There is one thing that everyone committed to thwarting criminal activity has in common: a desire to stop the bad folks from doing bad things. History has shown us that the three C’s of cooperation, collaboration and communication are key in highlighting where and how criminals are looking to act, and thereby helping to keep potential victims aware and vigilant. Knowledge, particularly shared knowledge, is power.
There are, of course, two views on the sharing of information – one that upholds the right for privacy and data security, one that prioritizes a joint approach to data security. When these views conflict, the privacy and data security argument will often prevail. But that might be changing, certainly in the UK with the controversy around the “Snooper’s Charter”.
I have no doubt that the collective interests of the “white hats” (those trying to keep us safe and secure) would be best served by liaison and appropriate, proportionate data sharing where necessary. This should be not just intra-sector or intra-industry but inter-sector and inter-industry.
Individual industries or sectors often have trade or collective member associations that do a great job of representing their constituents. Multi-sector discussions have proven far more difficult to broker satisfactorily. And yet the criminals are not constrained by the same divisions of geography, sector, industry or organization.
In the fight against fraud, and in deference to aggressive know-your-customer compliance requirements, most sectors are now finding themselves not just expected but compelled to properly authenticate who they are dealing with. Whether for application, concession, authorized access, value exchange or whatever, being able to assure that credentials are authentic – and ensuring proof of authenticity does not result in exposing credentials that can be nefariously repurposed if intercepted – is exercising some of the greatest information security minds of our generation.
Today I took part in the Project CAMINO 3rd Experts Workshop at Royal Hollloway, University of London. I was part of an expert panel discussing the challenges of “Identity and Strong Authentication,” especially in light of changing requirements across the landscape of SecuRe Pay, eIDAS, Payment Services Directive 2, etc.
In this discussion, I brought up the MIDAS Alliance, a global organization that includes key stakeholders in the information security community from all sectors. MIDAS stands for Mobile Identity Authentication Standard, and the Alliance has the primary aim of promoting information security and authentication innovation through collaboration by creating an arena for knowledge sharing.
The MIDAS Alliance intends to help bridge the gap between the regulatory and industry outlook on preventing security breaches. It is being forged in the coming weeks to develop payments standards that will provide solutions for simple processes to prevent online fraud.
Most industry commentators have often referenced the absence of a “silver bullet” when dealing with criminals and, especially, identity or credential theft and remote payment fraud. While that remains true, the MIDAS Alliance and the cooperation it represents means that we “white hats” are finally able to take the fight back to the “black hats” on multiple fronts.