Trusted identity credentials, managed and provided by 3rd-party identity providers as part of trust frameworks, are extremely effective mechanisms for consumers, businesses, and government agencies to use to protect their digital assets and information from online fraud. Using these credentials, instead of the common username/password identity mechanism, helps mitigate many of the risks that hackers are exploiting around the world on a daily basis.
The management and use of trusted identity credentials is a valuable tool within the identity fraud landscape. Identity fraud solutions include not only trusted credentials and identity-proofing capabilities that the identity providers leverage, but also corresponding identity proofing solutions that businesses and government agencies use to actually validate credentials in the context of their use. In other words, verifying that the trusted credentials are not being used in a fraudulent manner.
Credential trust frameworks, and the huge variety of identity protection capabilities and technologies they represent, have been somewhat slow to grow and be adopted, or include more new, advanced technologies and IT investments, perhaps because of the lack of liability standards. Misuse or misdeeds that occur when using identities from these trust frameworks, can be a significant, unpredictable legal risk (and it is different state to state, country to country) for the identity providers — even though they have no control of how their identity tokens are used once they’re issued.
A first-of-its-kind Digital Identity Law (“SB 814 Electronic identity management; standards, liability”) passed by the 2015 Commonwealth of Virginia General Assembly and signed by Gov. Terry McAuliffe, seeks to address this issue. It will establish limits on liability for trusted identity providers, based in part on uniform standards for strengthening and authenticating digital identities. These standards and guidance will be stewarded by a public/private advisory group — the Identity Management Standards Advisory Council (advising the Virginia Secretary of Technology) — and includes “in the Code of Virginia the concept of an identity trust framework operator, an entity that establishes rules and policies for identity providers operating within the framework and issues electronic trustmarks to such providers signifying compliance with the rules and policies of that trust framework.”
Equifax online fraud prevention and identity management services are leveraged around the world to help protect against evolving threats — from identity theft and fraud, to data breaches and malicious hacking. This Virginia bill highlights the timely and critical importance of these kinds of identity prevention services to organizations as it seeks to remove perceived legal hurdles to further adopting, using and improving trusted credential technologies.
The post Virginia Digital Identity Law Highlights Identity Fraud Prevention appeared first on Insights.