The Identity Theft Prevention and Identity Management Standards Panel
(IDSP) today released a workshop report calling for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft. The IDSP workshop and report were driven by recognized vulnerabilities in the issuance of foundational documents used to prove identity, in particular the birth certificate. Since agencies typically rely on but do not verify birth certificates and other source credentials such as driver’s licenses and Social Security cards used to establish identity, there is a loophole where identity theft and fraud can occur.
The workshop report is freely available for download at http://webstore.ansi.org/identitytheft.
Administered by the American National Standards Institute (ANSI), the IDSP is a partnership between the private and public sector with the overarching goal of reducing the threat of identity theft and fraud in the marketplace.
According to the 9/11 Commission report, all but one of the 9/11 hijackers acquired some form of U.S. identification document, some by fraud. The Commission recommended that the federal government should set standards for the issuance of birth certificates and sources of identification, such as driver’s licenses. As a result, the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) and the REAL ID Act of 2005 require verification of identity prior to the issuance of birth certificates and driver’s licenses / ID cards, respectively. However, the IRTPA regulations have not yet been released even in draft form and the REAL ID regulations do not provide practical guidance on how to corroborate a claim of identity under different circumstances.
As a tool for fraud prevention, participants in the IDSP workshop recommended that guidelines on identity verification should be developed with a view toward the eventual development of an American National Standard. The primary end users for such guidance would be agencies involved in the issuance of source credentials, including state vital statistics offices, state motor vehicles offices, and the Social Security Administration. However, the guidance could have broader application to other organizations that need a robust identity vetting process.
A project plan was developed and a team formed to take this work forward under the leadership of the North American Security Products Organization (NASPO), an ANSI-accredited standards developer. See www.naspo.info for a summary of the work done to develop identity verification guidelines.
“Participants in the workshop concluded that a common systematic process is needed to achieve a level of assurance whether to accept or reject a person’s claim of identity,” said Dr. Graham Whitehead, director of standards development for NASPO and the project’s leader. “A strong identity verification process will go a long way toward preventing credentials from getting into the hands of terrorists and identity criminals.”
The report cites other envisioned benefits of identity verification guidelines to include reducing waste, fraud, and abuse in government programs; limiting underage access to alcohol, tobacco, or other age-limited products and services; and reducing or eliminating criminals’ ability to evade law enforcement through the use of fraudulent identities. They will also enhance the security and credibility of government and commercial credentials issued downstream, such as public and private-sector employment identification cards, U.S. passports, Medicare / Medicaid cards, and credit / charge cards.
The Identity Theft Prevention and Identity Management Standards Panel (IDSP) is a cross-sector coordinating body whose objective is to facilitate the timely development, promulgation, and use of voluntary consensus standards and guidelines that will equip and assist the private sector, government, and consumers in minimizing the scope and scale of identity theft and fraud. Sponsored by the American National Standards Institute (ANSI), the Panel’s sustaining partners are AT&T, IdentityTruth, and LexisNexis. For more information, visit www.ansi.org/idsp.
ANSI is a private non-profit organization whose mission is to enhance U.S. global competitiveness and the American quality of life by promoting, facilitating, and safeguarding the integrity of the voluntary standardization and conformity assessment system. Its membership is comprised of businesses, professional societies and trade associations, standards developers, government agencies, and consumer and labor organizations. The Institute represents the diverse interests of more than 125,000 companies and organizations and 3.5 million professionals worldwide.
The Institute is the official U.S. representative to the International Organization for Standardization (ISO) and, via the U.S. National Committee, the International Electrotechnical Commission (IEC), and is a U.S. representative to the International Accreditation Forum (IAF). ANSI currently has offices in New York City and Washington, DC. For more information about ANSI, see www.ansi.org.