Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Online shoppers want central ID

According to a recent MasterCard (NYSE: MA) survey, U.S. consumers identified "entering payment, billing and shipping information" as one of the main pain points of the online shopping experience, top...

See article

The flaws of common ID?

I too would prefer to have a single common method of identifying myself online: a single common avatar that I use across all sites, with a single common (complex and strong) method of authenticating myself.

But as the editor of a UK technology magazine has just discovered (@bazzacollins), illicit access through that common identifier can have widespread consequences.

He was trialling Hotmail for two weeks rather than GMail. Unfortunately, his account got broken in to and spam mail started flooding out. OK, embarrassing but nothing more than that, surely?

Well, Microsoft use a single sign on system (a form of federated identity) across more and more of their products (your Windows Live ID). So gaining access to Hotmail potentially opened up everything else. With Windows now requiring you to sign in using your Live ID, everything on your PC could potentially be at risk.

We see this federated identify principle spreading across the web - how many sites can you now sign in to using your Facebook ID, your Google ID, your Twitter handle and more?

If a bank or payment service wanted to allow you to use a federated ID, which would they pick, which would they trust, and as importantly, which would you trust? Are federated identity services secure enough yet for controlling access to your banking relationships? What else can be done for you to prove that it is really you?

Unfortunately there is a balance to be made between security and usability. As we go more and more mobile, how many of us want to be carrying around multiple methods of identification (from printed code grids, to one-time passcode tokens)? We could start using other methods of supplementing authentication - for example using our physical location to enhance a cardholder present transaction, but what other options are there?

I'm not sure we're set for a true common identity yet, ideal as it may be. Then there's the issue of who looks after all that data, and who can get access to it - and that could be an entire post in itself.


Comments: (0)

Tim Tyler

Tim Tyler

Product Manager


Member since

29 Jul 2010



Blog posts




This post is from a series of posts in the group:

Innovation in Financial Services

A discussion of trends in innovation management within financial institutions, and the key processes, technology and cultural shifts driving innovation.

See all

Now hiring