Loading...

Identity elements are not credentials

July 10, 2011 by Keir Breitenfeld

Lately there has been a lot of press about breaches and hacking of user credentials.  I thought it might be a good time to pause and distinguish between authentication credentials and identity elements.

Identity elements are generally those bits of meta data related to an individual.  Things like: name, address, date of birth, Social Security Number, height, eye color, etc.  Identity elements are typically used as one part of the authentication process to verify an individual’s identity.  Credentials are typically the keys to a system that are granted after someone’s identity elements have been authenticated.  Credentials then stand in place of the identity elements and are used to access systems.

When credentials are compromised, there is risk of account takeover by fraudsters with mal intent.  That’s why it’s a good idea to layer-in risk based authentication techniques along with credential access for all businesses.  But for financial institutions, the case is clear: a multi-layered approach is a necessity.  You only need to review the FFIEC Guidance of Authentication in an Internet Banking Environment to confirm this fact.  Boiled down to its essence, the latest guidance issued by the FFIEC is rather simple. Essentially it’s asking U.S. financial institutions to mitigate risk using a variety of processes and technologies, employed in a layered approach. More specifically, it asks those businesses to move beyond simple device identification — such as IP address checks, static cookies and challenge questions derived from customer enrollment information — to more complex device intelligence and more complex out-of-wallet identity verification procedures.

In the world of online security, experience is critical.  Layered together, Experian’s authentication capabilities (including device intelligence from 41st Parameter, out-of-wallet questions and analytics) offers a more comprehensive approach to meeting and exceeding the FFIEC’s most recent guidance. More importantly, they offer the most effective and efficient means to mitigating risk in online environments, ensuring a positive customer experience and have been market-tested in the most challenging financial services applications.

Related Posts

According to Experian data analysis and a recent study on unemployment insurance fraud, at least 25% of new claims are a result of identity theft.

April 15, 2021 by Eric Thompson

It’s critical for credit unions to understand the specific threats presented by life online and be prepared with a fraud detection and prevention plan

April 13, 2021 by Alison Kray

Subscription title for insights blog

Description for the insights blog here

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Categories title

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.

Subscription title 2

Description here
Subscribe Now

Text legacy

Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source.

recent post

Learn More Image