RSA sees looming identity crisis online

BARCELONA--The director of technology for RSA Security said businesses need to move their online customers toward a federated identity policy or security threats could bring people to lose confidence in trading.

"You're talking about hundreds of thousands of people who need to be authenticated," Andrew Nash said at the RSA Conference in Barcelona. "If we can't adopt quickly enough, the Internet will become known as a very unsafe place. People won't have confidence in it and (companies) will bail out, if not put their technology on hold."

Nash said identity fraud, such as through phishing scams, was partly to blame, and that it was difficult to moderate online identities. "Phishing is a classic example. How do you know who the end users are? Without having the guarantee of identities, there is a big block to having more e-commerce."

Phishing, in which fraudsters fake their identity to lure victims into submitting their personal details, has played a large part in identity theft. Customers of many major banks and e-commerce sites, such as eBay, have been the targets of such scams.

Nash said the Liberty Alliance, a user-based security group with members such as AOL, MasterCard and American Express, was trying to push for an identity federation through which companies could share authentication methods, but retain a certain amount of authority.

RSA Security, an electronic security firm in Bedford, Mass., is an active member in the Alliance, and the company said that there were around 30 other organizations trying to solve identity problems on the Internet.

Nash added that organized crime gangs were already targeting businesses to build an e-crime network that fed on e-commerce.

"I was at a demonstration recently where there was a lot of interest in Internet monitoring on behalf of law enforcement," he said. "(It) showed there was a serious amount of organized criminals moving toward specific targets. They were building a system to defragment vendors and business in coordinated attacks."

Dan Ilet of ZDNet UK reported from London.

[Razzl]

RSA is phishing for dollars

Guys who represent companies make terrible futurists because their view of the future is inevitably a sales pitch. So fine, RSA is a company that is working on verification issues, but all of this scary baloney about people not using the web for e-commerce any more is old hype that's already been refuted by practice. The web buying public shows no sign of giving up because they get what they want at the prices they want, and web businesses can't give up because too many of them would have no existence elsewhere. The web is probably in its most insecure state at this very moment and yet web commerce thrives. Mass greed will trump mass fear every time...