In a digital world, where a Social Security number isn’t enough to verify a person’s identity, the business community can help governments find more secure solutions, according to the Business Roundtable.
What might secure digital identification look like when the Social Security number is not, well, secure?
That’s a question the Business Roundtable (BRT) would like its members, and the business community at large, to help answer. The group recently released a paper [PDF] making the case that government should seek private-sector assistance to build new digital tools to verify a person’s identity.
“To continue to reap the benefits of the online world, it is imperative that the U.S. government and the private sector work together to strengthen digital identity without sacrificing the speed or convenience that today’s society demands,” the report states. “Meeting this goal would strengthen the entire online ecosystem—from e-commerce to healthcare, employment, supply chains, and more.”
The report lays out a variety of recommendations for improving identity verification, including a move away from verification based on knowledge of information like Social Security numbers, passwords, and answers to security questions.
“The SSN is an identifier, not an authenticator,” the paper notes. “Knowing a given SSN does not prove that it is the individual’s SSN…. The SSN is a helpful tool to find key information about an individual, but the individual must prove his or her identity through other means.”
BRT is promoting a public-private partnership where industry takes the lead in developing better authentication methods using digital technologies, supported by government agencies like the Social Security Administration that would ensure that regulations don’t pose barriers to adoption.
“Industry and government must work to adopt and encourage the development of identity-proofing solutions that are both more secure and less onerous,” the report says.
The issue was a key focus at a Business Roundtable event last week where federal government officials and industry figures considered a way forward. Kelly Bissell, Accenture’s global security head, noted that the Social Security number is only one of dozens of distinct identifiers that consumers use.
“That’s the major problem that we have, that attack vector if you will,” she said, according to Fedscoop. “The more identities we have, the more availability there is to breach those identities.”
BRT isn’t alone in advocating more secure alternatives for identity verification. Last year, the Better Identity Coalition launched with the support of many major financial industry firms—including Equifax, whose 2017 breach helped inspire the call to move away from Social Security numbers.