CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

Perspective: The ID dilemma

National Fraud Center Chairman Norman A. Willox, Jr. says the debate over how to combat identity fraud has wrongly focused on piecemeal solutions. Meanwhile, the clock is ticking.

    Despite tentative moves toward a comprehensive authentication system, debate has not yet focused on one of the most visible threats to America's national security: namely, the growing problem of identity fraud.

    The fingerprinting program that began last month for visitors and non-U.S. citizens entering the United States, for example, underscores the need for a comprehensive authentication system to help strengthen our borders.

    As we all know, the hijackers who attacked New York and Washington, D.C., used false identifiers and false identification documents as their tickets to board their ill-fated planes Sept. 11. In immediate response, our government took important steps to develop effective identity verification systems. Biometric technology, facial-recognition systems and other scanning devices are currently undergoing tests at various airports and other secured places in the United States. There has also been much talk of implementing some type of national identification card.

    As these efforts continue, however, we also need to be mindful of some of the many challenges that exist in developing a comprehensive solution to effectively combat identity fraud.

    When you stop and think for a moment, you realize that a biometric system--an authentication system based on one's physical attributes--isn't effective if the identity is stolen and utilized at the point of registration.

    And here's a question: How can we administer an authentic national identity card system or biometric system if some of the applicants have already taken one of the thousands of Social Security numbers reported stolen over the past couple of years? Or--just as disturbing--if they have created a new identity using other people's information easily obtained from the Internet?

    Given these obstacles, the critical task at hand is figuring out how we go about answering the question that lies at the root of the identity fraud problem: How do I really know you are who you say you are?

    The root of the identity fraud problem: How do I really know you are who you say you are?
    One possible approach is through a knowledge-based system, better known as identity authentication. Unlike a biometric system, which is based on physical attributes, an authentication system would identify a person by obtaining specific information that is unique to that individual when analyzed.

    The logic behind this model is predicated on the theory that an imposter may know some of the information pertaining to an individual, but he or she will likely not know all of an individual's identifying information.

    Within the United States, similar knowledge-based identity verification systems are already being used in the financial world--for example, to verify the identity of people applying for credit cards.

    On the international front, properly authenticating visitors coming into the United States presents more of a challenge. This is because we have not yet obtained the necessary public information that exists globally--mostly in written form--on non-U.S. citizens in their respective countries. However, the means to get this information does exist, and the technology structure needed to integrate it electronically is already in place.

    As we continue to strengthen and secure our homeland, we cannot lose sight of the fact that identity fraud is more than just a national security or terrorism issue. It is also a global commerce issue. In fact, under the newly enacted USA Patriot Act, banks and other financial institutions are required to have in place systems to properly authenticate their customers.

    No doubt, people already living in the United States or trying to enter the country for the worst imaginable purposes have tried--and will continue to try--to change their identities. That makes it even more imperative for us to increase trust in the identity authentication process.