|
FOR MOST PEOPLE, it’s become almost second nature to take commonsense precautions to secure their property and privacy. Most lock their homes and cars; many routinely shred their discarded mail, credit card applications and monthly financial statements.
Curiously, it’s a different story when it comes to security online. Until recently, consumers tended to take a casual approach to safeguarding their online identities and accounts, assuming that nothing would go wrong.
But things can go wrong—and do, at alarming rates. Identity theft, account takeovers and other types of online fraud are on the rise. In a recent study conducted for the Federal Trade Commission, the global market research firm Synovate reported that nearly 10 million Americans were victims of identity theft during the previous year. Moreover, the FTC estimates that identity-related crimes cost businesses $50 billion a year.
Not surprisingly, therefore, consumers are
now on the lookout for better ways to protect their online
accounts and identities, and companies, hoping to avoid some
of the potential financial losses associated with identity-related
crimes, are turning to proven authentication technologies
- that have been fine-tuned to provide users with secure,
simple-to-use Internet identities. With this approach, consumers
can easily and effectively protect themselves online, shielding
everything from their investment accounts to their online
gaming personas.
Among the leaders in consumer identity protection is America Online Inc. The United States’ largest Internet service provider and consumer portal recently introduced its new AOL® PassCode premium service, which provides customers with a second level of account protection via RSA Security’s proven RSA SecurID® two-factor authentication system.
“It’s important that companies realize that consumers are ready for strong authentication solutions,” says Chris Young, vice president of safety and security for premium services at Dulles, Va.-based AOL. “Consumers are starting to understand that passwords aren’t enough. That’s why we partnered with RSA Security to deliver additional consumer identity protection solutions to our customers. We only partner with best-in-class providers, and it’s our view that RSA Security is the leader in this area.”
AOL is far from alone in deciding to provide
premium online security to its customers—consumer identity
protection is quickly becoming a priority for a variety of
businesses worldwide. For instance, banking giant Credit Suisse
has more than 250,000 retail and private customers who use
RSA SecurID tokens, rather than simple passwords, to identify
themselves when accessing online accounts and making electronic
transactions.
“Secure Internet identities, based on two-factor authentication, provide a way for businesses to ensure that users are who they say they are, as well as a way for consumers to be assured that no one else can access their accounts,” says John Worrall, vice president of worldwide marketing for RSA Security. In response to growing demand, RSA Security has unveiled a suite of services and solutions designed to help businesses implement efficient and effective approaches to consumer identity protection (see “The RSA Security Solution,” p. 10).
WHAT’S THE URGENCY?
Dramatic increases in fraud and online identity theft are driving consumers to demand better online security. Techniques such as “phishing,” in which thieves use phony e-mail messages or Web pages to trick users into revealing personal or financial information, have become so commonplace that online banks, financial institutions, retailers and government agencies are advising users how to avoid them.
Such ploys have quickly evolved from the occasional violation to far-reaching schemes in which criminals gain access to tens of thousands of accounts. “While a criminal once could bribe waiters at restaurants to obtain dozens of credit card numbers over the course of a week, that same criminal could get thousands of credit card numbers in just a few hours by launching a phishing scam,” Worrall says. “The whole velocity of working at Internet speed is the difference.”
In addition, many businesses have been hit hard by fraud-related costs, and those that once wrote off such losses have seen such substantial spikes in crime that they’re now actively pursuing alternatives such as consumer identity protection solutions to reduce their risk and financial exposure.
SECURITY AS A BUSINESS OPPORTUNITY
Indeed, providing a solution more sophisticated than the traditional password-based approach can bring substantial savings and may even generate new revenues. Take AOL, for example. “Our customers are telling us that they’re more satisfied with AOL when they’re using the PassCode system,” Young says. “While we are gaining some cost savings in the area of account support, we believe the biggest benefit of PassCode is that it will make consumers feel safer online. That translates into greater customer retention for us and an increased likelihood that prospective customers will join AOL because they feel more secure.”
THE RSA SECURITY SOLUTION: BRINGING IT TO MARKET |
The technology behind strong authentication has been around for years. And with more than 15 million RSA SecurID® tokens distributed to more than 15,000 companies worldwide, successful deployment of strong authentication is nothing new for RSA Security.
“Making consumer identity protection successful
is not a technology issue. We know how to make computers
and accounts secure,” says Richard Hanson, vice
president of worldwide engineering systems at RSA Security.
“In order to make secure authentication practical
and efficient for widespread consumer use, it requires
the ability to package the security and the surrounding
processes in such a way as to efficiently meet the business
need while providing a practical consumer experience.”
Which is exactly what RSA Security has done with its vision for consumer identity protection. Built around its proven, widely deployed RSA SecurID technology, RSA Security’s solution is both secure and convenient. Users can easily carry along their tokens, using the devices with any Internet-connected computer without having to add peripherals such as smartcard readers. Because RSA SecurID tokens are physical devices, users notice when they’re missing, unlike traditional passwords, which might be stolen or compromised with no visible trace.
In developing its consumer identity protection strategy, RSA Security recognized that what security-minded companies wanted most was a balance between user experience, security requirements, and the business costs and overhead required to deploy an effective solution. RSA Security delivers products and services designed to support any organization’s needs, including:
TOKENS, SOFTWARE AND OPERATIONS SUPPORT RSA Security has al-ready delivered more than 15 million RSA SecurID tokens to companies worldwide, and provided the back-end security servers needed to help organizations secure their internal networks and applications.
REAL-TIME OPERATIONS An effective consumer identity protection solution requires real-time operations capability and the ability to plug into a company’s existing systems. Because authentication is a business-critical activity, RSA Security maintains support services worldwide to help customers tackle real-time operations issues.
MULTIPLE REGISTRATION AND ACTIVATION OPTIONS RSA SecurID tokens must be registered and activated before they can be used to gain access to company systems. The default method, used by many organizations, involves simply having the user activate the token upon receipt, but other options are available.
STREAMLINED SUPPORT
If you’re distributing hundreds or thousands of
tokens throughout your company, you might well wonder
what happens if individual users request assistance.
RSA Security understands the impact that helpdesk calls
can have on corporate bottom lines and has designed
its solution to minimize the need for customer interactions.
SALES AND MARKETING
Many companies provide authentication services to increase
security and reduce risk. Others do so as a branding
or customer loyalty measure. And for some, it’s
a potential revenue-generating option. In all those
cases, successful deployment rests on making sure that
consumers understand the value of identity protection
and the proper use of their tokens. But just as critical
is the organization’s ability to position strong
authentication as an important value-added service.
RSA Security supports a wide range of sales and marketing
capabilities.
|
Consider the range of opportunities that consumer identity protection creates for organizations:
INCREASED
PROTECTION FOR YOUR CUSTOMERS AND YOUR COMPANY.
Security is serious business in any situation where the effects
of someone taking over your accounts or your identity—or
those of your customers—could affect your reputation,
revenues or assets.
REDUCED RISK. By increasing security through strong consumer authentication, organizations can significantly reduce their risk from and exposure to criminal activities such as account hijacking, identity theft and phishing.
INCREASED CUSTOMER RETENTION. In today’s competitive marketplace, enhancing brand loyalty and customer retention can make a huge difference in the bottom line. With that in mind, many companies are pursuing strong authentication techniques to increase customer “stickiness” and provide consumers with tangible evidence of a corporate commitment to security.
INCREASED
CUSTOMER CONVENIENCE. Most people juggle multiple
passwords for their banking, financial services and retail
Internet interactions. That’s the underlying reason
behind the rapid adoption of consumer identity protection
solutions: the desire to provide users with a convenient,
secure way to log in once, without requiring additional passwords
to access other services.
REDUCED THEFT-RELATED COSTS. Companies are seeing substantial increases in both the frequency of identity theft and the costs of dealing with compromised accounts. Consumer identity protection solutions can help hold the line on theft-related expenses and greatly reduce incoming helpdesk calls.
INCREASED REVENUES. Some companies have found that providing consumer identity protection solutions can actually be profitable. For example, ISPs and online merchants may provide secure authentication capabilities for an incremental monthly fee.
With these additional benefits in mind, companies are designing and deploying strong consumer identity protection solutions. In fact, a revolution is occurring in online identity management, one that’s challenging the traditional role of passwords as the preferred solution for account security.
THE PASSWORD PARADOX
When used correctly, passwords do, of course, help prevent unauthorized access to online accounts. But they’re also an increasingly vulnerable link in both company and individual consumer security profiles. And keeping track of passwords, let alone trying to change them regularly, can be a chore for anyone.
| SENIOR ID—WILL MY PARENTS GET IT? |
How consumer-oriented are consumer identity protection solutions? Will your parents feel comfortable using a number from a mysterious, ever-changing, key-chain device to get to their investment balances?
Actually, there’s a good chance that the consumer authentication alternative is simpler than the methods many older Americans currently use to protect their online privacy. For example, rather than relying on long lists of passwords taped to their monitors, or using the same grandchild’s name to access each account, seniors can rely on changing six-digit numbers produced by their RSA SecurID® tokens.
While the traditional RSA SecurID device is perhaps the most familiar form of strong authentication, it doesn’t have to be the only one. “There are a variety of ways that companies can offer secure authentication to their customers that make it easy for them log on while making it practical and efficient for the company,” says Tammi Hayes, RSA Security’s consumer sales director. Consider the variety of choices available for consumer authentication:
THE RSA SECURID SOFTWARE TOKEN [SOFTID] This option, which can be downloaded and installed into a Web browser’s toolbar or onto a PDA, provides secure authentication instantly without the cost or distribution considerations of physical authentication hardware.
USB TOKENS Rather than typing in passwords to access a system, users can rely on tokens that can be plugged into USB ports, putting token codes directly into the user’s computer.
TALKING TOKENS In support of federal regulations regarding disabilities, RSA Security provides a talking token that with the press of a button audibly announces the authentication code.
When it comes down to it, strong authentication options like these provide consumers of all ages with a practical new approach for securing their online accounts and identities. |
Secure consumer identity protection provides a practical alternative. With these solutions, overall security increases because account passwords change literally every minute. Convenience increases, as well, since users no longer need to remember multiple passwords. “We think that every AOL member will want to use PassCode once they understand the power of the device and security it provides,” says Young. “It’s a huge benefit for people that is relatively simple to use and doesn’t require much from the consumer. It’s certainly easier than installing software on your PC or setting up a wireless router.”
But what happens if the token—the small device identifying a particular user—is lost, left behind or stolen? Typically, that’s no problem: It can be easily replaced. Meanwhile, companies can provide users with temporary, one-time or limited-use passwords for logging in to their accounts.
While consumer identity protection might sound like an optional initiative, make no mistake, it’s rapidly becoming a requirement at many companies. “I expect strong authentication solutions like our PassCode system to be fully ubiquitous by 2009,” says Young. “For example, within five years, I expect every major online company to provide some type of strong authentication capability for their consumers. It won’t continue to be optional.”
For more on consumer identity protection, please go to rsasecurity.com.
By David A. Kelly
Photograph by Kathleen Dooher
Top
|
