Published November 04, 2002
The fingerprinting program that began last month for visitors and non-U.S. citizens entering the U.S. certainly underscores the need for a comprehensive authentication system to help strengthen our borders.
While this program will begin to enhance the security of our nation, the debate surrounding domestic identity verification programs is still not adequately addressing one of the most visible threats aimed at our national security -- namely, the growing problem of identity fraud.
As we all know, the Sept. 11 hijackers used false identifiers and false identification documents as their tickets to board the ill-fated planes. In immediate response, our government took important steps to develop effective identity verification systems. Biometrics, facial recognition and other scanning devices are currently undergoing tests at various airports and other secure places in the U.S. There has also been much talk of implementing some type of national identification card.
As these efforts continue, however, we also need to be mindful of some of the many challenges that exist in developing a comprehensive solution to effectively combat identity fraud.
When you stop and think for a moment, a biometric, which is an authentication system based on one's physical attributes, isn't effective if the identity is stolen and utilized at the point of registration. Additionally, how can we administer an authentic national identity card system or biometric if the applicant has already taken one of the thousands of Social Security numbers reported stolen over the past couple of years? Or if, just as disturbing, the applicant created a new identity from the plethora of Web sites easily accessible online? Furthermore, how do we identify or authenticate someone if we do not have the data?
So, given these obstacles, the critical task at hand is figuring out how we go about answering the question that lies at the fundamental root of the identity fraud problem: How do I really know you are who you say you are?
One possible approach is through a knowledge-based system, better known as identity authentication. Unlike a biometric, which is based on one's physical attributes, "authentication" would identify someone by obtaining from them specific information that is general in nature and unique only to that individual when analyzed.
The logic behind this model is predicated on the theory that an imposter may know some of the information pertaining to a real individual, but he or she will likely not know all of an individual's identifying information, especially when the information is modeled.
Domestically, similar knowledge-based identity verification systems are already being used in the financial world. For example, to verify someone applying for credit cards.
On the international front, properly authenticating visitors coming into the U.S. presents more of a challenge because the INS and other U.S. governmental agencies do not have access to the tools or information they need to qualify individuals attempting to enter the United States or to enforce regulations on foreign nationals already within the U.S.
For example, the information on the backgrounds of immigrants or visitors to the United States from countries around the world, and most particularly the 26 countries on the Office of Foreign Asset Control List as well as other law enforcement lists, simply doesn't exist.
Information on U.S. citizens has been integrated into a computerized application that uses statistical models to measure the information provided by an individual, in order to score the likelihood of a positive identification. This application has been used successfully for some years in the instant credit granting environment and, more recently, for certain governmental purposes, particularly following Sept. 11.
However, currently existing identity authentication processes have not yet been used to authenticate non-U.S. residents, simply because identifying information pertaining to these individuals is not currently available. Nevertheless, nodes of this information are available and we believe that they exist in sufficient quantities that, if retrieved, mathematical models can successfully transform the information into identification scores, similar to that which exist with regard to identifying U.S. citizens.
But an effort to collect and aggregate that data would not be an easy or inexpensive project. This data is often in paper form only and it needs to be converted into an electronic format. However, the means to get this information does exist and the technology structure needed to integrate it electronically is already in place.
Congress needs to make authentication of non-U.S. citizens entering the U.S a top priority within the broader homeland security discussion and also a priority for promoting global commerce.
As we continue to strengthen and secure our homeland, we cannot ever lose sight of the fact that identity fraud is more than just a national security or terrorism issue. It is also a global commerce issue. In fact, under the newly enacted USA Patriot Act, banks and other financial institutions are required to have in place systems to properly authenticate their customers.
No doubt, people already living in or trying to enter the U.S. for the worst imaginable purposes have and will continue to try and change their identities. To that end, it is imperative that we grow trust in the identity authentication process to avoid the adverse consequences of a fallen economy or further incidents of terrorism.
Norman A. Willox, Jr. is the Chief Officer for Privacy, Industry and Regulatory Affairs, LexisNexis Chairman, National Fraud Center.