Identity theft is fast becoming the new bête noire of the cyberworld, crowding out spyware, spam and viruses for that dubious honor. During the past several months, the media have splashed increasingly frightening cover stories, consumer alerts and other breaking news about people who've had their identities spoofed, credit cards hijacked and assets looted by unseen strangers lurking on the Internet.

Amid the growing hysteria, the identity-management industry sees a big black eye in the making, and it's beginning to formulate strategies for identity theft prevention, detection and remediation. For example, in June the Liberty Alliance formed a group to develop best practices to help businesses and consumers prevent online identity fraud. In a similar vein, Microsoft recently announced a retooled identity-management federation strategy - the Identity Metasystem - that underscores the need for identity-theft and privacy protection.

The unspoken subtext behind these initiatives is that trust - the foundation of identity-management federation-is in jeopardy if the industry doesn't proactively address identity theft on many levels. The stakes couldn't be higher. What's most worrisome is the growing prevalence of phishing, pharming and other social-engineering ploys to steal user information. These frauds strike at the very heart of the federation: users' trust in the authenticity of identity providers. If you can't trust that the party to whom you're presenting credentials is in fact what it claims to be, then nothing's truly secure.

Likewise, well-publicized break-ins to corporate databases have further shaken people's trust in the safeguarding of critical personal identity data. And massive theft of personal data creates another trust loss: Identity providers who've been victimized can no longer trust that the individual presenting credentials is who he or she claims to be.

In the face of never-ending identity thefts, the only way out of this downward spiral is to continue reissuing new credentials to affected users, but only after reputable agents have proofed those users to strong assurance, and only if the new credentials rely on biometrics for strong authentication. Clearly, this theft-unfriendly identity-management environment is a long way from being implemented in the real world and would be quite expensive, complex and cumbersome to universally deploy.

Whitepapers

• The Trend from UNIX to Linux in SAP(r) Data Centers
• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology

View more SECURITY whitepapers

Webcasts

• The Secure Web Gateway. Mission Critical For Business - Webcast
• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports