DOCUMENT #:
GSC14-PLEN-068
FOR:
For Information
SOURCE:
ANSI
AGENDA ITEM:
Agenda Item 10, Information Sharing Subjects, ID
Management
CONTACT(S):
Joe Bhatia, ANSI rep to GSC-14
Submitted as an Information Sharing
Subject (ISS) for
the High Interest Subject of “ID
Management and Identification
Systems”
Open Agenda 6.4
ANSI’s Identity Theft
Prevention and Identity
Management Standards
Panel (IDSP)
Information Sharing Subject
From ANSI
Submitted for Joe Bhatia
ANSI representative to GSC-14
What is IDSP?

Cross-sector coordinating body whose objective is to
facilitate the development, promulgation and use of
standards and guidelines to combat ID theft and fraud



Identify existing standards, guidelines and best practices
Analyze gaps, need for new standards, leading to
improvements
Make recommendations widely available to businesses,
government, consumers
IDSP | GSC-14
Slide 3
IDSP Deliverables



Plenary meetings for information sharing on work
underway / networking for active members and those
new to the Panel’s work
Workshops that evolve from the plenary meetings and
Steering Committee discussions that further explore
particular aspects of the issues
Reports presenting findings and recommendations from
the Workshops which in turn may drive future standards
development activity

IDSP itself does not develop standards
IDSP | GSC-14
Slide 4
Steering Committee Composition

Chairman


Secretary


James Lee, C2M2 Associates
Jim McCabe, ANSI
Sustaining Partners
IDSP | GSC-14
Slide 5
Steering Committee Composition

Contributing Members






Affinion Group
ARMA International
Coalition for a Secure
Driver’s License
Debix
General Services
Administration
ID Experts






ID Watchdog
Kroll’s Fraud Solutions
North American Security
Products Organization
TASCET Identity Network
TrustedID, Inc
Underwriters Laboratories, Inc.
IDSP | GSC-14
Slide 6
Steering Committee Composition

At-Large Members




Department of Homeland Security
Institute for Consumer Financial Education
Liberty Alliance
National Institute of Standards and Technology
IDSP | GSC-14
Slide 7
Funding / Membership




IDSP is funded through private and public sector sponsorships
and participation fees
Sponsorship provides appropriate recognition and a seat on the
Panel Steering Committee for those who want a more visible
and active role in shaping the Panel’s direction.
Membership is open to all affected parties
Representatives of the business community and relevant trade
associations, vendors of identity theft protection services,
information security specialists, industry analysts, government
issuers and regulators, standards developing organizations,
consumers and public interest groups, and academia
participate, providing a range of perspectives
IDSP | GSC-14
Slide 8
ANSI-BBB IDSP – Phase 1





A 16 month effort – September 13, 2006 to January 31, 2008
Co-administered by the American National Standards Institute
(ANSI) and the Better Business Bureau (BBB)
Founding Partners: AT&T; ChoicePoint; Citi; Dell Inc.;
Intersections, Inc.; Microsoft; Staples, Inc.; TransUnion; and
Visa Inc.
165 representatives from 78 organizations
3 Working Groups explored life cycle of identity issues

Issuance of identity documents by government and commercial entities
Acceptance and exchange of identity information

Ongoing maintenance and management of identity information

IDSP | GSC-14
Slide 9
ANSI-BBB IDSP Report (Jan 31, 2008)

Summary


Volume I: Findings and Recommendations


Findings and recommendations for areas needing new or
updated standards, guidelines, best practices or compliance
systems
Volume II: Standards Inventory


Excerpt from Volume I: Findings and Recommendations
Catalog of existing standards, guidelines, best practices and
compliance systems
Available for free download at www.ansi.org/idsp along
with replay of Webinar with industry analysts
IDSP | GSC-14
Slide 10
Volume I: Findings and Recommendations






Enhance security of identity issuance processes to facilitate
greater interoperability between gov’t and commercial
sectors
Improve integrity of identity credentials
Strengthen best practices for authentication
Augment data security management best practices, e.g., on
the use and storage of Social Security numbers
Create uniform guidance for organizations on data breach
notification and remediation
Increase consumer understanding of ID theft preventative
strategies, including benefits and limitations of security
freezes
IDSP | GSC-14
Slide 11
Volume II: Standards Inventory

Catalogues . . .







Existing Standards, Guidelines and Best Practices
– PRIVATE AND PUBLIC SECTOR
Laws / Regulations
Proposed Legislation
White Papers
Conformity Assessment Programs
Glossaries of Identity Terms
Research Studies / Reports
IDSP | GSC-14
Slide 12
ANSI IDSP - Phase 2 Charter (April 2008)




Monitor / facilitate implementation of Panel’s
recommendations
Continue to investigate new areas
Provide a forum for information-sharing and crosssector dialogue
Produce a progress report in one year
IDSP | GSC-14
Slide 13
Workshop 1 – Identity Verification
Standards (Launched July 2008)





Fraudsters exploit circularity of agencies relying on but not
authenticating primary USA “identity” documents issued by other
agencies (birth certificates, Social Security numbers / cards, stateissued driver’s licenses / ID cards)
Issuers of such documents need a process by which they can
achieve a level of assurance whether to accept or reject a person’s
claim of identity
Guidelines on identity verification should be developed with a
view toward eventual development of an American National
Standard
Project team developing guidelines led by NASPO (North
American Security Products Organization); members include
NIST, DHS, GSA, NAPHSIS, AAMVA, Colorado Dept. of
Revenue, Coalition for a Secure Driver’s License et al.
Workshop report and guidelines anticipated in the near term
IDSP | GSC-14
Slide 14
Workshop 2 – Measuring / Reporting on
Identity Theft (Launched Feb 2009)





Controversies about research methodologies make it difficult to
measure how well the marketplace is doing in combating identity
theft and fraud, posing a challenge to industry, law enforcement
and consumers
Workshop question: Is a common standard for measuring /
reporting on ID theft desirable and feasible?
Same question with respect to methods for measuring data
breach trends, ID theft protection services and information
security solutions
3 WGs set up to study definitions, research, methodologies
Workshop report anticipated soon
IDSP | GSC-14
Slide 15
Third IDSP Plenary Meeting (April 2009)

A point-in-time look at the state of ID theft prevention
and ID management—progress made / work still
needed. Topics:









Best practices for measuring identity theft
Implementation of FTC red flag rules
Customer authentication and use of Social Security numbers
The need for identity verification guidelines
Identity assurance life-cycle management
Biometric implementation use cases
Medical identity theft
What’s on the horizon for ID theft prevention and ID management.
Post-meeting survey circulated on future work program
IDSP | GSC-14
Slide 16
Related International Activities – Privacy




ISO/TMB task force (TF) exploring standards on
privacy, with focus on protection of personally
identifiable information and fair information
handling
IDSP chair leads virtual U.S. TAG which advises
ANSI’s expert to the TF (Mark MacCarthy,
Georgetown University formerly w/Visa Inc.) / reports
to ANSI ISO Council (AIC)
TF surveyed ISO TCs et al on current / potential
privacy work
Report targeted for September TMB meeting
IDSP | GSC-14
Slide 17
Related International Activities –
Counterfeiting / Fraud




ISO TMB has established ISO/TC 247 Fraud
countermeasures and controls and allocated Secretariat
to ANSI
ANSI advanced proposal for this new TC based on
public comment, IDSP / AIC input
Brought by ANSI member North American Security
Products Organization (NASPO)
Standardization in the field of the detection, prevention
and control of identity, financial, product and other
forms of social and economic fraud
IDSP | GSC-14
Slide 18
To participate /
For more information
www.ansi.org/idsp
Jim McCabe
212-642-8921
jmccabe@ansi.org