With the rise of digital communications for a wide range of applications, it is now a commonplace for important financial transactions, and even everyday transactions, to occur over networks of all kinds, including local area networks (LANs and intranets), wide area networks (WANs and extranets), and the Internet. Formerly these transactions were in many cases conducted in person or over the telephone under circumstances where it was often relatively easy for each person to be assured that the other party is actually the person who the party purports to be—namely, to be assured that the party is authentic. Moreover, such transactions commonly occurred under conditions where the universe of potential partes was relatively limited. Authenticity could under those circumstances often be determined by visual inspection (when the transaction is in person) or by personal recognition of a voice (when the transaction is over the telephone).
When the transactions are conducted over a network, identifying information associated with in-person or telephone-based transactions is far more difficult to obtain. Moreover, the universe of potential parties to such transactions is significantly expanded. These circumstances provide an opportunity for individuals to misappropriate in whole or in part the identity of another person for personal gain or other improper purposes. A partial misappropriation of identity occurs in the case of credit card fraud. In addition there are increasing instances of wholesale identity theft, where the perpetrator assumes the identity of another for a continuing series of fraudulent transactions. Indeed, even in-person and telephone-based transactions provide opportunities for identity theft.
In addition, the ubiquitous nature of the Internet has had an effect on information, essentially personal in nature, which has formerly inhabited the domain of private individuals and their immediate communities, and made that information available to the public; the Internet allows much private information to be transformed into public information. Associated with this loss of privacy is in general a greater risk of identity theft.
Central credit card registries exist to provide credit card owners with a single point of reference for registering credit card numbers and, optionally, providing selected other services for dealing with lost or stolen credit cards (e.g., notifying credit card issuers of the theft). However, a credit card registry may itself be used by an unscrupulous individual to perpetrate an identity theft, whereby, for example, a fraudulent change of address may be given to multiple credit card issuers via a credit card registry.
Smart cards typically include data pertaining to the card holder, but in many instances, smart cards will not protect against identity theft; indeed, even with enhanced security, it may be assumed that smart thieves will or could find ways to steal smart cards and that the information stored on these cards may also be stolen.
In another context, authentication-related issues may be important when a person may have critical information to impart but is unexpectedly impaired (for example by reason of an accident or a stroke while traveling alone, etc.). The impaired person, for example, may have certain strictures governing medical treatment (for example, allergy to penicillin) or important preferences as to the scope of medical treatment to be rendered under life-threatening conditions and as to persons to be involved in deciding about such treatment.