Authenticating the identity of an individual is an increasingly important function for operators of communication networks, providers of services over communication networks, entities who receive payment for products and services over communications networks, and others due to the growing problems of identity theft and identity fraud. The theft or misrepresentation of information about the identity of an individual used to obtain access to information, products, services, or anything else of value (personally identifiable information), generally referred to as identify theft and identify fraud, are serious problems that may cost companies millions of dollars every year, and may affect a wide range of enterprises, including online retailers, insurance companies, healthcare companies, financial institutions, government agencies, and others. For example, according to the Department of Justice, about 8.6 million households in the United States experienced some form of identity theft in 2010. The total financial loss resulting from this theft was approximately $13.3 billion. According to the Federal Bureau of Investigation, insurance fraud costs the United States over $40 billion per year, and healthcare fraud costs an estimated $80 billion a year.
Various methods of authentication of the identity of an individual have been used in an effort to prevent identity theft and identity fraud. For example, access to services over a communication network may be controlled by requiring a username (i.e., a unique identifier) and a password (i.e., an additional piece of “secret information”). Further, some additional non-public information may be required by the service provider, such as a social security number, an answer to a “secret question” beyond a password, and the like. However, such security measures may be vulnerable to identity theft and identity fraud because ensuring the security of such information is difficult. In addition, various types of biometric identifiers (e.g., unique physical characteristics) have been used to assist in verifying an authentication, ranging from non-electronic fingerprinting to electronic voice recognition, thumb scans, iris scans, palm scans, face scans, physiological scans, and the like. No identifier, however, is foolproof, whether non-biometric or biometric. Every biometric reader may be subject to “false accept” and “false reject” errors, and as with non-biometric identifiers, ensuring the security of biometric identifiers is difficult. Further, as with non-biometric identifiers, the reliability of biometric identifiers may change depending on the particular transaction in which the individual's identity is authenticated. The reliability of an individual's identity may change, for example, depending on whether the identity is always authenticated in the same location or is sometimes authenticated in different locations.
The authentication of individual signatures associated with documents poses additional challenges. While an individual's handwritten signature may be distinctive, a person's handwritten signature is rarely identical each time the person signs a document, making machine comparison of signatures more complex. Further, handwritten signatures may be subject to copying and fraud. Moreover, verifying an individual's handwritten signature by human visual comparison of samples is inexact and subject to error.
Congress overwhelmingly passed the Digital Signature Act in June 2000, and the law, which went into effect Oct. 1, 2000, gives electronically signed contracts the same legal weight as contracts written on paper and signed with a pen. Some consumer advocates worry that the law will make it easier for criminals to perpetrate fraud based on identity theft. Enthusiasts for the technology counter that criminals will find it more difficult to steal identities. It is possible that both are right. It might be harder for someone to steal your identity, but the consequences could be worse. It is possible for someone to take the identity of someone else online and sign their name and, for example, get a fraudulent mortgage. The misuse of computer networks, the internet, and various avenues within the online community in order to defraud potential victims of identity theft is classified as electronic (or online) forgery. Electronic forgery is quite common within the digital age, and can include the illegal and unlawful reproduction of endorsements in the form of electronic signatures in order to illicitly assume the identity of the victim of identity theft. Verifying the presence of an individual by biometrics may help prevent e-signature frauds. However, human involvement may be required to be sure that a signature is valid, a requirement that may apply to digital signatures as well as pen-and-paper ones.