Consumers have become increasingly concerned about distributing personal information over the Internet, especially when the information requested is personally identifiable information (PII) which could be an attractive target for an identity thief. The ease of identity theft in the digital realm has generated concern among the public, including governments, industry, law enforcement and public interest organizations. Merchants, marketing firms, banks, and other institutions maintain large centralized databases that include names, addresses, credit card numbers and other personal information. These databases are potential targets for hackers. The vulnerability of this personal information discourages participation in Internet commerce.
Consumers may feel particularly vulnerable when engaging in an online transaction involving a plurality of entities. In this instance, the consumer is often required to provide personal information to all of the involved entities. Replicating distribution of the personal information increases the risk of identity theft.
Identity theft is generally more difficult to detect than other types of theft since an individual may not discover the theft for an extended period of time. Although an identity theft may not be immediately discovered, its effects can be devastating. Credit history and credit ratings can be ruined by identity theft. An individual using a stolen identity can create a criminal record. These records created by fraudulent use of an identity can be difficult to correct.
Aside from the creation of a fraudulent identity, other unauthorized uses of personal information may also discourage consumers from distributing this information over the Internet. For instance, merchants may share information for the purposes of targeting marketing activities. Consumers may receive unsolicited and unwanted marketing materials and unknown parties may have access to a consumer's merchandise preferences. This use of personal information may even discourage consumers from providing less intrusive information such as zip code, age and gender, which do not rise to the level of PII.
Current solutions to the identity theft problem involve keeping consumer information stored in large centralized databases private through hardware and software firewalls or encryption technologies. However if these technologies fail to keep unwanted parties out of the databases, all of the information will be exposed.
Increasing attention has been given to digital rights management (DRM) through which an individual is able to selectively confer rights to personal information. Another measure for restricting information distribution involves limiting the scope of distributed information such that personally identifiable information (PII) does not include enough information to enable identity theft.
Another measure that has been used to prevent identity theft is the issuance of a unique purchase number each time a credit cardholder makes an online purchase. This is sometimes referred to as a “single use” credit card number. Increasing attention has been given to digital rights management (DRM) through which an individual is able to selectively confer rights to personal information. Additionally, credit watch services are available to provide email alerts to consumers when a change to a credit report occurs or when a new account is opened.
The aforementioned solutions do not distribute identity information narrowly for online transactions and further do not provide an effective, overall approach to identity protection that operates both to prevent theft of personal information and to alert a consumer if such a theft occurs. Accordingly, there is a need for a solution which protects personal information used in electronic transactions using a distributed identity model. There is also a need for a comprehensive approach for protecting identity theft in online transactions which includes tracking the consumer's identity information and alerting the consumer to an identity theft.