Online identity theft: Many medicines, no cure

As the incidence of online identity theft has steadily climbed in recent months, banks and online retailers have struggled to stay on top of the problem and to protect their customers, whose personal financial information and online account details are coveted by criminals. But as problems like phishing scams change from e-crime phenomenon to endemic online threats, technology companies -- both large and small -- are bringing products and services to market that they claim can end, or greatly reduce, the threat of online identity theft.

These are some of the technologies aimed at curbing online identity theft:

-- Antiphishing toolbars: These lightweight applications, or applets, were some of the first tools specifically created to stop online scams like phishing. These free programs have been offered to customers by eBay Inc., Internet service providers (ISPs) EarthLink Inc. and America Online Inc. (AOL), and other companies, including GeoTrust Inc. and CoreStreet Ltd. The programs are usually plug-ins adding an extra toolbar to a user's Web browser interface. The programs verify Web site URLs (uniform resource locators) and warn about Web sites that hide their true addresses. Antiphishing tools are effective against phishing scams that use spam to direct Internet users to Web sites controlled by thieves, but designed to look like legitimate e-commerce sites. However, such tools do nothing to secure sensitive financial information online.

-- Antiphishing services: Phishing prevention services are designed to spot and thwart new threats, including brand monitoring services such as FraudProtect by MarkMonitor Inc., Symantec Corp.'s Online Fraud Management Solution, VeriSign Inc.'s AntiPhishing Solution and services by NameProtect Inc. Most of these services use a distributed network of sensors to monitor e-mail traffic, news groups and Web domain registrations, spotting new scams, such as phishing attacks. The services promise to enable companies to move quickly to crack down on fraudulent Web sites that use their names and also give customers advanced warning about scam e-mail messages making the rounds.

-- Payer authentication and smart cards: Online security advocates often cite smart cards as a cure-all for online fraud. The cards combine traditional plastic credit cards with microprocessor chips that can store far more information about the cardholder than older, magnetic-strip cards. Among other things, smart cards can store PINs (personal identification numbers) or biometric identifiers that could be used at the point of purchase to verify the purchaser's identity, making theft of an account number or credit card inconsequential.

Smart cards are ubiquitous in Europe, and the U.K. banking industry has recently launched a major, nation-wide rollout of smart card technology through its "Chip and PIN" program, which will replace magnetic-strip cards and do away with signed receipts for "card present" purchases. But banking officials in the U.S. cite a number of obstacles to widespread smart card use, including an existing infrastructure of millions of card readers that do not support the new cards.