All of us have Multiple Internet Identities – one for work, a few for financial services, several for Social Media and others for consuming goods and services. Your identities are managed by these service providers and there is no way for you to know if these accounts have been compromised. You are dependent on the service provider to notify you in the case of identity theft. By the time the service provider notifies you, its often too late to take any proactive measures – the damage is done!

Your risk of identity theft increases with the number of your online identities.

Breaches Happen

We have all had our individual accounts, or our major service providers, hacked. Breaches happen in the Internet Age, regardless of what preventative measures are used. As long as your identity can be used to access sensitive information or can be used to get goods and services, you are target for identity theft.

However, the problem becomes much worse when you have Multiple Identities across multiple service providers – you are at the mercy of those providers to detect the identity theft and tell you about it. There have been cases where providers have not told consumers that their identity has been breached until weeks, sometimes months, after they have detected the breach. Somewhere in their cost-benefit analysis, they made a decision about when to tell you about the breach.

Minimizing the Damage from Identity Breaches

Once you accept that breaches will happen, the way to move forward is to detect and minimize the damage as soon as possible.

Think about your credit card. Every month you get a statement of charges, which you review. If you notice a fraudulent charge, you place a hold on that charge and get a new credit card number. Over the years, credit card companies have become more proactive, where they will decline charges that are suspicious and immediately contact you.

By comparison, think about your identity, which is used to access your information and your assets. Assuming the service provider that controls your identity notices the breach, they will take their time to assess the breach, take counter-measures and then tell you what happened. In the case of a smaller breaches, like someone hacking into your email, they may not even detect the breach at all.

Each service provider which holds one of your online identities will respond with different levels of urgency. Your level of exposure will vary based upon their response.

Moving from Multiple Identities to Single Identity

Multiple identities multiply your level of exposure. Wouldn’t it be better to have a Single Identity which you could focus your monitoring efforts to achieve the best protection of your identity?

Some large social media providers, e.g., Facebook and Google, are offering their identity services to access other service providers. This is definitely a step in the right direction – its decreasing the number of Internet identities you have and therefore decreases your risk!

However, there are three main problems:

·      Most people will have simple username and password, which is relatively easy to breach.

·      There is no way to actively monitor how your identity has been used. If you suspected an issue, how would you check?

·      These are private companies where identity management is not their primary business – it’s a way to grow their other business lines. These companies will always go through a cost-benefit analysis of any identity breach before disclosing it to their customers.

Clearly, these organizations are moving us in the right direction, but its not enough!

Its not about Technology, Its About Trust

The technology to minimize and detect breaches exists today – improved authentication for sensitive accounts, monitors for your identity and tools which detect unusual activity.

Why are we still facing this issue? Why haven’t we all moved our identities to Facebook, Google and many other online identity providers?

Its not a technology issue, it’s a trust issue.

There are two primary reasons the issue still exists today:

·      These private companies are not trusted by the general public. People are concerned about how these companies will try to generate more revenue off their identity.

·      There is no entity that exists to create, manage and monitor your online identity

For a Single Identity Provider to exist, it must be their only purpose and cannot have any other revenue stream. This organization needs to be understood to be a neutral provider who will provide identity services in the public’s best interest, which is also in the best interest of the service provider they are accessing. 

Finally, its critical this organization is transparent about any breaches and how its funding its mission. That is the only way to build trust.

Conclusion

Identity breaches are a fact of modern life, costing an untold amount of time and money. Having multiple online identities makes the problem worse, since you have no idea which identities may be compromised at any point in time.

Having a Single Identity provided with services to provide improved authentication, better monitoring and proactive fraud detection is the best way to minimize the costs of identity theft.

We need a Single Identity Provider which has the sole mission of providing this service in a transparent way.