Authentication is getting easier, but identity proofing leaves security gaps
Last Thursday, the House Committee on Financial Services held a hearing on “The Future of Identity in Financial Services: Threats, Challenges, and Opportunities.” Jeremy Grant’s testimony, on behalf of the Better Identity Coalition, is a great summary of the state of identity today – and the steps that need to be taken to get identity right for more secure and private transactions online.
According to Grant, there are three major challenges for financial institutions: 1. Validating an identity for account creation; 2. Synthetic identity fraud; and 3. Authentication. He points out that “authentication is getting easier, but identity proofing is getting harder.”
On authentication, Grant calls FIDO standards “the most significant development in the authentication marketplace in the last 20 years.” He explains how this has made strong authentication much more accessible:
“The ability of consumers and businesses to access tools that they can use in addition to – or in lieu of – passwords is greater than it’s ever been. And with multi-stakeholder industry initiatives like the FIDO Alliance creating next-generation authentication standards that are getting baked into most devices, browsers and operating systems, it is becoming easier than ever to deliver on the vision of better security, privacy and convenience.”
But, he points out, “identity proofing is getting harder. By that, I mean the ability of consumers during initial account creation to prove that they are who they really claim to be is harder than ever – in part because attackers have caught up to the tools we have depended on for identity proofing and verification.” He calls on government and industry to prioritize the development of next-generation remote identity proofing and verification systems, amongst other priorities.
The FIDO Alliance could not agree more. This is the reason why we’ve added a focus on identity verification and binding – to close the gap between the high assurance provided by FIDO authentication standards and the lower assurance methods used in identity verification for account recovery.
You can read Jeremy Grant’s full testimony at https://financialservices.house.gov/uploadedfiles/hhrg-116-ba00-wstate-grantj-20190912.pdf.
Those that want to learn more about our new identity verification and binding initiative should join a webinar this Wednesday, September 18 at 2pm ET. Click here to register for the webinar.
