Rethinking Remote ID Proofing
It’s been over ten years since federal guidance for remote identity proofing first came about and lots of discussions are underway about what those standards should look like now. Between calls for increased online security and the death of the password, the question is what might replace the methods in place now.
Paul Grassi, Senior Standards and Technology Advisor at NIST, describes the discussions happening at the National Institute of Standards and Technology and among industry groups. “We want to know what risk models and alternative techniques have worked but aren’t aligned with our current documents. Do we stick with four levels? Collapse to less than four since we know there is no such thing as a secure password? Do some vector or gradient based assurance standard instead that takes into account the multiple components that comprise trust in online identities?”
Industry groups care because the theft of consumer financial and identity information is rising, and the subsequent use of those stolen identities to attempt breaches of other sites compounds the problem. Sites that are protected by just a user name and password are particularly vulnerable to attack and account takeover.
We’ve been advising a layered approach to protect data and accounts. Risk-based, multi-layered data security starts with knowing who your users really are and protecting customer accounts includes knowing who has access to your data and why.
Contact us for more information about protecting account access and minimizing sensitive data loss. Equifax’s identity and multifactor authentication solutions are designed to meet current standards and NIST guidelines. We continue to participate in the discussions around how best to protect online information so that we can ensure our customers can best protect their data and customer accounts.
Recommended For You
Online consumers can make their purchase with various payment options, like credit card, Apple Pay or PayPal. As a result, […]
As an HR professional, it’s your priority to protect employee data. You may not realize it, but responding to employment […]
The CERCA Spring Conference, held on May 16, capped a broadly successful 2018 filing season that saw tax identity theft reduced by […]
As fraudulent attempts increase during account openings and applicants grow less patient with invasive anti-fraud techniques, organizations must find a […]