VeriSign Announces Online Identity Network

David Schatsky | February 13, 2006, 08:25 AM

The Wall Street Journal reported oday that VeriSign is planning a consumer identification system based on physical tokens such as key fobs or memory sticks intended to be used by multiple companies. According to the article, Yahoo! and eBay's PayPal are initial partners and SanDisk agreed to make its flash-memory drives work on the so-called VeriSign Identity Protection, or VIP, network.

The article says,

"VeriSign hopes to attract numerous banks, brokerages and e-commerce sites to the network in one of these roles, creating a shared system akin to ATM networks to offer fraud-wary consumers greater security, while keeping a lid on costs for participating companies. The initiative could be a boon for VeriSign, by opening up a much bigger market for its user-authentication business."

On one level, the timing for such an initiative is right. The Federal Financial Institutions Examination Council (FFIEC), an advisory body, issued guidelines last year stating that single-factor authentication, such as username and password, provides insufficient protection for many transactions offered by online banks and brokerage firms.

On top of persistent consumer concerns over identity theft and online fraud, Verisign's project, backed by online giants, could gain traction.

The participation of PayPal is important, as tens of millions of consumers already trust it to safeguard their funds but continually need reassurance that security advances are staying ahead of fraudstsers.

Yahoo! probably won't drive a high level of adoption of the network, at least in the near term. Though its user base is enormous, most of its users are not engaged in sensitive financial transations through Yahoo! properties. And just 5% of online consumers we surveyed [http://www.jupiterresearch.com/bin/item.pl/research:concept/77/id=96539] said they'd trust a portal to manage their online identity for access to other online services.

VeriSign might be able to interest financial institutions, especially small and mid-sized ones that lack the funds to invest in proprietary two-factor authentication schemes, in joining the network. We've learned from a high-profile financial institution that deployed such a system on its own that while adoption of it among their customers was low, just offering the service increased customer satisfaction and a sense of security.

Larger institutions, reluctant relinquish control over customer relationships, will mull this over carefully before taking the leap.