June 26, 2006

But with so many methods available to support multifactor authentication, banks currently struggle with how to ensure ubiquity among their user base -- both internally and externally. "For example, should banks provide tokens for users? And are they compatible with what is being used inside institutions?" asks Oracle's Sullivan. "Incompatible tokens create a tower of babble -- not strong authentication."

Set the Standard

The only way for the industry to find the ideal solution for secure consumer and employee access to data is to approach the problem from an industrywide perspective, experts agree. This includes the creation of industry standards that will ensure the protection of consumer privacy as well as the security of mission-critical information on an organizational level. This will be especially important as global commerce continues to explode.

"To do business globally, people and companies will need to open accounts globally as well," says IdenTrust's Klein. "Clearly, companies cannot expeditiously expand their businesses by having to send people to each new location across the globe where the business wants to open a bank account." Thus, companies will need an automated, globally interoperable standard that is accepted by banks when opening accounts and doing maintenance, such as signatory changes, she suggests. Currently, IdenTrust is working to provide a set of standards that authorize the credentials used during account openings, according to Klein.

"These standards will honor a single set of credentials that can be shared across banks globally," says Klein. "It will facilitate account maintenance and be accepted globally by IdenTrust member banks to prevent fraudulent account activity." Nineteen corporations and banks are slated to pilot this initiative, which is being driven by the TWIST Bank Mandate Working Group, she adds. The pilot is scheduled to go live at the end of the summer. **