E-Authentication Best Practices for Government

June 30, 2011
Cyber Security, FedCyber Wire
No Comment

via Government Technology

Every year in the United States, more than 40 million people move and approximately 3 million women change their last name. More than 13 million Americans share one of 10 common surnames, tens of millions of consumers use nicknames or initials, and 57 million males have one of 10 first names.

These realities pose complex challenges to the electronic authentication (e-authentication) process, which establishes confidence in user identities presented to an information system, for both the public and private sectors. The private sector spends more than $2 billion per year on fraud detection and prevention efforts, and government agencies must work to keep pace to ensure that their constituents and customers are protected against cyber-security threats.

Despite e-authentication challenges, government agencies must offer a variety of online services based on e-government directives, public demand and the need for greater operational efficiencies. Given the growing threat of fraud against government agencies — and the wide array of sensitive information in play — e-government is potentially a data supermarket for fraud. This means government agencies must be best-in-class in identity proofing and fraud prevention.

While the private sector faces compliance-oriented pressures, such as the Patriot Act and the Fair and Accurate Credit Transactions Act (FACTA) Red Flags Rule requirements, it has done a good job of adopting risk-mitigation capabilities and implementing processes that strike the right balance between regulatory checks, customer experience, fraud risk mitigation and cost. Given the need for citizen confidence in the security of highly sensitive information, the public sector also has the opportunity to adopt a risk-based and proportional approach to authentication — an approach which is clearly articulated in the National Institute of Standards and Technology levels of assurance and the Office of Management and Budget’s (OMB) E-Authentication Guidance for Federal Agencies.

The business drivers differ substantially between industry and government, but one can argue that public agencies benefit from adopting the private-sector’s bottom-line driven approach to identity authentication and fraud prevention. That’s simply because these institutions — and specifically fraud managers — are in the business of adopting the most risk-predictive and cost-effective capabilities and technologies.