Real ID Act
Implementation of the Real ID Act, a law meant to begin the process of properly identifying U.S. citizens, has been delayed repeatedly over the years. About two dozen states initially passed legislation refusing to comply.
Currently, the following states still have laws banning compliance, according to the Washington, D.C.-based advocacy group, Coalition for a Secure Driver's License: Alaska, Arizona, Minnesota, Montana, Oklahoma and Washington State. Without full implelentation of the Real ID Act the we will never even begin to identity proof who's who.
The Obama Administration is currently attempting to mitigate the strained federal health insurance website. And yet another problem has surfaced on the radar of officials: Thousands of individuals have been unable to authenticate their identity as it relates to medical plans.
When users have uploaded copies of important documents (e.g., SS cards, driver's licenses), their applications have vanished into thin air. Or, users are being directed to the federal insurance marketplace office in Kentucky.
These glitches, that have consumers unnerved about how their personal information is being handled, are the result of administration officials tightening the procedures for more effective identity proofing.
Those who can't answer specific questions at HealthCare.gov are instructed to contact Experian's help desk for identity proofing.
The proposed immigration reform act calls for the Social Security cards for immigrants to be resistant to fraud, tampering, identity theft and even wear and tear. However, not many technologies are in place to make this happen.
The immigration reform act would also ensure that an immigrant is eligible for employment in the United States. This would be achieved by employers checking the applicant's passport photo or driver's license via a system that connects to federal and state databases.
However, the new system may come with some bugs, placing employers in the role of investigating, verifying and attempting to identity proof identities of job seekers with existing inferior technologies.
Student Loan Fraud
Some recipients of student-aid federal loans and grants for school are actually scammers and identity thieves pocketing the money for personal use and not even attending school.
Since January 2013, the Education Department has put the red flag on 126,000 applicants seeking student aid. Student loan fraud puts schools in a bind because they must find that sweet spot when it comes to filtering out the crooks from honest applicants.
But it's a big problem, being that in 2012, over 34,000 fraudsters received student aid from the federal government.
It's rather easy for this scam to take place because no credit check is required for most federal student aid, and how the money is used comes with few restrictions.
The big loophole is that the crooks end up with checks--that they can cash and spend any way they please--from the school, after the school uses part of the loan or grant to cover tuition. Yes, the school sends checks to people without any way of regulating how that money will be spent.
And when tuition is cheap, even more money is left over from the loan or grant for the school to cut checks to send to recipients. The Internet has fueled this crime, with all the online school programs. Crooks can obtain aid simply by applying online.
How do we properly identify an individual? And what's the difference between authentication and verification?
I've always used them interchangeably, so I asked an expert, Jeff Maynard, President and CEO of Biometric Signature ID (BSI) --who's in the game of properly identifying his clients' clients through dynamic biometrics, part of the identity proofing solution--for his take on authentication vs. verification.
There's a distinct difference. "Authentication is the ability to verify the identity of an individual based on their unique characteristics," says Maynard. "This is known as a positive ID and is only possible by using a biometric.
"A biometric can be either static (anatomical, physiological) or dynamic (behavioral). Examples of each are: static: iris, fingerprint, facial, DNA. Dynamic: signature gesture, voice, keyboard use and maybe a gait pattern. Also referred to as something you are.
"We use verification when the identity of someone cannot be firmly established. Technologies used provide real-time assessment of the validity of one's asserted identity. We don't know who this person is, but we make an effort to come as close as possible to establishing their asserted identity. Included in this approach are out of wallet questions, PINS, tokens, cards, passwords, IP addresses, behavioral based trend data, etc."
Biometric Signature ID has created the "Missing Link" - a software-only biometric that complies with the new gold standard for identity verification required by the re-authorized education act.
BSI has patented a software-only biometric, the strongest form of identity verification on the market today with a twist: no additional hardware required. This software biometric measures the unique way a user moves their mouse, finger or stylus when they log in with a password created with BioSig-ID.
Biometrics such as length, speed, direction angle and stroke height define one's unique pattern, enabling positive identification of users as they log in from any PC, tablet or mobile.
BSI software can distinguish these patterns, unique in all people. Only a user who has successfully authenticated themselves against a previously created enrollment profile can access the device, exam, bank account, or any other digital asset.
This breakthrough technology was recently chosen by the White House to participate in a pilot to reduce online identity fraud with Microsoft, AT&T and other major establishments.
So the technologies to solve lots of identity fraud problems exist. All we have to do now is get the government, each state, all their citizens, every school and the healthcare system to sign up. And really, identity proofing is the only viable choice to replace fraud with accountability.
Robert Siciliano, personal security and identity theft expert and BioSig-ID advisory board member. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock'em dead in this identity theft prevention video. Disclosures.
Follow Robert Siciliano on Twitter: www.twitter.com/RobertSiciliano