Authentication

When consumers attempt to withdraw money from a bank, rent movies from a video store, write checks, or obtain passports for international travel, they are required to provide one or more forms of identification that authenticate who they are or prove their identity. These situations usually involve face-to-face encounters with other people in the physical world. E-commerce occurs on the Internet, where a general atmosphere of anonymity pervades. In general, it is possible to do a wide variety of things online without divulging one's identity. However, when it comes to engaging in financial transactions and building trust between buyers and sellers, the issue of authentication is just as important online as it is offline. Put simply, parties engaging in transactions and attempting to access closed systems must be able to prove that they are indeed who they say they are.

Security is a cornerstone of e-commerce, as it helps alleviate fears consumers and businesses may have about conducting transactions online. According to e-tailing, authentication is one of five requirements necessary for secure e-commerce. It must occur prior to authorization, which allows entry and access to a system, and fulfills three critical functions: it ensures confidentiality, maintains data integrity, and provides non-repudiation (making it difficult for entities to deny involvement in electronic transactions).

A wide variety of methods, used alone or in combination, are employed to authenticate online entities of businesses or individuals. User names and passwords are perhaps the most basic means of authenticating users. In this scenario, someone gaining access to privileged information, such as bank-account data or credit-card information, is required to enter a user name, which is normally not secret, as well as a secret password consisting of varying character combinations of letters or numbers. Personal identification numbers (PINs), digital certificates, biometrics, and RSA SecurID tokens were other common methods by which users were authenticated in the early 2000s. Biometrics, an emerging technology, involved a range of equipment—including voice recognition software, retina scanners, fingerprint readers, and cameras—that identified unique physical characteristics. Such devices could be installed on both laptops and desktop computers. As described in Information Security, "SecurID tokens are essentially one-time passwords for user authentication and can be used to authenticate to a Windows domain. The time-synchronized SecurID card has an LCD screen that shows a string of numbers that changes every minute." Along with a PIN number, such numeric strings are used together when users attempt to gain access to certain systems.