Managing Identity in Cyberspace: Building an Identity
While it might seem simple and obvious, building and identity can be quite complex and requires care and discipline. It’s all about the risk.
Building an identity involves:
- Registration—deciding which identity elements are relevant to the enterprise and collecting that identity data
- Identity Proofing—validating the data and its association with the individual
- Credentialing—deciding how the user will demonstrate that he is authorized to use the identity when exercising associated privileges
Registration: Registration is the process that captures identity information in a directory, authentication system, or other business systems. Registration information could be tied to an identity of an individual, for example biographic information. It also could be attributes that do not uniquely identify a specific person, like a made-up user name.
Depending on the business functions an individual will be able to perform on the basis of the identity, the enterprise may choose to gather limited biographic data up front and do limited verification of this data, with the idea that they will gather more data or do stronger identity proofing in the future, when the individual wants greater privileges.
The registration process can be integrated with other processes for multiple uses. For example, an electronic loan application also can serve as a part of an identity registration process, with the same data being used for both.
Identity Proofing: In identity proofing, the enterprise binds the collected identity data with the individual by verifying that the data actually identifies the individual who will receive and use the credential. Identity proofing can be done face-to-face, remotely, or it can be based on a reference.
Depending on the business process, it may be important to augment the individual’s biographical data with professional qualifications or licenses. For example, if a user will be e-prescribing, it is important to bind the biographic data with a valid medical license and prescribing credentials. The level of identity proofing is determined by the degree of risk associated with the action.
Credentialing: Once these steps are completed, the individual is issued a credential authorizing him or her to perform actions that reflect permissions, rights, or other authorities granted by the enterprise.
This four-part series by Brent Williams, Chief Technology Officer for Anakam Identity Services, outlines the elements a company should consider in approaching identity in order to protect its most valuable corporate assets. In our next post we will address making changes to identities.
If you want to talk to a specialist about identity management, please send us an e-mail. If you are interested in learning more about Equifax technologies and analytical services, please sign up for our monthly newsletter.
Recommended For You
The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by […]
Fraudulent account activity and identity fraud are both significant drains to today’s business resources. In the era of online and mobile commerce, […]
Fraudsters are a smart group. With each fraud prevention method that’s introduced, they figure out ways to work around it. […]
The growth of synthetic identity fraud shows few signs of slowing. Data breaches, social media mining, phishing and other schemes have given […]