Strong Authentication at the Point of Transaction
As more and more industries shift towards paperless transactions, organizations are realizing that identity-based regulations are becoming more common and stringent across various industries. As a result, transaction-level authentication will be the norm in any situation where a person's identity is an important element of the transaction.
Recently, according to a Federal Computer Week article, the Drug Enforcement Administration proposed rules to allow e-Prescribing of controlled substances, such as painkillers and stimulants. The proposed rules require doctors to use two forms of identification for each transmission of e-Prescriptions for controlled substances in addition to an annual audit of each system by a certified public accountancy. Under current rules, doctors may use e-Prescribing for most prescriptions but must sign a written prescription for Schedule II controlled substances, such as Nembutal, OxyContin and opium. The DEA rule, if it becomes final, would allow doctors to use the same system for generating and transmitting all prescriptions.
In addition, other industries are keenly exploring transaction-level security. Wherever there is a need for an absolute audit trail, wherever there is strict regulation like GLBA, HIPAA and PCI -- whether government-driven or industry-driven -- transaction level security is becoming a crucial element that both companies and software vendors must take into consideration as organizational processes shift toward paperless transactions. Here is a snapshot of notable industries and the activities that are sparking interest in transaction-level security:
- Healthcare: electronic pharmacy transactions involving either high-value or high-volume purchases of prescription drugs
- Banking: electronic funds transfers where cash is moved in and out of accounts
- Legal: document and transaction tracking is key to ensuring a deal is legitimate and authorized
- Pharmaceutical: adding or updating testing data
- Manufacturing/logistics: controlling inventory
I believe that these instances of positive identification authentication requirements are just the tip of the regulation iceberg. Whether government-driven or industry-driven -- transaction level security is becoming a crucial element that both companies and software vendors must take into consideration as organizational processes shift toward paperless transactions. Moreover, the business case for transactional strong authentication is very appealing, as authenticated electronic transactions can ensure a more efficient and accountable order system.
Are you about to embark on a paperless journey? How are you dealing with strong authentication with your transactions? I'd love to hear your stories.