The White House unveils an online security roadmap

The strategy calls for the private sector to develop e-commerce fraud-prevention tools.

Allison Enright

The White House last week outlined a strategy designed to make online transactions more secure for businesses and consumers. The National Strategy for Trusted Identities in Cyberspace, or NSTIC, calls for the private sector to work with the federal government to develop technologies that will help to make consumers’ identities more secure online. Such a move could boost consumers’ confidence and enable businesses to conduct more security-sensitive transactions online, backers say.

“By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumer new confidence, and we will foster growth and untold innovation,” said President Barack Obama in a statement.

The NSTIC calls for the creation of an “Identity Ecosystem” in which consumers will have a variety of tools—provided by private-sector companies—to select from to secure their identities online. These tools could take many forms, such as smart cards, tokens, mobile phone software programs or other technologies not yet created, the report says. A consumer would select a single tool to provide her credential and use that to identify herself online. This would eliminate her from having to register—and remember—a user name and password at each e-retail site she purchases from because she would use the secured credential instead. Participation is voluntary for consumers.

“In the current online environment, individuals are asked to maintain dozens of different usernames and passwords,” the NSTIC report says. “The complexity of this approach is a burden to individuals, and it encourages behavior—like the reuse of passwords—that makes online fraud and identity theft easier.”

The NSTIC says strengthening online security will benefit companies because it will allow them to bring more transactions online, fight fraud and lower information technology and operational costs related to managing customer accounts. E-retail sites, for example, would be able to replace their log-in systems with software that follows the Identity Ecosystem privacy and security requirements. Sites that meet the Identity Ecosystem requirements would be able to display a special “trustmark” logo that identifies it at as a site that follows the plan.

“Individuals, businesses, organizations and all levels of government will benefit from the reduced cost of online transactions: fewer redundant account procedures, a reduction in fraud, decreased help-desk costs and a transition away from expensive paper-based processes,” the report says.

The White House describes the development of the security standards, technologies and policies as a private-sector led effort that is being facilitated by the government through the U.S. Department of Commerce. The goal is to have an initial system in place and available to consumers in three to five years, with full implementation within 10 years.


federal regulation, Identity Ecosystem, Identity theft, mobile phones, National Strategy for Trusted Identities in Cybers, NSTIC, online fraud, online privacy, online security, President Obama, Smart cards, software, tokens, U.S. Department of Commerce, web passwords