IT GRC Forum

FacebookJoin our Linkedin Group!Follow us on Twitter!Subscribe to our Feeds!
E-mail

Administration Releases Strategy to Protect Online Consumers

April 15, 2011 - Today, the Obama Administration released the National Strategy for Trusted Identities in Cyberspace (NSTIC), which seeks to better protect consumers from fraud and identity theft, enhance individuals' privacy, and foster economic growth by enabling industry both to move more services online and to create innovative new services. 

The NSTIC aims to make online transactions more trustworthy, thereby giving businesses and consumers more confidence in conducting business online."The Internet has transformed how we communicate and do business, opening up markets, and connecting our society as never before.  But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year," said President Obama.  "By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation.  That's why this initiative is so important for our economy."

"We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords," said Commerce Secretary Gary Locke, speaking at the U.S. Chamber of Commerce.  "Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them."

The goal of NSTIC is to create an "Identity Ecosystem" in which there will be interoperable, secure, and reliable credentials available to consumers who want them.  Consumers who want to participate will be able to obtain a single credential--such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password.  Instead of having to remember dozens of passwords, the consumer can use their single credential to log into any website, with more security than passwords alone provide.  Since consumers will be able to choose among a diverse market of different providers of credentials, there will be no single, centralized database of information.  Consumers can use their credential to prove their identity when they're carrying out sensitive transactions, like banking, and can stay anonymous when they are not.

Once the Identity Ecosystem is developed, a small business, for example, would be able to avoid the cost of building its own login system and could more easily take its business online.  Consumers would be able to connect with the new business with a credential they already have, thereby avoiding the hassle of creating another username and password while also being more secure.  The small business can take advantage of this interoperability to focus on its product or service instead of on managing users' accounts.  The small business has also expanded its ability to reach new customers across the nation and around the world.

Separately, there are many services for which consumers must go to a physical store--or sign a sheet of paper and fax it to a business.  In the Identity Ecosystem, consumers would have the option of proving their identity online, which would enable industry and government to both move brick-and-mortar services to the online world and to create innovative new services.

More secure credentials will also help consumers and businesses better protect themselves from identity theft and online fraud, which annually cost our economy billions of dollars and impose a significant cost in time and money to those who fall victim.  In the worst cases, it can take a consumer over 130 hours to recover from having their identity stolen.  According to industry surveys, a consumer will also suffer an average out-of-pocket cost of $631 when their identity is stolen--and millions of consumers suffer this experience each year.

The Identity Ecosystem will provide more security for consumers; it will also provide better privacy protections.  Today, a vast amount of information about consumers is collected as they surf the Internet and conduct transactions.  How organizations handle that information can vary greatly, and more often than not, it is difficult for consumers to understand how their privacy will (or will not) be protected.  The NSTIC seeks to drive the development of privacy-enhancing policies as well as innovative privacy-enhancing technologies to ensure that the ecosystem provides strong privacy protections for consumers.

The NSTIC outlines a private-sector led effort, facilitated by government, to develop the technologies, standards and policies necessary to create the Identity Ecosystem and to enable a self-sustaining market of many different credential providers.  The Identity Ecosystem will be built to provide more security and privacy to consumers, while also spurring economic growth by helping businesses move more services online.

For more details on the National Strategy for Trusted Identities in Cyberspace (NSTIC), click here, or read the full Strategy here.



 

Subscribe via Email

 Your Email:
Banner