In this my second posting – I plan to dive straight into the nitty gritty of one of the MOST important issues about engaging efficiently with the Internet today. This is AUTHENTICATION.

So what is it and why is it so important ??

Something which is regarded as being ‘real’, bona-fide, true or genuine is regarded as being AUTHENTIC. In the old days when you bought a valuable item such as a work of art or jewelry you would determine its AUTHENTICITY before parting with your well earned cash. Your method of AUTHENTICATION might have been to consult an expert in the field, who used technical analysis to determine the nature of the metal ( eg Gold ) or the gem ( eg Diamond) or their expertise to compare the artifact with similar genuine ones .

You would have been defrauded if the expert you had employed was fooled by a copy or if the expert was in cahoots with the FRAUDSTER and he deliberately gave a misleading valuation thereby leaving you out of pocket by overpaying or being underpaid. Forgeries of paintings have been a thriving business for centuries.

In more recent times as commerce has become more widespread and more mainstream fraudulent activity has migrated into the shopping mall in the form of shoplifting ( by customers ) or by the theft of customers credit card details (by unscrupulous vendors). Bank fraud took place when bank employees colluded to steal money from customers and they siphoned money into their own accounts.

Today the Internet has become the worlds’ largest banking and shopping mall. Its ubiquity, utility and low cost have made it so. In order to conduct business SAFELY on the Internet we have to find ways of determining the AUTHENTICITY of the counter-party whether it be a bank or an online retailer. Similarly banks and e-retailers want to determine that the person who is coming to do business with them is in fact the real customer and not a FRAUDSTER.

With the rise in popularity of the Internet it was only natural that fraud would follow. Crime has now migrated online. Online Fraud or Cybercrime – what ever you want to call it – has become a bigger business than the illicit global drugs trade. It can be measured in $ 100m’s per year and is growing faster than any other form of crime.

The key to transacting online is the ESTABLISHMENT OF TRUST between you the user and the vendor/ bank. Both parties in the transaction want to determine whether the other is AUTHENTIC ( The real / genuine person who you say you are ie the person who originally signed up for the service).

The USER wants to know that the site he or she is visiting is the genuine online store or bank and the SITE in turn, wants to know that the user who wants to transact is indeed the customer he claims to be. Authentication takes place through the EXCHANGE of ‘CONFIDENTIAL’ information or factors. The SITE will authenticate you once you have exchanged one or more of these factors with it. What usually happens is that based upon the information you provide to the SITE – it then decides whether you are actually who you say you are and if so it allows you access to the ‘confidential “ information, to your bank account or to proceed with making a purchase on an online retail site.

The information ( or the factors ) it will ask for are generally classified into three classes :

Physical factor: Something the user has (e.g., device (PC or phone), dongle, software token,)
Knowledge or personal factor: Something the user knows (e.g., a password or PIN number)
Human or biometric factor: Something the user is or does (e.g., fingerprint or retinal pattern, signature or voice recognition or another biometric identifier).

Traditionally the most commonly used factor has been the personal factor where the user has to input a password together with a user name.

Many sites today rely on you the user registering with them and providing them with a user name (usually an email address ) and a password. Today when you log onto well known sites such as iTunes or Amazon you will be asked no more than a user name and password. On your personal settings in those sites your credit card details are stored – so that you can buy that CD or song effortlessly. !
The problem however is that these FACTORS especially in these simple instances can easily be stolen by HACKERS and they can then access your confidential information on the site and start to steal elements of your identity as well as you credit card details.

As more and more people shop and bank on the Web and socialize through sites like Facebook and MySpace – so the opportunity for HACKERS and FRAUDSTERS just increase exponentially. There are many solutions out there that provide varying degrees of security. In the next blog I will discuss some of these and particularly why many of them don’t work.

Comments

Popular posts from this blog

The End of Passwords

WIKILEAKS - the fuss?

SPOOKS - CYBER ATTACK