The Justice Department estimates that 700,000 Americans will be victimized this year by criminals who steal their Social Security numbers and wreak havoc with their bank and credit card accounts.
Fortunately, the corporate equivalent of this thievery doesn’t seem to happen much on Wall Street, where trillions of dollars in cash and securities change hands each day with nary a hitch.
Big banks and brokerages do suffer their share of operational glitches, and they’re as vulnerable as any other enterprise to the ever-increasing ingenuity of computer hackers. But the major financial firms have demonstrated that where the monetary stakes are greatest, they know how to protect their assets. They excel at controlling access to systems based on the attributes and permissions of individual employees and clients -- a security specialty known as identity, or trust, management. That puts the financial sector in a position to show the rest of the business world -- fearful of cyber threats and mandated by laws such as the U.S.A. Patriot Act to tighten their security -- how to keep the bad guys out.
“We’ve historically been solving problems of trust management that others are just coming to grips with,” explains Eliot Solomon, president of Securities Industry Middleware Council, a New York association that promotes transaction-processing efficiencies. “Our industry does a very good job deciding, for example, whether a transaction should be handled or not, based on certain operating conventions.”
Solomon explains that those operating standards evolved independently of technological advances -- ranging from automated trade order management systems to elimination of paper stock certificates -- that in recent years have vastly streamlined the clearing and payment systems. Groups such as SIMC and the Belgium-based Society for Worldwide Interbank Financial Telecommunication have taken responsibility to help layer the new technologies on top of older, manual processing methods.
That layering process has been under way in identity management for a number of years. Companies have traded up from simple password-type log-ins to multiple-factor identification -- which might also require a photo badge or smart card, a fingerprint or a special one-time code to open a door or to initiate a transaction, depending on the perceived risk.
The Internet, however, has introduced new levels of complexity, as firms have opened their systems and networks to wider circles of people, including customers and business partners. How can these strangers be authenticated and trusted?
Consider the SecuritiesHub portal, where investment managers scan reams of research generated by sell-side brokerages. Firms not only centralize research distribution; they also manage participants’ authorizations and permissions through Hub ID, a federated -- or multicompany -- identity platform.
“We have been in business since 1999, managing more than 400,000 IDs for 2,500 companies,” boasts Serge Shinkar, product manager for Communicator, the White Plains, New York, company that operates SecuritiesHub and Hub ID. He says Hub ID exemplifies how the financial industry is “one to two years ahead of the curve in ID management services.”
Communicator, one of the first technology suppliers to subscribe to the multi-industry Liberty Alliance federated identity standards, hopes to get on an inside track to meet new ID specifications being drawn up by Solomon’s SIMC. And the payback may go beyond improvements in internal business processes. Communicator, which co-owns SecuritiesHub with leading firms such as Goldman, Sachs & Co. and UBS, has begun marketing Hub ID in the government and health care sectors.
Another authentication service, Identrus, is also keen to capitalize on broader demand. A four-year-old joint venture of Bank of America, Deutsche Bank and other international banks, New Yorkbased Identrus lost momentum as business-to-business commerce fell into disfavor. But under a new CEO, former Capital Markets Co. consultant Karen Wendel, Identrus is plotting a revival.
“There is a critical need for a system that is interoperable and international, that allows me to validate who you are and that you have the authority to do what you are doing,” says Wendel. “This is a killer app if we get it right.”
