With data security issues on the rise, the Better Identity Coalition, a group launched less than a year ago, has been making the case that new forms of identity verification are needed. Equifax, whose major breach was a driving factor behind the group’s creation, recently joined.
Last year’s major security incident involving the credit reporting firm Equifax highlighted a lot of problems, but perhaps the biggest one is this: The use of Social Security numbers as identifiers is a poor solution for confirming one’s identity.
And that realization, among others, led to the creation of a new group focused on building an alternative to the number’s use as a verification tool. The Better Identity Coalition, launched in February, has spent the better part of 2018 forging policy ideas around creating new alternatives for identity verification.
In July, the group launched a policy blueprint recommending a comprehensive list of new ideas [PDF] for digital identity. And last week, the coalition went full circle, bringing on Equifax—the company whose data breach inspired the organization’s launch—as a part of the coalition. The group now has 18 members, including a number of major financial, technology, and healthcare firms.
“Equifax has been off to a strong start in its transformation journey, especially with regard to enhancing our identity protection and authentication capabilities—but we’re eager to do more,” Equifax Chief Information Security Officer Jamil Farshchi said in a news release.
Speaking to FCW, Better Identity Coalition Coordinator Jeremy Grant noted that the move by Equifax to join the group was a little surprising at first but makes a lot of sense.
“Whatever happened a year ago, they’re still here, and they’re actually a pretty important part of the marketplace,” Grant told the website. “We were pleasantly surprised when they called and said, ‘We really like the blueprint you guys put out, and we’d like to be part of the effort to try and advance it.’”
The coalition’s strategy is to point out the risks of identity fraud and the weaknesses in the current structure. Its policy blueprint reported that identity fraud had costs of $17 billion in 2017, and one of the primary recommendations was to stop using Social Security numbers as a form of authentication, in favor of digital services specifically designed for identity checks.
“The single biggest takeaway from recent breaches is that adversaries have caught up with the systems America has used for remote identity proofing and verification,” the report stated.
Grant noted to FCW that the blueprint helped drive discussion in Congress, leading to multiple committee hearings and more analysis in the government on how to improve identity verification.
“I think a lot of the things we’re calling for [are] going to take some time,” Grant told the website. “The idea was not to go for moonshots, but that doesn’t mean they’re all going to be implemented a year from now either.”