A bipartisan bill introduced Friday in the House of Representatives is looking to take some initial steps in creating nation-wide digital identity standards that attempt to address a range of security issues, including theft and fraud stemming from data breaches.
The legislation is also sponsored by Democrats John Katko of New York and Jim Langevin of Rhode Island, along with Rep. Barry Loudermilk, R-Ga.
If approved, the bill would create an interagency task force composed of federal, state and local agencies that would develop uniform standards for digital identities that would offer more security and privacy protections for individuals, as well as creating new verification tools that public and private organizations would use.
One goal is to move away from the over-reliance on Social Security numbers and other outdated methods to prove peoples’ identity, according to the bill’s backers.
In addition, the bill looks to create standards at the federal level, while offering cash grants to states to help them upgrade their own digital identity programs, such as drivers’ licenses and ensure uniform standards are followed.
“It’s become vitally important to ramp up safeguards to protect against identity theft and fraud, so that both consumers and businesses can have confidence in online transactions and the peace-of-mind of protecting sensitive information,” Foster said.
The bipartisan bill already has support from the Better Identity Coalition, which advocates for more secure identities and is backed by a wide coalition of technology companies such as Microsoft and Ping Identity, as well as financial firms such as MasterCard and Wells Fargo.
At its core, the bill looks to reduce fraud related to identity theft, which has accelerated over the past several years as more personally identifiable information is compromised by data breaches.
In 2019, losses from identity fraud reached nearly $17 billion worldwide, according to a study published in April by Javelin Strategy. The report notes that fraudsters have moved away from more traditional schemes and have now embraced account takeover and other high-impact scams. This is likely to increase this year due to the COVID-19 crisis.
“The type of identity fraud has drastically changed from counterfeiting credit cards to the high-impact identity fraud of checking and savings account takeover,” according to Javelin. “At a time when consumers are feeling financial stress from the global health and economic crisis, account takeover fraud and scams will increase. It is too early to predict how much higher the fraud rates will go; however, criminals become more active during times of economic hardships.”
Another concern is the rise of synthetic identities, where cybercriminals use stolen information to attempt to mimic a person to carry out identify-related frauds.
Loudermilk, the Republican backing the bill, noted that “With more Americans going online to purchase basic life necessities, this also means more Americans’ personally identifiable information [PII] is at risk of being stolen.”
The bipartisan bill looks to reduce these losses and security gaps by creating more secure digital identities as well as uniform standards that businesses and government agencies can use to ensure that services are provided to the right people. This includes:
Establishing an interagency task force that will create new methods of creating digital identities and verification methods;
Directing the National Institute of Standards and Technology to create a framework of standards to help guide federal and state agencies when providing digital identity verification services, including an emphasis on privacy and security;
Creating a grant program through the U.S. Department of Homeland Security to give money to states to help with their own digital identity programs, such as drivers’ licenses and other types of credentials. The grants would also help ensure that the uniform standards created by NIST are followed.
“We must take steps to modernize these systems and address vulnerabilities,” Kato said. “Our bill does this by forming a task force on securing digital identities, establishing a standard framework for federal agencies when providing digital identity verification services, and creating a grant program for states to modernize their systems.”
The bill, introduced Friday, is already backed by the Better Identity Coalition, which has been pushing lawmakers to create more secure digital identities since 2018 when it published its own “blueprint” for creating better standards.
Jeremy Grant, the coordinator of the Better Identity Coalition, noted that the U.S. has fallen behind other countries when it comes to creating more secure digital identities, while fraudsters are adopting new methods faster than companies and government agencies can keep up.
Two years ago, we launched @MakeIDbetter to craft common sense policy approaches to improve the privacy, security & convenience of digital identity.
“So many services – in banking, health care, government, and e-commerce – depend on knowing ‘who is on the other side’ of a transaction,” Grant said. “But our old identity systems have not transitioned well to the digital world – creating friction in commerce, fueling increased fraud and theft, degrading privacy, and hindering the availability of many services online.”
“When I look where we are today, relative to where things were back in 2015, I’d say we’re more secure in the authentication space and that authentication is getting easier,” Grant told ISMG. “We’re sort of on the cusp of the post-password world, but where we aren’t as secure is in the identity proofing space, where that’s getting much harder.”