RSA sees looming identity crisis online

RSA Conference: Businesses must shift their online customers towards a federated identity policy if e-commerce is to take off, says RSA's director of technology
Written by Dan Ilett, Contributor
The director of technology for RSA, Andrew Nash, said that businesses need to move their online customers towards a federated identity policy or security threats could bring people to lose confidence in trading.

"You're talking about hundreds of thousands of people who need to be authenticated," said Nash. "If we can't adopt quickly enough, the Internet will become known as a very unsafe place. People won't have confidence in it and [companies] will bail out, if not put their technology on hold."

Nash said that identity theft fraud, such as phishing scams, were partly to blame, and that it was difficult to moderate online identities: "Phishing is a classic example. How do you know who the end users are? Without having the guarantee of identities, there is a big block to having more e-commerce."

Phishing, in which fraudsters fake their identity to lure victims into submitting their personal details, has had a large part to play in identity theft. Many of the UK's major banks and many e-commerce sites, such as eBay, have been the targets of such scams.

Nash said that the Liberty Alliance, a user-based security group with members such as AOL, MasterCard and American Express, was trying to push for a identity federation where companies could share authentication methods, but retain a certain amount of authority.

The RSA is an active member in the Alliance, and the RSA said that there were around 30 other organisations trying to solve identity problems on the Internet.

Nash added that organised crime gangs were already targeting businesses to build an e-crime network that fed on e-commerce.

"I was at a demonstration recently where there was a lot of interest in Internet monitoring on behalf of law enforcement," he said. "[It] showed there was a serious amount of organised criminals moving towards specific targets. They were building a system to defragment vendors and business in co-ordinated attacks."

Nash was speaking at the RSA Conference in Barcelona.

Editorial standards