Online identity theft: Many medicines, no cure

-- Fraud screening and prevention: Lacking strong authentication at the point of purchase, most credit card companies and merchants in the U.S. name fraud screening technology as their first and best defense against fraud. Companies in this space, including VeriSign, ClearCommerce Corp. and CyberSource Corp., use a variety of filters to analyze transaction patterns for individual consumers or groups of consumers, and to spot suspicious activity. For example, companies might flag a pattern of rapid, high-value transactions and spot discrepancies between the geographical location from which the order was placed and the billing address, or look askance at transactions with different billing and ship-to addresses, according to Julie Ferguson, co-founder and vice president of emerging technologies at ClearCommerce.

-- Consumer authentication services: Recent deals between security technology companies and major ISPs and consumer software vendors could bring multifactor authentication technology into the mainstream. In September, RSA Security Inc. and AOL announced a new program called "AOL PassCode" that will encourage AOL customers to use RSA SecurID tokens to protect account information. On the same day, VeriSign announced its Unified Authentication program, which it said will reduce the cost of "strong authentication," such as one-time passwords or hardware smart cards. In October, RSA announced the availability of SecurID for Windows, a secure token that will make it easier for users to log on and off to Windows machines using multifactor authentication, while VeriSign and AOL said they would investigate ways to extend the Unified Authentication program to AOL members.

Experts agree that the sum of those announcements is more and less expensive access to strong authentication technology -- AOL's Passcode token costs only $9.95. Consumer strong authentication programs could also create an infrastructure that banks and online retailers build on to strengthen interactions with their own sites, according to Gil Danieli, vice president of technology at EverBank National Banking Group, an online bank.

For now, Passcode and SecurID for Windows haven't been expanded to protect access to online banking or e-commerce services, such as Apple Computer Inc.'s popular iTunes, with which AOL has a relationship through its AOL Music service. But such applications aren't out of the question in the future, according to Ned Brody, senior vice president of premium services at AOL.