New code of practice for Enhanced Identity & Authentication Online

BSI, the business standards company has commenced work on PAS 499, a new standard for enhanced identity and authentication online. Identity and authentication underpin all online transactions, and recent legislative developments, ranging from the Electronic Identity, Authentication and Signatures Regulation (eIDAS) to the General Data Protection Regulation (GDPR), and financial services specific Payment Services Directive 2, have acknowledged the need for greater degrees of cyber security to be adopted. In order to provide greater clarity on how industry can best adapt to meet these regulatory challenges the MIDAS Alliance was formed [] to work with BSI on developing a standardized approach across industry. PAS 499 gives recommendations for identity, validation, verification and authentication for online transactions and services in this context. It covers privacy enhancing technologies (PET), personally identifiable information (PII), enrolment at different levels of assurance, strong authentication, anonymity and anti-money laundering (AML), liability, device identification, mutual authentication, and biometrics. Andrew Churchill of the MIDAS alliance says:

Cybercrime and fraud are the fastest growing areas of criminal activity, and vulnerabilities in identity and authentication practices account for much of this unwelcome growth. Adoption of enhanced identity and authentication techniques are essential to make secure the ever increasing number of online transactions and services that a successful digital economy needs. However if industry sectors adopt different approaches to achieve this, the resulting fragmentation will cause considerable discontent among businesses, the public sector and consumers” Keiran Millard of BSI’s Standard Solutions team says “PAS 499 is an excellent example of an industry sector using standards to deliver business benefit. MIDAS has brought together the key sector players and combining this with BSI’s robust and transparent standards development process means an approach agreed by all can be realized to address this important topic.