Equifax Breach and the Problem with Possession

Home/Authentication, Identity, Security/Equifax Breach and the Problem with Possession

The Equifax breach announced this month is the latest hack heard ‘round the world. But while many consumers took the news as just another breach in an unfortunately long line of many, the Equifax breach in particular shows the limitations of the way personal identifying information is being managed and the businesses built around it.

Consumers are told repeatedly that their sensitive information – social security numbers, credit card numbers, passports – must be closely guarded and kept out of the public realm. Yet nearly every institution or business that a consumer interacts with, both in-person and online, requires the consumer to share at least one of those pieces of highly sensitive data to verify the consumer’s identity or complete a transaction. Soon enough, the consumer’s sensitive data has likely been shared with dozens, if not hundreds of different entities, who can use and store it in any number of ways. But when one of those entities is breached, the finger is pointed back at the consumer.

Complicating the situation is the fact that once one of those entities is breached, and the consumer’s sensitive data is now in the possession of someone else, that person can use that sensitive data as if they are the consumer. After all, they have possession of the data, and that is what the institutions and business rely on – if you possess the data, and you can produce it to answer my inquiry, then you must truly be the consumer.

Possession is the current limitation. Currently, any number of entities or people can acquire and possess a consumer’s data, whether it is gained through identity verification, a transaction, or a hack. There is a need to reframe the system’s thinking around possession, and move past it to the point where the consumer in question has to prove that they are who they say they are. There are attempts at this now – two-factor verification, biometric scanning, expiring codes – but all of that has limitations and can ultimately be hacked as well.

At Trusted Key, we’re aiming to lead this reframing by building a system of identity verification that the consumer owns, and has the ultimate authority to grant access to their highly sensitive data. By leveraging blockchain technology and mobile phone security features, the consumer can grant an institution or business access to their data, securely verify their identity, and also revoke access at any time.

Until possession is no longer the limitation, consumers will continue to see the same headlines over and over. You can learn more about how Trusted Key is moving beyond possession by watching our demo at Finovate here.

 

By | 2017-09-27T10:29:40+00:00 September 27th, 2017|Authentication, Identity, Security|