Tag Archives: Identity verification

Sunny Shines On Georgia Wine-rs

You might recall I blogged about a bill being introduced to the GA legislature over a year ago to allow direct wine shipments into the State.

Earlier this week, Governor Sunny Perdue signed House Bill 1061 which allows wineries to ship wine directly to Georgians provided they have a “special order” shipping license from the State ($50 per year). With this license, wineries will be allowed to ship up to 12 standard cases of wine brand labels submitted to the State to an individual consumer over the course of a year.

In addition, the holder of a special order shipping license must require proper age verification for the consumer placing the order. Age may be verified by physical examination of government issued ID or by using an Internet based age and identification service.

The law takes effect July 1, 2008.

Advertisements

Leave a comment

Filed under Age Verification, Identity verification

RSA Conference Recap

I’m back from the RSA conference and how exhausting. Understandable considering there were 17,000 people at the show—all focused on the security industry.

In case you didn’t see it, we made an announcement during RSA about our partnership with Upek, a biometrics company based in the Bay area. What I find exciting about this partnership is that it shows just how complimentary our solutions are with other authentication technologies. In a whitepaper we published over a year ago we showed a diagram of where identity verification fits in the puzzle and how it is central to other verification tools.

Verification Tools

Biometrics in an online environment falls into this sphere and requires a proofing solution because what good does it do to enroll someone’s fingerprints if the fingerprints aren’t those of the person he/she is claiming to be? This is why we decided to show the power of our two technologies working together through a joint demonstration.

Another observation from RSA is that there continues to be a lot of interest and discussion about age verification and social networks. If you recall, last year there was a panel session called Pandora’s Box discussing child safety and the Internet. Admittedly this year I didn’t attend the sessions as much since we were an exhibitor, but based on the questions and discussions on the show floor, it is clear people are concerned and also aware of the Internet Safety Technical Task Force.

Leave a comment

Filed under Age Verification, authentication, child safety, identity, identity proofing, Identity verification, Internet Security, security, social networking

A Good Perspective on Social Networking Identity Verification Issues

Zach Martin, editor of CR80 News recently published an article about the identity and age verification issues we are facing in social networks. You definitely should check it out but in case you don’t have time here are some important highlights:

When trying to get into a bar or club there is typically someone at the door checking IDs. But on social networking sites there is no bouncer, which means there’s no way to tell whether you’re corresponding with a 15-year-old girl or a 32-year-old man.

It’s the same no matter where you go. MySpace, Facebook, and professional networking site LinkedIn, do little to make sure people are who they claim to be. “There is a general feeling that social networking is the wild west of identity management and a lot of bad things happen because proper controls haven’t been put in place,” says Roger K. Sullivan, president of the Liberty Alliance Project management board.

The stories range from the tame to the tragic.

A student not happy with an administrator at school creates a profile on a social networking site. Even though the student is a woman she creates a profile that is a man and then flirts with the administrator in order to cause her embarrassment later.

At a Catholic school in the Chicago suburbs, an administrator monitors the popular social sites on a regular basis just to make sure nothing out of the ordinary is happening. She has run into instances where students create accounts in other peoples’ names – people who actually exist – and then make false statements. For example, one student set up an account as a real person from another school and made statements about the student’s sexual proclivities while giving out her real phone number.

In 2006, a fake profile led to the suicide of a 13-year-old Missouri girl. A classmate’s mother originally created the profile to find out if Megan Meier was saying anything bad about her daughter. But then it was used to gain Meier’s confidence and then to tear her down. Angry messages went back and forth, and it ended with Meier hanging herself.

There’s also the need to prevent pedophiles from contacting children online. MySpace has agreed with different states’ attorney generals to adopt better technologies that will help identify underage users so they can be protected from predators, but the social networking site hasn’t figured out how it’s going to do it.

The vast majority of sites don’t do anything to try to confirm the identities of members. The sites also don’t want to absorb the cost of trying to prove the identity of their members. Also, identifying minors is almost impossible because there isn’t enough information out there to authenticate their identity.

But this may all change. As sites become more scrutinized they will have to take steps to make sure people are who they say. “There will be a trend to use a third party that leverages database information that will be able to vouch for you and provide a more certain level of identification,” says Eric Skinner, chief technology officer at Entrust, an Addison, Texas-based digital identification vendor.

There are a handful of vendors that are offering online identity vetting. Most are working with financial institutions, but they see business opportunities with the social networking sites.

The article goes on to describe some social networks and their use of identity verification including one of our clients FunkySexyCool and their use of our system. It also discusses the privacy concerns related to age verification of minors and provides a possible solution the Liberty Alliance is discussing essentially related to ID 2.0

Liberty Alliance’s Sullivan, who is also vice president of Oracle Identity Management, says it’s only a matter of time before social networking sites offer tiers of identification assurance, which could be used to confirm a minor’s identity. For example, if a 14 year old wanted to sign up on MySpace without a parents’ permission they would be placed on the lowest ID tier. “They would be put into a question mark bucket,” Sullivan says.

But if one parent went online and confirmed his child’s identity they would be raised up a tier. If both parents did it they would go up two tiers. The parents would be authenticated through public records and online databases.

Eventually there would be a fourth tier as well. A minor would physically go to a trusted source with documents that prove their age and identity. These identity assurance sources don’t exist, but it’s something the Liberty Alliance is working toward, Sullivan says.

The next task force meeting will be later this month and I’m looking forward to seeing how the conversation progresses. I firmly believe we can find several ways to combat the issues at hand including both an educational approach and technological approach.

On another note, I’m off to the RSA Conference next week. IDology has a booth this year so if you are in San Fran, stop by and see us.


2 Comments

Filed under Age Verification, Identity 2.0, Identity verification, Internet Safety, MySpace, protecting kids online, security, social networking

Taking Internet Safety To Task…

It’s official! The Task Force to focus on identifying effective online safety tools and technologies, including age and identity verification has been created and was announced today.  If you recall, this Task Force was an important element in the MySpace and Attorneys General Multi-State Working Group announced last month. 

The Task Force is being led by John Palfrey who is the Executive Director at the Berkman Center for Internet & Society at Harvard Law School.  And among its members are organizations concerned with this issue including Non-Profits, Academics, Prominent Internet Businesses and Technology Companies, of which IDology is one of the appointed members.  Other member names you will recognize are AOL, Symantec, Microsoft, Verizon, Google, Facebook, Xanga, Yahoo, WiredSafety.org and more.

Personally I’m excited about this opportunity.  In the press release issued by the Berkman Center today, Palfrey says:

“We should work together – private firms, technologists, experts from the non-profit world and leaders in government – to solve online safety issues as a joint effort.”

I couldn’t agree more with Palfrey.  The task force faces a very difficult issue where there are differing opinions.  I believe all of its members need to keep an open mind and a team approach if we are going to make headway in solving this problem to create a safe online environment for our children.

I look forward to having healthy, productive discussions on the issues at hand.


4 Comments

Filed under Age Verification, child safety, Facebook, Identity verification, Internet Safety, MySpace, protecting kids online, social networking, Xanga

No Phishing At IDology

Customers and non-customers of a credit union recently received fraudulent emails as part of an elaborate phishing scam. It appears that the fraudster included IDology’s brand as part of their attempt to capture consumers banking information by setting up a fake website that looks similar to our corporate website.

First, I would like to emphatically say that IDology is dedicated to consumer privacy and protecting sensitive data. It’s important to understand that while our services might involve consumer interaction, we do not directly target consumers. Our “customers” are businesses. This means we would never capture personal information like a SSN or bank account information from anyone on our website.

Ironically, if the hosting provider had been using our services then we would have spotted the fraud before they could have set up the website. I am wondering how much less phishing scams would occur for financial institutions if the hosting provider required identity verification before they hosted a website.

Here are some great sites to visit to learn more about phishing scams and fake emails and how to recognize them:

 

http://www.microsoft.com/protect/yourself/phishing/identify.mspx

http://en.wikipedia.org/wiki/Phishing#Website_forgery

 

 

Leave a comment

Filed under fraud, identity theft, identity theft crime, Identity verification, phishing scams

MySpace Sees the Identity and Age Verification Light…

Today’s press release out of North Carolina Attorney General’s Office Roy Cooper is a big deal. Here’s the first paragraph:

In a victory for social networking safety, Attorney General Roy Cooper and 49 other attorneys general today announced that MySpace has agreed to significant steps to better protect children on its web site, including creating a task force to explore and develop age and identity verification technology.

It’s been a long 2 years in this education process and the fruits of our labors are finally coming to fruition. Given MySpace’s leadership position and popularity, gaining recognition and cooperation from them will only serve to help advance identity and age verification technologies growth in the market. Here are some words that are music to my ears:

MySpace acknowledged in the agreement the important role of age and identity verification technology in social networking safety and agreed to find and develop on-line identity authentication tools.

Obviously there is still a lot of work to do but I’m glad to see that we are all going to roll up our sleeves together and do what is best for our kids – find a way to help keep them safe online.

3 Comments

Filed under Age Verification, child safety, Identity verification, Internet Safety, MySpace, protecting kids online, Richard Blumenthal, sexual predators, social networking

Annual Fraud Report Hot Off the Press

I got the early edition of Cybersource’s 9th annual fraud report today. I haven’t had time to fully absorb/read all of the information but there were some facts that jumped out at me:

  • 82% of merchants are manually checking orders today with 1 out of 3 orders being manually reviewed. Merchants also indicated that over three-fourths of the orders manually reviewed were accepted.
  • Online merchants increased their spending on manual review staff in 2007 by as much as $100 million.

What does this mean? Online merchants still need to embrace automated fraud detection tools including identity verification to keep pace with the growing ecommerce trends. Of course, the report did cover fraud detection tools as well.

  • More than three-fourth’s of the merchants said they use 3 or more fraud detection tools with the average being 5.
  • The two that top the list are Address Verification (80%) and Card Verification Number (74%). The 3rd tool choice, which is Company Specific Fraud Screens, shows a significant usage drop to 39%.
  • 6% are using out-of-wallet or in-wallet challenge questions

What does this mean? More education is needed about identity verification including KBA solutions. Merchants need to understand the limitations Address and Card Verification Solutions have when it comes to fighting fraud and how using both basic id verification combined with KBA in scenarios where higher verification is needed reduces the need for manual review. We developed a whitepaper specifically for retail merchants last quarter that addresses these issues. I think it is probably time I talk with the marketing department about promoting that paper a bit more…

Leave a comment

Filed under fraud, Identity verification, knowledge based authentication, online retailers