Knock, Knock, Who's There? Corporate Identify Theft and Security Concerns

Who steals my purse steals trash; 'tis something, nothing; 'Twas mine, 'tis his, and has been slave to thousands; But he that filches from me my good name Robs me of that which not enriches him, And makes me poor indeed. -- Williams Shakespeare, Othello (III iii 157-159)

While Shakespeare did not have identity theft in mind when writing Othello in the first years of the seventeenth century, his words are not too far from the situation that exists today, with one notable exception: those who filch an identity in 2006 can use it to bring them great riches. Issues of identity and security have never been so far up the business and political agenda. While governments and security services across the globe are responding to the threat of terrorism, business too faces potential security breaches in ever-increasing numbers. Multitudes of threats exist, from network security breaches to a damaged reputation, to possible loss of customers and revenue from fraud or attempted fraud.

Ipsos research for Fellowes, a manufacturer of paper shredders, shows that consumers are increasingly concerned about the risks of credit/debit card and identity fraud, with two in three British adults worried about these crimes; one in seven has experienced such crimes for themselves. In the very worst cases, unfortunate individuals have to concern themselves with the still rare--but increasing--crime of identity theft and the huge damage to their financial reputation that can bring. The costs are substantial; even in 2002, Cabinet Office figures estimated that identity fraud cost the UK economy almost 1631.3 billion.

Yet the total cost on the economy may be greater still. Concerns about security and identity are affecting consumers' activities, with Ipsos research for RSA Security highlighting that a quarter of the British public see security as the number one barrier to banking online. Meanwhile, research commissioned by Intervoice identified that more than one in ten online shoppers has given up doing so because of concerns of identity theft. These concerns have increased in recent years because of the high-profile phishing attacks, where Internet users are duped into providing PIN numbers and passwords to look-alike web sites of major financial and commercial institutions.

Among office workers, the need to remember multiple passwords and an increasing requirement from IT to change them regularly means that often passwords are written down and stored next to the user's PC: one in ten office workers admit to having written down a password at one time or another. Given this, can you be sure that your network is secure at all times?

Tackling the identity issue is not an easy one. The British government has begun to address the issue at a macro level with the proposed introduction of ID cards. Although their value has been called into question over recent months, with criticism of substantial cost to be transferred to the consumer as well as concerns over civil liberties, it is clear that the introduction of biometric identification will make it harder for an individual's identity to be stolen. Among 10,000 participants in the UK Passport Service's biometrics enrolment trial interviewed by Ipsos, there was overwhelming support for the introduction of biometric technology. Over nine in ten believed that it would have a positive impact on preventing identity fraud.

Commercial providers too are working hard to provide more secure means of identifying an individual, and we have already seen consumer interest in such offerings. Our work for RSA Security tested the appeal of a new mobile telephone security solution for online banking. This enables a customer to use their own mobile phone as an identity device, by receiving a one-off password to access their bank account, via text message. Two-thirds of current and potential online bankers would be reassured of the security of their account if such a system were implemented.

Failure to react to concerns over identity fraud could cost businesses. While over a quarter of consumers currently banking online would disapprove of their bank if it did not offer the service when others did, a further one in ten would consider changing banks to have access to such a security service. In the online shopping environment, developments include Verified by Visa, a scheme that ties the credit card user to its holder via a personal password alongside the card and security numbers. As such schemes become more commonplace, failure of commercial organizations to sign up is likely to lead to revenue loss, as consumers shop where they feel their identity and financial data are most secure.

In the workplace, new technology is providing opportunities to reduce the potential for network breaches. For example, fingerprint scanners that control network access rights and do away with the need for passwords are available. It is likely this type of technology will become commonplace over the coming years.

Identity is a key issue for business and commerce to address, from securing IT systems to prevent network breaches to providing reassurance in a consumer market concerned by the threats of identity theft and credit card fraud. It is vital that businesses understand how consumers react to identity protection and the technological developments in the area. Without reassurance, consumers are likely to flock to those companies that can offer the greatest protection, at the expense of those who ignore this issue.