by Dr. Brad Paulson, Thor Engineering, ICMA Standards Representative

Currently, identity fraud is one of the fastest growing criminal activities in the United States. Every year, there are 9.3 million identity fraud victims in the United States, at an average of $6,383 each, costing consumers and financial institutions nearly $56 billion every year. Clearly, identity theft and fraud have become the most prominent marketplace issues in the United States in recent memory, and a threat to commerce. Consumer groups, industry coalitions, independent corporations and government agencies have called for, and are actively pursuing, solutions and preventative strategies on this issue.

The Council of Better Business Bureaus (CBBB) and the American National Standards Institute (ANSI) recognize the role that timely and collaborative consensus standards can play in guiding the broad-based implementation of solutions across the marketplace. Both organizations are advocates of industry self-regulation when and where possible.

Accordingly, on 13 September 2006, ANSI, in partnership with the Council of Better Business Bureaus launched a new standards panel to address identity theft prevention and identity management standards – the Identity Theft Prevention and Identity Management Standards Panel (IDSP). The IDSP is to serve as a cross-sector coordinating body, applying use-case practices to promote and harmonize the timely development of voluntary consensus standards to minimize the scope and scale of identity theft. A timetable of 12 to 18 months has been set for the panel to produce a comprehensive resource of standards and guidelines that business and other organizations can use to prevent and respond to identity theft and fraud. The Panel will:

1. Identify and catalogue existing standards, guidelines, best practices, and related compliance systems focused on identity theft and fraud, including definitions, threats, and identity management solutions, that could positively impact this issue, and
2. Identifying areas needing updated or new standards, guidelines, best practices, or compliance systems, which could further minimize the threat of identity theft or enhance identity management.

The recommendations of the Panel for revised or additional standards shall serve as a call to action for further work by the standards development community. Issues to be explored by the IDSP include managing access, storage and disposal of customer and employee data, personnel qualifications and training for the handling of sensitive data, criteria for selecting data contractors, and recapturing and restoring the integrity of stolen identities. The aim is to produce a comprehensive, cross-sector set of requirements and best practices that businesses and other organizations can use to prevent and respond to identity theft and fraud and protect the confidential personal data of employees and customers.

Comprised of a wide range of stakeholders, the intends to develop a comprehensive resource of standards and guidelines that businesses and other organizations can use to prevent and respond to identity theft and fraud. The panel will engage the broadest possible participation of all affected parties to select the specifications and best practices most applicable to combat identity fraud; it is being organized so that it shall not be disproportionately dependent upon any single organization or stakeholder group.

Initially, participating partners were composed of nine founding companies, AT&T, Citi, ChoicePoint, Dell Inc., Intersections Inc., Microsoft, Staples, Inc., Transunion, and Visa U.S.A (as of 17 March 2007, the participants had expanded to 80 organizations); these founding partners form the executive leadership of the Panel Steering Committee. Three Working Groups were established to carry out the work of the Panel:

1. WG1 Issuance – will identify and assess standards relating to the issuance of identity documents by government and commercial entities.
2. WG2 Exchange – will focus on standards pertaining to the acceptance and exchange of identity information.
3. WG3 Maintenance – will address standards relating to the ongoing maintenance and management of identity information.

Membership in IDSP is open to all affected parties. Representatives of industry, standards development organizations, trade and professional associations, government agencies, consumer groups, organized labor, academia, and other groups are welcome to join.

Brad Paulson, Ph.D., is the ICMA Official Standards Representative and concurrently serves as principal and founder of Thor Engineering, a consulting company he started in 2001 to test and evaluate media and materials to determine failure modes and recommend material and process improvements. Views expressed here are his own. Questions? Contact Brad at Tpaulson@rconnect.com.