Ide ty Thef entit T ft Lit ture Re w terat e eview Vinod K Kumar, MS080 055 Identity thef is the faste growing white-collar crime. ft est r Identity thef and identi fraud are terms used to refer ft ity to all types of crime in w which someo wrongfu one ully obtains and uses anothe person’s p d er personal dat in ta some way th involves f hat fraud or dec ception, typi ically for economic ga In this r gain. review I have presented some of the cases if identity thef and tried t classify th f ft to hem according to their purpose and the harms cause o ed because of i it. 01-Oct-11

IISER Mohali Table of Contents Introduction:……………………………………………………………………………………………………………………………. 2 Types of Identity Theft …………………………………………………………………………………………………………….. 2 Did privacy cause identity theft? – Lynn Lopucki …………………………………………………………………….. 3 An Evaluation of Identity-Sharing Behavior in Social Network Communities –Stutzman ……………… Human Identification Theory and the Identity Theft Problem – Lynn Lopucki……………………………… 4 Case study : Identity theft used in Financial scams …………………………………………………………………… 5 Cyber Security- Identity Theft Protection in the High Tech World : Allen Cummings ………………….. 6 ii IISER Mohali Page 1 Identity Theft Introduction Introduction: Identity theft is the act of using someone else’s personal information, or their actual identity for personal gain. Identity theft is defined as any unauthorized usage of another’s personal information with a fraudulent intention1. Frighteningly it happens without you even knowing it and once you have become aware of it, in most cases the damage has already been done. Identity theft is a product of the new age of information technology and as such fits nicely into the literature of opportunity theory in criminology which examines how offenders take advantage of new (and old) ways of doing business and conducting the affairs of everyday life2.

It is the world’s fastest growing white-collar crime1. Contrary to what the crime sounds like, it is not necessary that a person’s complete identity be taken over in order for the theft to be committed. This personal information may include items such as credit cards, social security numbers, and/or state issued forms of identification Types of Identity Theft Although there are many different methods that one can utilize to rip someone off in an identity theft type scam, there are really only two basic types of actual identity theft 1.

Account takeover: – It is a situation when a thief gets hold of someone’s actual physical credit card, or perhaps just the card number and expiry date, using it to purchase services or products. This works out extremely well for the thief, as the credit card owner doesn’t usually notice the additional purchases until they either receive their monthly statement in the mail or have attempted to use the card and found that it has reached the maximum limit allowed. 2.

Application fraud (true name fraud):-In order for a thief to be successful at application fraud, they must have access to a good deal of someone’s personal information such as full name, address, place of work, salary, driver’s license number, date of birth etc. Of course not all of these pieces of information would be necessary for a thief to get away with application fraud but certainly a combination of some of the above would be required. Identity theft can happen in a variety of ways, but the basic elements are the same.

Criminals first gather personal information, either through low-tech methods such as stealing mail or workplace records, or “dumpster diving,” or through complex and high-tech frauds such as hacking and the use of malicious computer code. These data thieves then sell the information or use it themselves to open new credit accounts, take over existing accounts, obtain government benefits and services, or even evade law enforcement by using a new identity.

Often, individuals learn that they have become victims of identity theft only after being denied credit or employment, or when a debt collector seeks payment for a debt the victim did not incur. There are several methods of Identity theft4 which will be discussed in details in my full term paper. ii IISER Mohali Page 2 Literature Review Did privacy cause identity theft? – Lynn Lopucki In his article “Did Privacy Cause Identity Theft? ” Author Lynn LoPucki claims that the problem of identity theft that we have today is directly due to the increased privacy that various laws have given us in the past several years.

He says that as recently as the ’70s, identity theft was very hard for a criminal to pull off because there was so much public information about our identities. And because identity thieves need privacy to commit their crimes, the very privacy that we think is making things better for us has actually made it easier for identity theft to happen. There’s certainly a correlation between the proliferation of privacy laws and identity theft, but attributing the identity theft to the laws may be an example of post hoc reasoning.

It seems to me that the ways in which identities were verified in the past didn’t really take advantage of the additional information that was available at the time, even though it was available. Instead of believing that our higher level of privacy has caused the higher rates of identity theft that we see today, I’d guess that it’s just a case of criminals using the technology that’s available to them. At the same time that stricter privacy laws made it easier for identity thieves to commit identity theft, information technology also proliferated.

When this happened, there was much more information available to identity thieves, so they naturally used this information to commit identity theft. I’d guess that’s why identity theft is a bigger problem today than it once was, and that the increased amount of identity theft isn’t related to the stricter privacy laws at all. On the other hand, I could be wrong. If that’s the case, then I would expect LoPucki’s model to predict that identity theft will decrease over the next several years as the proliferation of social networking web sites provides a handy source for lots of public information about our identities.

Or I would expect his model to predict that users of social networking web sites suffer less identity theft than people who don’t. I don’t believe that either of these will turn out to be true. An Evaluation of Identity-Sharing Behavior in Social Network Communities – Stutzman -Though academic institutions have been working to protect student identities, their work is increasingly being undermined by social networking communities (SNCs). The goals of this study were twofold: obtaining quantitative data about SNC participation on college campuses, and analyzing member attitudes pertaining to SNC participation and online identity sharing. This data was gathered from the perspective of an outsider to these ii IISER Mohali Page 3 communities. -A random survey of 200 students (38 of whom responded) inquired about the specifics of their involvement in SNCs as well as their feelings regarding online identity sharing. The researcher then created a disclosure matrix for each participant by examining the data made available in their SNC profiles. Limitations: Small sample size, internet survey may be biased toward the tech-savvy, outsider status, lexical differences in coding identity elements of the SNCs (favorite movies, sexual orientation, academic status, etc;). Findings -71% involvement in SNCs: 90% of undergrads, 44% of grads. -Most popular was Facebook (90% of undergrads), followed by Friendster and MySpace. -Though participants expressed doubt that their identity information was protected online (2. 66 on a 5-point Likert scale), they were nevertheless okay with friends accessing this information (4. 55), but markedly less so with strangers (3. 5). -Information of particular interest: location, sexual orientation, political status -Urges discussion of new identity disclosure threats posed by SNCs. The very small sample size of this study makes it almost entirely worthless to review, but it is worth noting that academic institutions are working to protect the identities of their students. In another vein, the enormous discrepancy between SNC participation by undergrads and that of graduate students suggest that the undergraduate community may possess certain qualities or needs that SNCs fulfill, such as maintaining high school ties.

Seeing as identity disclosure would seem to be a pertinent issue, it would be interesting to reassess users’ feelings on the matter now that SNCs have become both mainstream and problematized by media discourse Human Identification Theory and the Identity Theft Problem – Lynn Lopucki The biggest reason that data breaches are a problem is that the sensitive data that they expose can be used for identity theft. According to the analysis by legal scholar Lynn LoPucki in “Human Identification Theory and the Identity Theft Problem,” the reason that identity theft causes so much trouble can be traced back to the Fair Credit Reporting Act.

Here is why he claims this : The impersonated victims in these scenarios are not liable for the obligations incurred in their names. Thus, the resulting credit reports are false. Nevertheless, those victims have no legal remedy for the false reporting if the credit-reporting agency followed “reasonable procedures. ” Federal law exempts both creditors and credit-reporting agencies from liability for their false statements about the victims of identity theft. ii    IISER Mohali Page 4 He then says The credit-reporting agency’s only duty is to “reinvestigate” – if and when the person reported on demands it.

In practice, the credit-reporting agency “reinvestigates” by sending the victim’s complaint and the disputed information to the creditor who initially furnished the information. The creditor who reconfirms false information is theoretically liable for its error. To activate this duty, however, the consumer must furnish the same information twice – once top the credit-reporting agency to force reinvestigation and a second time to the creditor “at the address specified” to alert the creditor to its error.

And even a victim who has furnished the information to both still has no direct remedy against the creditor for repeating the falsehood. Only certain federal or state agencies can seek a remedy, and, for various reasons, none is likely to do so on the complaint of a particular victim. Thus, shielded from liability, creditors and credit-reporting agencies who have misreported on an impersonated victim remain in a position of power with respect to that victim. The victim desperately needs to correct the records of the creditors and credit-reporting agencies involved so that he or she can obtain or preserve credit.

The creditors and credit-reporting agencies, by contrast, need only maintain procedures sufficiently reasonable to avoid the wrath of public enforcement agencies. In other words, the FCRA makes it unnecessarily difficult for consumers to deal with the problems that identity theft causes because the very creditors and credit-reporting agencies that they need to deal with to do this have no incentive to help them resolve these problems. There’s lots of talk these days about what the government should or should not do about data breaches and the identity theft that it causes.

Perhaps fixing the system that they caused by the FCRA would be a good first step. Case study: Identity theft used in Financial scams Knueppel also offered the theory that retired people are more vulnerable to the schemes because they’re at home during the day to take the calls. He said he had recently retired from the state health department when he took a call from a telemarketer promising a low-interest credit card with a $5,000 limit. All Knueppel had to do to get the card was give the telemarketer his bank account information so that a $189 entry fee could be deducted.

Knueppel said he’d never really had credit cards, but he let his guard down with the offer because he perceived that retirement would mean money problems. And with family members in the Midwest, he wanted a credit card in case he needed to fly to see them in an emergency, he said. “I allowed myself to listen to the spiel,” he said. “I more or less dropped my defenses. ” The promised credit card never came, Knueppel said, and he “just kind of wrote it off as a bad experience” until postal inspectors contacted him after finding his name on the list of a fraudulent company they’d just busted.

Schemes like the one Knueppel encountered are called “advance-fee” schemes and involve a telemarketer asking for bank account information to obtain an entry fee before a credit card is sent out. ii    IISER Mohali Page 5 One of the largest fraudulent telemarketing operations to be dismantled was the First Capital Consumers Group, which operated out of Toronto until charges were brought against it two years ago, said the Postal Inspection Service, which investigated First Capital along with the Federal Trade Commission.

That company targeted American consumers with poor credit histories, defrauding them of more than $8 million, Brady said. First Capital and other fraudulent telemarketing companies often follow up their phony offers by sending customers what Brady said amounted to junk mail – not the credit cards they were promised. Paul Schroeder, whose office was in Bel Air, was accused in a civil complaint of mailing items on behalf of First Capital and other fraudulent telemarketing companies. In August, Schroeder agreed in U. S. District Court to turn over $1. million in assets that will be used to make restitution to his victims, according to the Federal Trade Commission. Source: Baltimore Sun: http://www. baltimoresun. com/news/local/balbz. md. fraud06oct06,1,3551697. story? coll=bal-local-headlines Cyber Security- Identity Theft Protection in the High Tech World : Allen Cummings In ” Cyber Security- Identity Theft Protection in the High Tech World”, Allen provides practical solutions to identity theft including step-by-step guides to detecting high tech malware & spyware; and guides for setting up fraud alerts with credit reporting agencies.

He also provides sample forms to be used in the event of identity theft and the actions to take to repair the damage if the worst happens After news reports in 2010 of the massive theft of thousands of identities from Lush Cosmetics, anyone previously unconcerned about identity theft should probably reconsider. Cyber Security offers insights not only into how such thefts happen but also how to protect yourself. The good news is that you can reduce the odds of having your identity stolen. The bad news is that it’s almost impossible to protect yourself completely.

Allen Cummings uses his own personal experiences as an identity theft victim, anecdotes of actual cases and fictional scenarios that ring all too true, to show how easy it is to become a victim of this crime. There are many frighteningly easy ways in which someone’s identity can be stolen and used to run up thousands of dollars in credit card debt, run real estate scams, drain bank accounts dry, and end up as a front for bankruptcy filings that leave innocent victims scrambling to clear their names and credit records. ii IISER Mohali Page 6

One of the cases cited by Allen is that of an Australian property investor living in South Africa in 2010. He had one of his investment properties in Perth stolen by identity thieves and sold for $500,000 and a second property was about to be sold… all without his knowledge or consent! The theft was discovered when a neighbor of a second investment property just listed for sale, asked the owner for the selling price of the property. The shocked owner advised the neighbor that the property was not for sale… to which the neighbor replied that the property had been on the market for weeks and many people were interested in buying the property.

Confused, the owner contacted the real estate agent and demanded answers. The agent argued that he had received e-mailed instructions and signed legal documents from the owner to sell each of the two properties for the very low price of $500,000 each. The sale documents on the first property had been signed, contracts exchanged and the sale was settled a month earlier. The sale on the second property had also been signed off, the contracts exchanged and the second sale was about to be settled. The sale on this property was stopped immediately and the owner contacted the banks to cancel the processing of any funds.

Police were informed and their investigations found that overseas identity thieves had accessed his Facebook account and extracted his private information. Then they hacked his email and convinced the real estate agent that they were the real owners of the property. The property agent and conveyance company did their usual legal searches and as a result processed the sale. The proceeds for the sale of the first property were transferred electronically to an overseas bank account. This is just one case of identity thieves using high technology to access unsecured databases and steal the sensitive information of customers.

The Australian police have advised the owner that under current Australian law, the identity thief is outside their jurisdiction and that they could not recover the funds. The only option the owner has at his disposal is to take civil actions against all the parties involved in the transaction. Allen cautions readers to be wary of their personal information on Facebook or any other social networking site. It offers lists of ways to safeguard your private data from money-hungry identity thieves.

Of course everyone knows that you should never give out your Social Security number; never throw away credit card offers unless they have been shredded etc. At the same time many people fall victim to high tech identity thieves by putting too much private information on the Internet; or by not ensuring that their computers are secured; or by falling victim to online scams. Allen Cummings is a highly qualified professional accountant with 30+ years’ experience in accounting and information technology. Further, he speaks from experience because in the 1990s he himself became a victim of identity theft. i IISER Mohali Page 7 References 1. 2. 3. 4. 5. 6. 7. IDENTITY THEFT and IDENTITY FRAUD , Saul S. Le Vine Arthur M. Magaldi, Journal of Business and Behavioral Sciences Volume 21, No. 1, Fall 2009 (Felson 1998; Felson and Clarke 1998) Did privacy cause identity theft? – Lynn Lopucki An Evaluation of Identity-Sharing Behavior in Social Network Communities – Stutzman Human Identification Theory and the Identity Theft Problem – Lynn Lopucki Case study: Identity theft used in Financial scams Cyber Security- Identity Theft Protection in the High Tech World : Allen Cummings ii IISER Mohali Page 8