of government services including healthcare and pension, and was expected to save the Government $3 billion per year.
While debates rage on about the deployment of smart cards in Australia, the technology is becoming increasingly prevalent in countries like Singapore and China, which Elliff said had more centralised and authoritative governments.
"To really make progress, we need committed government involvement without being too ambitious," he said. "We need something that has a greater chance of success than the traditional all-or-nothing approach."
Elliff cited current discussions between VeriSign, Australia Post, the Australian government and banks about VeriSign's VIP Authentication Service that would provide individuals with universal two-factor authentication tokens that could be used for all online services.
The company is currently recruiting members for the service, which will use a centralised authentication system managed by VeriSign. So far, six Australian credit unions have expressed interest in the service Elliff said, but larger banking cooperations have been more difficult to convince.
"I've spoken to the big four banks in Australia and they recognise that there is something that needs to be done about online identity protection," Elliff said, "but they are looking for global initiatives and standards."
VeriSign lobbies banks, government for identity protection standard
By
Liz Tay
on Mar 5, 2008 4:26PM
In the eternal race between cyber crime and security technology, good guys ideally should be working together. But real-world collaboration can be difficult to attain, according to VeriSign's director of identity authentication services, Ed Elliff.
