BSI, the business standards company has commenced work on PAS 499, a new standard for enhanced identity and authentication online. Identity and authentication underpin all online transactions, and recent legislative developments, ranging from the Electronic Identity, Authentication and Signatures Regulation (eIDAS) to the General Data Protection Regulation (GDPR), and financial services specific Payment Services Directive 2 (PSD2), have acknowledged the need for greater degrees of cyber security to be adopted.
In order to provide greater clarity on how industry can best adapt to meet these regulatory challenges the MIDAS Alliance was formed www.midasalliance.org to work with BSI on developing a standardized approach across industry.
PAS 499 gives recommendations for identity, validation, verification and authentication for online transactions and services in this context. It covers privacy enhancing technologies (PET), personally identifiable information (PII), enrolment at different levels of assurance, strong authentication, anonymity and anti-money laundering (AML), liability, device identification, mutual authentication, and biometrics.
Andrew Churchill of the MIDAS alliance says “Cybercrime and fraud are the fastest growing areas of criminal activity, and vulnerabilities in identity and authentication practices account for much of this unwelcome growth. Adoption of enhanced identity and authentication techniques are essential to make secure the ever increasing number of online transactions and services that a successful digital economy needs. However if industry sectors adopt different approaches to achieve this, the resulting fragmentation will cause considerable discontent among businesses, the public sector and consumers”
Keiran Millard of BSI’s Standard Solutions team says “PAS 499 is an excellent example of an industry sector using standards to deliver business benefit. MIDAS has brought together the key sector players and combining this with BSI’s robust and transparent standards development process means an approach agreed by all can be realized to address this important topic.”
PAS 499, which advocates believe could be developed in as little as nine months, is expected to give recommendations for identity, validation, verification and authentication for online transactions and services in this context. It will cover privacy enhancing technologies (PET), personally identifiable information (PII), enrolment at different levels of assurance, strong authentication, anonymity and anti-money laundering (AML), liability, device identification, mutual authentication, and biometrics.
A PAS (Publicly Available Specification) is a document that standardises elements of a product, service or process. PAS’s are usually commissioned by industry leaders, typically individual companies, SME”s, trade associations or government departments. Commissioning a PAS can put the originator in the driving seat for setting the agena in their sector, helping them work with regulators , set an agreed level of good practice or quality and establish trust in an innovative product or service, the BSI says.