Wednesday, April 29, 2009

The importance of Identity

A lot has been said and more written about "identity theft". We all also know it is not as if some-one "stole" your identity. It is more about someone collecting enough information about you to be able to represent you for a specific purpose. I found this article about identity written by Robert Siciliano particularly stimulating.

The differences between verification and authentication was also very interesting as this has a direct implication in the deployment of mobile banking and refers to the two most complex problems that must be solved in deploying an effective mobile banking solution:

Authentication is about the first step in setting up a mobile banking account. During the registration process it is preferable to authenticate the account holder. This is usually done by comparing a photo-ID with the person (or sometimes with a realtime image of the person). Mobile banking applications not doing a proper authentication of the subscriber runs a number of risks (from regulation to fraudulent transactions). The best way to do this is by means of some biometric data (picture of the face)

At the time of each transaction, a mobile banking solution should verify the subscriber. This is usually done by a combination of a certificate and secret information. This certificate and secret information should have been connected to the subscriber's identity during authentication.

The degree of rigour utilised in designing mobile banking solutions will help defend against identity theft.

No comments: