Who Are You?
If a consumer wants to purchase a product online, they have to submit their credit card number into the vast cyberspace. And if someone wants to check their finances on their bank's Web site, they have to use a user ID and password to log on. Then they will have access to all their personal finance information. Both uses of the Internet are convenient and easy to use, but there is the concern that a computer hacker or criminal will be able to gain access to their important personal information.
"One of the problems is really knowing that the person is really who they say they are," says Eitan Einwohner, senior director, business development, ComSense Technologies, San Jose, Calif. This is a major concern for everyone using the Internet. How does the online store know that the person purchasing products online is really that person connected to the credit card number. And in turn, how does the consumer know for sure that their card number is going to the correct company and won't be intercepted by a crook.
Do I Know You?"Because entities are not physically present during a transaction conducted over the Internet, there is much less certainty who the transactor (e.g. either the buyer or seller) really is. In fact, crooks have taken great advantage of this. In the consumer world, fraud is 18 times higher on the Internet than it is in the physical world, according to Gartner Group research, Stamford, Conn. In the business-to-business world, there are well-known cases of crooks illegally misdirecting goods to their own locations under the cover of a fraudulent electronic transaction," says Avivah Litan, chief marketing officer, SingleSignOn.Net, Reston, Va.
Correct identification and security is a real concern with businesses and consumers who conduct any transactions online. They are also a concern within the company. Correct identification and access to a company's Intranet is a challenge in today's society.
"A lot of people use the same User ID and password. We use easy passwords and User IDs, i.e. kid's names and birth dates. By doing this you are making it easy for the hackers. Human behavior is setting itself up for a lot of problems," says Marty Gilbert, director of product management, Motorola, Schaumburg, Ill.
So, the online world and consumers want to make it as safe as possible. They want to be able to accurately identify customers and customers want their information safe and secure. This brings up another problem. "The biggest problem for companies is ease of use vs. security factor," says Jeff Wyne, vice president marketing, Atabok, Newton, Mass. Jan Davis, president, RocketBridge, Chicago, Ill. concurs, "There is a tension between ease-of-use and security." There is the need to make the Web sites and the information on those Web sites secure, but they can't be so secure that people can't easily access the information. If that happened, the Internet would lose one of its greatest features-convenience. "This is a complex problem and there is not one silver bullet," says Davis.
I Am Who I AmRodney Snell, co-founder, SinglesClick, Orlando, Fla. ran into the problem of not being able to accurately verify a person's identification on his Web site. SinglesClick is an online dating service. And with being an online dating service a person's true identity is of the utmost importance to the success the business and the safety of its customers. "People were coming online for mischievous purposes. They were making up who they were and it tied up and wasted real customer's time," says Snell.
"People still feel more comfortable on the phone accessing information than on the Internet," says Einwohner. How does a company go about making their website secure, but user-friendly? How does a company make their Intranet safe? How do these problems get solved?
For safety and security in the office and on the company's Intranet, Motorola sees that a one card with multiple applications as a solution. The employee's ID will become their access card for building access and network access. " On the card will be all passwords and User IDs for PC access, Intranet sites, etc. This will eliminate the need to remember all the passwords and User IDs and you can have different passwords and User IDs," says Gilbert.
For the Internet, there are multiple ways to authenticate users. For example, digital certificates, biometrics, ID length and complexity, public key infrastructure (PKI), and timing-out. "One piece by itself doesn't buy you too much. A layering of methodologies must be used," says Wyne. But, this layering must also be user-friendly. It is a Catch-22. "The anonymity of that the Internet offers is the biggest downfall," says Wyne. It is in that inherent anonymity of the Internet where the problem of true user authentication lies.
Who Will I Become?At the present time, online companies are using multiple techniques to secure their Web sites and their customer's information, but computer technology is changing constantly and the genius computer hackers are always figuring out new ways to bypass computer safety measures. So, online security and authentication is in constant growth and development.
"I think breakthroughs in PKI usability and operability will enable this proven technology to finally be deployed. Further, if even stronger authentication is needed, PKI can be used in conjunction with other emerging identification technologies, like biometrics, where fingerprints, for example, can provide the PIN to unlock a user's private key," says Litan.
Also, on the horizon is the greater use of biometric technology. "People may be willing to invest in smart cards, biometrics and voice print. They will have a role in the future, but how long will it take? Technologies that tie physical characteristics to data are in the future, but not for a long time," says Davis.
As long as the Internet is used to purchase products and check on finances, there will be a need to have security measures in place. And as long as there are mischievous people, crooks and hackers, those measures will need to consistently grow and change. The online world and the security world will have to come together and work on making the measures easy to use and fool-proof.