As I was preparing to step into day two of the NSTIC conference I came across an interesting article on the Citi breach that was announced yesterday. Citi Data Theft Points Up a Nagging Problem
Now I would have said the new breach at Citi but as we know it was not new and that of course raises a number of questions: When they discovered it were they worried about the effect of the subsequent press on their reputation so they kept quiet? Did they want to handle their customers first? Were they worried that they may be targeted further, possibly because they had not resolved the "how it happened" questions? The are lots of questions and likely we will never know the answers.
What was interesting was Sheila Harper's response - that some banks need to strengthen their authentication mechanisms. Now I do have concern that she said "some" banks but if some large ones do move ahead then it is likely that market forces will convince the small and medium sized banks to also move the bar forward.
All of this is very interesting given my last couple of days. Wednesday's discussion on the US ideas on International Cyberspace and the last two days working on NSTIC Governance structure. NSTIC certainly is very relevant here in that it embodies the administrations ideas that enhanced credentialing improves security which in turn improves commerce. Certainly this is also what the chairwoman of FDIC sees as well, even above and beyond the protection of consumers. Banks will continue to face struggles until they get a handle on making online transactions and access more secure and reliable for their users. NSTIC certainly is a medium to long term solution. I say medium to long term in that it will take at least a couple of years to see broad implementations that will get the interest of banks. In the interim what do banks do?
Well one thing they can do is look to the government. Treasury Direct today implements enhanced security with its consumers through the use of an additional token. This token is inexpensive, easy to use and has even been implemented in Braille. Today Treasury has issued over a million of these so yes it is scalable. A near term solution that can later interoperate with the NSTIC model - an idea that should be thought about.
Maybe Citi needs to look to Treasury for more than financial bailouts - seems Treasury also has innovative ideas for dealing with customers and keeping their transactions secure.
- Posted using BlogPress from my iPad
1 comment:
Making sure that there is balance in the representation, and that it is not hijacked by a particular segment, is going to be challenge for NSTIC. A key to that will be the transparency of the processes that will be put in place; something that the government has traditionally not been good at.
Post a Comment