Equifax Inc., Atlanta, has introduced a new class of security systems to help companies better determine and manage online authentication of consumer identity.
According to Equifax spokesman Alan Boyer, the new technology allows businesses to more accurately verify computer end user while ensuring protection of consumer information and privacy through a real-time, four-step process:
* First, companies using an Equifax Secure verification system can require any of their end users of company networks or computers to complete and submit an online form prior to granting them database access.
* The provided information is then submitted online and passed through a series of functions and algorithms managed by an Equifax authentication engine which creates a custom list of multiple choice questions whose answers can only be known by each user. The questions are based on information from trades sources such as banks or credit reporting bureaus.
* Users complete the online questionnaire that has been presented to them.
* If responses are correct, the transaction is verified in a matter of seconds.
The company said its solutions not only help businesses reduce costs, but now make the confirmation of identity possible beyond standard “wallet” information, such as social security number and mother's maiden name. The technology is also expected to help increase the use of digital certificates over the Internet while ensuring greater security over the integrity of business applications — a key breakthrough the company said will translate into more protection of privacy for consumers.
But not everyone agrees. Groups like the Washington, DC-based Electronic Privacy Information Center and the Center for Democracy and Technology said new laws are required to protect consumer privacy and to allow consumers access to the shared information.
According to Ari Schwartz, Policy Analyst at the Center For Democracy and Technology, concerns generally center around authentication technology, “especially around the issues of what happens to the third party data that is collected about people, what it can be used for … who has controls over the data and what the government's ability to access that data is.”
Schwartz' concerns, which have been the subject of much debate, are expected to be one of the key items discussed between the Federal Trade Commission and the European Union later this year. The outcome of the U.S. government's case against the Microsoft Corporation is expected to have an impact as well.
In the meantime, it appears that Equifax's new technology will initially be used by Internet service providers, global banking institutions and large business-to-business institutions. The legal ramifications for small businesses, vendors, suppliers, hospitals and international government operations is still unclear.
Last week at the RSA Data Security Conference at the San Jose Convention Center, Equifax Secure showcased its new remote consumer authentication technology, which was recently deployed by Security First Network Bank, the World's First Internet Bank.
Boyer would not specify the costs to equip a small or mid-sized American banking institution serving fewer than 25,000 customers with its latest authentication technology. But he hinted that security and cost-efficiency could not be separated in the long run.
Some studies indicate that more consumers would access the Internet with their personal computers if concerns about privacy and the security of online transactions could be better addressed.
Equifax will open a secure operations facility to support the technology which it will offer through Equifax Secure Inc.
