Making Online Transactions Safer, Faster, and More Private

Sign up to receive NSTIC email updates

The Internet has become indispensable for most of us. Shopping. Connecting with friends. Banking. Blogging. Reviewing medical records. We use it for just about everything.

Unfortunately, on the Internet as in life, not everyone is looking out for our interests. Cyber crime costs individuals and businesses billions of dollars every year. An estimated 11.7 million Americans were victims of identity theft of some kind including online identity theft over a recent two-year period.

A recent Federal Bureau of Investigation report stated that "identity theft has emerged as a dominant and pervasive financial crime that exposes individuals and businesses to significant losses and undermines the credibility and operation of the entire U.S. financial system."

A contributing factor is the unmanageable number of passwords people must remember to access their online accounts. Many people don't even try; they just re-use the same ones for all of their accounts, making it that much easier for identity thieves.

The National Strategy for Trusted Identities in Cyberspace (NSTIC) envisions a cyber world - the Identity Ecosystem - that improves upon the passwords currently used to log-in online. It would include a vibrant marketplace that allows people to choose among multiple identity providers - both private and public - that would issue trusted credentials that prove identity.

For example, student Jane Smith could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. If she uses one of these credentials to log into her Web email, she could use only her pseudonym, "Jane573." If however she chose to use the credential to log-in to her bank she could prove that she is truly Jane Smith. People and institutions could have more trust online because all participating service providers will have agreed to consistent standards for identification, authentication, security, and privacy.

Some key benefits:

• Faster: Once you use your credential to start an online session, you would not need to use separate usernames and passwords for each Web site. For example, your computer or cell phone could offer your "trusted ID" to each new site where you want to use the credential. The system would work much like your ATM card works now. By having the card and a PIN you can use your ATM card all over the world. By having a credential and a password you would be able to use your trusted ID at many different sites. This saves you time while enhancing security. No more searching in your drawer for your list of passwords.
• More convenient: Businesses and the government will be able to put services online that have to be conducted in person today like transferring auto titles or signing mortgage documents.
• Safer: Your trusted credential will foil most commonly used attacks from hackers and criminals, protecting you against theft and fraud, safeguarding your personal information from cyber criminals.
• Private: This new "identity ecosystem" protects your privacy. Credentials share only the amount of personal information necessary for the transaction. You control what personal information is released, and can ensure that your data is not centralized among service providers.
• Voluntary: The identity ecosystem is voluntary. You will still be able to surf the Web, write a blog, participate in an online discussion, and post comments to a wiki anonymously or using a pseudonym. You would choose when to use your trusted ID. When you want stronger identity protection, you use your credential, enabling higher levels of trust and security.