The responsibility of safeguarding ones identity and personal information is very important. It has become evident that the use of the internet has become an integral part of daily life. Traditional communication methods have increasingly moved to the internet, emails and e-commerce has gained a large share of how businesses are conducted. Because of this shift more personal information is being communicated online and safeguarding this information has become a big issue. Criminals have always sought to get personal information and have now become increasingly tech savvy in their attempts to steal information. Consumers and businesses have a responsibility to take steps to minimize unauthorized access of personal information. Safeguarding your personal information has become a challenge as businesses collect your personal shopping habits and track your shopping preferences on the web. It is a fact that personal information is bought and sold regularly for marketing purposes; however criminals have seized the opportunity to gain access to personal information by using phishing scams to steal your personal data. Based on research, The Economist (2001) reports that identity theft, defined as the appropriation of someone else's identity to commit fraud or theft, continues to be one of the fastest growing white-collar crimes in the United States. Identity theft can occur when another person, using a victim's personal information (most often social security number, name and address), opens up a credit card account (or other accounts such as a wireless phone) and incurs expenses (Milne, 2003). Identity theft is typically not a standalone crime but, rather, part of a larger criminal act, such as credit card fraud (O'Neill & Xiao, 2005). Prior to the use of the internet thieves would acquire personal information by rummaging through trash, stealing wallets, and stealing mail. But now with advancing technology thieves have the ability to hack systems and spoof sites to gain access to peoples' personal information.
The cost of this type of crime is immeasurable because the impact is not just of a financial nature. In some cases the impact is far reaching and affects so many areas of peoples' lives, the biggest of which is the stress associated with being a victim. Identity theft victims suffered more than $24.7 billion in direct and indirect losses in 2012 -- that's more than the combined $14 billion in losses consumers experienced from other types of theft (burglary, motor vehicle theft and other property theft) in the same period. About 16.6 million U.S. residents ages 16 and older were victims of at least one incident of identity theft last year (DiGangi, 2013). There has been research that identified some groups have a higher potential to be a target based on their income levels. Victims' income level does seem to influence the people that are targeted. Using multivariate probit analysis, Anderson (2006) found that those with incomes in excess of $100,000 have a 75 percent greater risk of experiencing identity theft than those with incomes of less than $25,000 (Anderson, Durbin, and Salinger, 2008).
Most of the time people are not aware when they have been a victim of identity theft, unless it is a breach of their finances and even then they don't always monitor their accounts as closely to catch these attacks. About 45 percent of identity theft involving existing accounts was discovered by financial institutions. That percentage drops to 15 percent among victims whose personal information was used to open a new, fraudulent account, but 21 percent of those victims found out about the fraud when another type of company or agency reached out to them, and 13 percent of that victim pool found out when they received notice of an unpaid bill (DiGangi, 2013). Stolen information can be used to create a separate identity where someone opens other accounts with your information and runs up the bill and leave you with the responsibility of the debt, which can potentially ruin your credit if these accounts go into collection. These statistics highlight how prevalent this type of crime is and how it can go undetected for long periods of time until there is a negative impact, for example denial of credit for delinquent accounts that you have no knowledge of.
On average, victims whose personal information was misused suffered direct losses of
$9,650 (the median was $1,900). New account fraud victims experienced an average of $7,135 in direct losses ($600 median), and credit card fraud victims averaged direct losses of $1,003 ($200 median) (DiGangi, 2013). As you can see the dollar amounts involved in identity thefts are vast and varied, many people are affected in a variety of ways, such as the inability to get credit card approval, home loan, and employment if credit worthiness is a requirement of the job. Identity theft does not always involve finances; using some ones identity to create and live a fake life is another aspect of this crime. By stealing personal information such as your social security number, date of birth and other personal information someone can create and live an alter life without your knowledge. These schemes can be very elaborate and well put together, which is why sometimes they are hard to discover and lead to a wide variety of issues for victims. Although most identity theft victims do not lose money personally, the perpetrators who abuse credit under their victims' names create a record of poor financial responsibility, resulting in negative account history and lower of credit scores. Individuals whose personal information that has been compromised and abused are more likely to have financial issues such as debt collectors, continuously fixing credit reports because of identity theft.
Identity theft can affect your ability to get and maintain a good credit score. Close to 100 million additional Americans have their personal identifying information placed at risk of identity theft each year when records maintained in government and corporate databases are lost or stolen. These alarming statistics demonstrate identity theft may be the most frequent, costly and pervasive crime in the United States (Douglas, Britt, Palmer, Lubsen, and Lodrick, 2012). As noted this type of crime can be quite lucrative and thus it encourages more people to try to cheat the system. Dealing with a crime like identity theft can be very frustrating. Having your personal life invaded makes you feel vulnerable, helpless and exposed. You may or may not know who has committed this act; you may have anxiety because you don't know how much of your personal information has been compromised. It can be daunting to feel as if you're fighting against a phantom enemy -- 32 percent of identity theft victims knew how their information was compromised, but only 3 percent of credit card fraud victims knew anything about the offender. But the potential for financial problems after identity theft provide more than enough motivation for making security a priority (DiGangi, 2013). The feeling of once bitten twice shy is a sentiment that is felt and thus efforts to safeguard your personal information is increased.
The methods and schemes that thieves have used to gain access to personal information have become quite extensive. The sophistication level of professional identity thieves involved in organized crime continues to grow along with the methods they develop. From individually tailored phishing and vishing scams, to increasingly successful hacks of corporate and government databases, to elaborate networks of botnets designed to hijack millions of computers without any trace, there is an ever-increasing threat to all Americans. At the same time, traditional methods of identity theft continue unabated and unchecked, making this crime even harder to stop. From stealing wallets and purses, to dumpster diving and stealing mail, to the use of pretext and social engineering to deceive customer call centers into releasing personal account information, the original methods of identity theft still work (Douglas et al., 2012).
The methods used to gain access to peoples personal information is ever changing; it makes the task of preventing this crime from being perpetrated a constant challenge and very time consuming. If companies would change their policy and apply greater vigilance on the part of the merchants involved they could have prevented many identity frauds (U.S. Senate Committee on the Judiciary 200Ob) (Sovern, 2004). There are steps that can be taken as consumers to help protect our personal information from being accessed by unauthorized sources. In an article written by Brynko and Ebbinghouse they concluded that there are 10 steps to take to help prevent identity theft. The steps include getting a free copy of your credit report from the 3 credit reporting agencies annually but spacing them out 1 every 4 months so your credit can be monitored throughout the year. A fraud alert can be placed on your credit by the credit reporting agencies at your request. With this feature you have to be contacted for permission to establish any new credit for 90 days. Military people who are deployed have something similar called an active duty alert. Freezing your account can also be done which prevent credit reporting agencies from sharing your information without your permission. Because information is gathered from stealing mail, prevent unauthorized access and tampering by restricting access to your mail using a locked mailbox or getting a postal box. Requesting a substitute or a temporary credit card number for internet purchases, this keeps your regular card information secure. Use a web browser to alert you if access a known phishing web site. Keep your computer secure by installing the latest patches and updates to prevent spyware and malware from being uploaded on your computer. Check Social Security Earning Statement that come in the mail too monitor earnings for prior year, if income is higher than what you make someone is probably using your social security number. Also thieves do target children's social security number so monitoring this is also a wise thing to do. Check with your bank to see if they can add a photo ID to your credit card and on the back write in the signature block "PHOTO ID REQUIRED" or "CHECK PHOTO ID." This is done to help prevent your card from being used by thieves.
In addition to these steps use a cross cut shredder to shred mail and any documents that contain your personal information will help to safeguard your personal information. Preapproved offers make the process of getting credit in your name easier for thieves if they have gathered much of your information already. Everyone has a choice they can choose to opt-out by calling (888) 567-8688 (888-5-OPT-OUT) to prevent preapproved credit offers from being sent out to you. If stolen from your mailbox, these preapproved cards can become carte blanche for ID thieves (Brynko & Ebbinghouse, 2005). Some banks offer services to notify you if they see suspicious activity on your account. I have personally had a situation where I was trying to make a large purchase using my credit card and my credit card company thought the purchase was suspicious so I had to contact them to allow the purchase. This incident made me feel more secure that my credit was being protected. It is important to note that none of the actions by themselves are 100% guaranteed to stop attempts and attacks on your information but every effort helps to making you less of a target. As the methods used to perform identity theft expand, so do the types of accounts and services being stolen by identity thieves. Credit, debit, checking and saving accounts are no longer the only targets. Identity fraud has grown to include theft of cell and landline phone service; cable and satellite television service; power, water, gas and electric service; Internet payment service; medical insurance; home mortgages and rental housing; automobile, boat and other forms of financing and loans; and, government benefits. Identity thieves will also use stolen identities to obtain employment and to deceive police when arrested. Quite simply, every individual or business is vulnerable to attack when it comes to personal or corporate information, products and services (Douglas et al., 2012).
Although most people are familiar with identity theft involving some kind of financial gain, I have found that there are other kinds of identity theft that can create many more problems than just financial. less well known, are criminal identity theft, where someone who is arrested use your information, and then you become wanted for something you didn't do; medical identity theft, where someone gains accesses to your medical insurance information and uses it; tax identity theft, thieves use your tax records and steal your refund; and child identity theft, in which someone uses a child's Social Security number to commit fraud.
You are your best defense to detect identity theft, being a vigilant consumer and keeping tabs on your credit cards, bank account transactions as well as calls from collection agencies about accounts you did not sign up for will alert you. The sooner you act when you become aware, decreases the impact of the identity breach. Notifying your financial institutions is one of the first things you want to do to get eyes on what is happening. These agencies are in the best position to check and monitor your accounts for suspicious activities. Monitoring activity in your credit card and deposit accounts and your credit report is the best way to detect fraud and id theft. In many cases, id fraud is first discovered by the consumer. The sooner the fraud is detected, the lower the financial impact. Recognizing fraud means being alert to suspicious activities when it comes to your finances such as missing bills or statements, unexpected charges, denied credit, unsolicited credit cards and collection calls (Detecting Fraud, 2013). Using a credit monitoring service is another tool that can be employed to help detect identity theft. These services allow you to have easy access to your credit report so you can see any new activity when requested. Using scams as a tool to steal personal information have become increasingly sophisticated. If it sounds too good to be true, it probably is. Scams are not only limited to the internet. Criminals also use phone and email scams to gain personal information and commit fraud and identity theft. The best way to verify any calls or emails that you receive about your finances are from your financial institutional is to contact them directly. As people become aware of scams, fraudsters change their methods or come up with new scams (How to detect, 2014).
There is a feeling of shock when someone realize that they have been a victim of identity theft, but once you get a hold of yourself recovery is the next step in the process of regaining control of your life. Identity Theft Recovery is a detailed process and requires constant vigilance and can take a very long time to recover from. Once you have been a victim there is very little trust and faith in the system. As a result you become more cautious and somewhat paranoid about your personal information. One of the most important things to do when recovering from identity theft is to act quickly. Reporting the theft to the right agencies is essential. Filing an identity theft complaint with the FTC and your local law enforcement agencies, this will help aid in the recovery process. Begin monitoring your credit report and managing any financial damages that have been done. Since most identity theft is actually discovered because of the financial damage that occurred this is a very important step in your recovery.
Don't get complacent, once your identity is repaired. One mistake that identity theft victims make is assuming that once they've cleaned up the damage done by identity theft, it's over. Not true. In fact, it's not all that uncommon for identity thieves to strike the same victims over and over again. To prevent thieves from striking repeatedly, you need to continue to monitor your credit and be vigilant against future identity theft attacks (Ledford, 2014). Identity thieves are most often people who are linked to other criminal activities, which mean there is a potential for you information to be linked to other nefarious acts. Victims have to learn that there are things and steps you can take to help in recovery once you have been a victim of identity theft. These steps listed below help in getting your life back sooner.
' Contact the three credit bureaus, Experian??, TransUnion?? and Equifax??, and place a fraud alert on your credit reports.
' File a police report and an Identity Theft Complaint with the Federal Trade Commission (FTC) if you become a victim.
' Never pay a bill you don't owe.
' If you suspect someone else may be using your driver's license number, contact the Department of Motor Vehicles (DMV) and ask to speak with a fraud investigator.
' Getting a new Social Security number is an option for identity theft victims, but a clean record is often a red flag for creditors.
' Keep in mind, as a victim, that the recovery process can be long and stressful. Seek support from your family, friends and a counselor.
' If you are actively recovering from identity theft, keep a log of your contacts, conversations, requests and other important information related to your case (Identity Recovery, 2011).
It clearly is going to cost you time and money to clear up the aftermath of being a victim of identity theft. But your liability for charges can be limited if you report any problems promptly. For credit cards, if you report the loss before the credit card is used, the card issuer cannot hold you responsible for any unauthorized charges. Be aware that ATM and debit cards do not allow the same protections as credit cards. If you fail to report unauthorized charges within a timely manner, you could be held liable for the charges. If you report an ATM or debit card missing before it is used without your permission, your financial institution cannot hold you responsible for any unauthorized withdrawals. For checks, most states hold the bank responsible for the losses from a forged check. However, you may be held liable for the forgery if you do not notify the bank in a timely manner that a check was lost or stolen, or if you do not monitor your account statements and promptly report an unauthorized transaction. (Identity Theft, 2014).
The lesson learned through this process is that no one is immune to identity theft and fully understanding the importance of safeguarding your personal information. However we all have a responsibility to make every effort to reduce access of personal information by unauthorized personnel. Being proactive and security conscious will go a long way in safeguarding your personal information. Credit monitoring services and other services help to deter criminals. Criminals are not easily deterred in their efforts to gain access to protected information and are willing to use a variety of methods to achieve their goal. Early detection is a factor in reducing the impact that identity theft. The reality of identity theft is that there is value in our personal information so we have to make every effort to protect it.
Anderson, K. B.; Durbin, E.; & Salinger, M. A. (2008). Identity Theft. The Journal of Economic
Perspectives 22.2: 171-192
Brynko, B., & Ebbinghouse, C. (2005) Another Phine Kettle of Phish: Identity Theft Prevention.
Searcher 13.10: 16-26.
Detecting Fraud and Identity Theft. (2013). Retrieved from
DiGangi, C. (2013). These Identity Theft Statistics Are Even Scarier Than You'd Expect.
Retrieved from http://www.dailyfinance.com/2013/12/31/scariest-identity-theft-statistics/
Douglas, R., Britt, P., Palmer, J., Lubsen, K., & Lodrick, K., (2012). Identity Theft Victim
Statistics. Retrieved from http://www.identitytheft.info/victims.aspx
How to Detect Fraud & Identity Theft. (2014) Retrieved from
Identity Recovery Checklist. (2011). ConsumerInfo.com, Inc. Retrieved from
Identity Theft Recovery Guidelines. (2014). Retrieved from
Ledford, J. (2014). Steps to Recovering Your Identity After Identity Theft. Retrieved from
Milne, G.R. (2003). How Well Do Consumers Protect Themselves from Identity Theft? The
Journal of Consumer Affairs 37.2: 388-402.
O'Neill, B., & Xiao, J. J. (2005). Consumer Practices to Reduce Identity Theft Risk: An
Exploratory Study. Journal of Family and Consumer Sciences 97.1: 33-38.
Sovern, J. (2004). Stopping Identity Theft. The Journal of Consumer Affairs 38.2: 233-243.
Source: Essay UK - http://www.essay.uk.com/free-essays/information-technology/identity-theft.php
Not what you're looking for?
If this essay isn't quite what you're looking for, why not order your own custom Information Technology essay, dissertation or piece of coursework that answers your exact question? There are UK writers just like me on hand, waiting to help you. Each of us is qualified to a high level in our area of expertise, and we can write you a fully researched, fully referenced complete original answer to your essay question. Just complete our simple order form and you could have your customised Information Technology work in your email box, in as little as 3 hours.
Solving Identity Theft
Identity theft is the information age's new crime. A criminal collects enough personal data on the victim to impersonate him to banks, credit card companies and other financial institutions. Then he racks up debt in the victim's name, collects the cash and disappears. The victim is left holding the bag.
While some of the losses are absorbed by financial institutions--credit card companies in particular--the credit-rating damage is borne by the victim. It can take years for the victim to completely clear his name.
So far, we've seen several "solutions" to this problem: forcing companies to disclose when they lose personal information, forcing companies to secure personal information, forcing financial institutions to enhance their authentication procedures. Unfortunately, these won't help.
To see why, we need to start with the basics. The very term "identity theft" is an oxymoron. Identity is not a possession that can be acquired or lost; it's not a thing at all. Someone's identity is the one thing about a person that cannot be stolen.
The real crime here is fraud--more specifically, impersonation leading to fraud. Impersonation is an ancient crime, but the rise of information-based credentials gives it a modern spin.
A criminal impersonates a victim online and steals money from his account. He impersonates a victim in order to deceive financial institutions into granting credit to the criminal in the victim's name. He impersonates a victim to the post office and gets the victim's address changed. He impersonates a victim in order to fool the police into arresting the wrong man. No one's identity is stolen; instead, identity information is being misused to commit fraud.
Such crime involves two very separate issues. The first is the privacy of personal data. Personal privacy is important for many reasons, one of which is impersonation and fraud. As more information about us is collected, correlated and sold, it becomes easier for criminals to get their hands on the data they need to commit fraud.
This is what you read about in the news: personal information stolen from companies, banks, universities, government databases.
But data privacy is about more than just fraud. Whether it is the books we take out of the library, the Web sites we visit or the contents of our text messages, most of us have personal data on third-party computers that we don't want made public. The posting of Paris Hilton's phone book on the Internet is a celebrity example of this.
The second issue is the ease with which a criminal can use personal data to commit fraud. It doesn't take much personal information to apply for a credit card in someone else's name. It's not that hard to conduct fraudulent bank transactions in someone else's name.
And it's surprisingly easy to get an identification card in someone else's name. Our current culture, where identity is verified simply and sloppily, makes it easier for a criminal to impersonate his victim.
Proposed fixes tend to concentrate on the first issue--making personal data harder to steal--whereas the real problem is the second. If we're ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.
Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial institutions. That means that any solution can't involve the account holders.
That leaves only one reasonable answer: financial institutions need to be liable for the cost of fraudulent transactions. They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions.
They should not be able to demand that the user must keep his password secure or his machine virus-free. They should not be able to require the user to monitor his accounts for fraudulent activity, or his credit reports for fraudulently obtained credit cards. Those aren't reasonable requirements for most users. The bank must be responsible, regardless of what the user does.
If you think this won't work, look at credit cards. Credit card companies like American Express are generally liable for all but the first $50 of fraudulent transactions. They're not hurting for business; and they're not drowning in fraud either.
They've developed and fielded an array of security technologies designed to detect and prevent fraudulent transactions. They've pushed most of the actual costs onto the merchants. And almost no security centers around are trying to authenticate the cardholder.
That's an important lesson. Identity theft solutions focus much too much on authenticating the person. Whether it's two-factor authentication--ID cards, biometrics, or whatever--there's a widespread myth that authenticating the person is the way to prevent these crimes.
But once you understand that the problem is fraudulent transactions, you quickly realize that authenticating the transaction, not the person, is the way to proceed.
Again, think about credit cards. Store clerks barely verify signatures when people use cards. People can use credit cards to buy things by mail, phone or Internet, where no one verifies the signature or even that you have possession of the card.
Even worse, no credit card company mandates secure storage requirements for credit cards. They don't demand that cardholders secure their wallets in any particular way. Credit card companies simply don't worry about verifying the cardholder or putting requirements on what he does. They concentrate on verifying the transaction.
This same sort of thinking needs to be applied to other areas where criminals use impersonation to commit fraud. I don't know what the final solutions will look like, but I do know that once financial institutions are liable for losses due to these types of fraud, they will find solutions.
Maybe there will be a daily withdrawal limit, like there is on ATMs. Maybe large transactions will be delayed for a period of time, or will require a call-back from the bank or brokerage company. Maybe people will no longer be able to open a credit card account by simply filling in a bunch of information on a form.
Likely the solution will be a combination of solutions that reduces fraudulent transactions to a manageable level, but we'll never know until the financial institutions have the financial incentive to put them in place.
Right now, the economic incentives result in financial institutions that are so eager to allow transactions--new credit cards, cash transfers, whatever--that they're not paying enough attention to fraudulent transactions. They've pushed the costs for fraud onto the merchants.
But if they're liable for losses and damages to legitimate users, they'll pay more attention. And they'll mitigate the risks. Security technologies can work wonders in preventing identity theft, once the economic incentives to apply them are there.
By focusing on the fraudulent use of personal data, I do not mean to minimize the harm caused by other misuse of third-party data and violations of privacy. I believe that the U.S. would be well-served by a comprehensive Data Protection Act such as exists in the European Union. However, I do not believe that a law of this type would significantly reduce the risk of fraudulent impersonation.
To mitigate that risk, we need to concentrate on detecting and preventing fraudulent transactions. We need to make the entity, which is in the best position to mitigate the risk, responsible for that risk. And that means making the financial institutions liable for fraudulent transactions.
Doing anything less simply won't work.
Categories: Computer and Information Security, Identity Theft