Fear of Cyber-Identity Theft
1
RUNNING HEAD: Fear of Cyber-Identity Theft
Fear of Cyber-Identity Theft and Related Fraudulent Activity
Lynne D. Roberts
1
, David Indermaur
2
and Caroline Spiranovic
3
Please address all correspondence to the first author: Lynne Roberts
1
Dr Lynne Roberts, Senior Lecturer, School of Psychology and Speech Pathology, Curtin Health Innovation
Research Institute, Curtin University, GPO Box U1987, Perth Western Australia 6845
Lynne.Roberts@curtin.edu.au
Tel: +61 8 9266 7183.
Fax: +61 8 9266 2464
2
Dr David Indermaur, Associate Professor, Crime Research Centre, University of Western Australia, 35 Stirling
Highway, Crawley WA 6009.
David.Indermaur@uwa.edu.au. Tel: +61 8 6488 3840.
3
Dr Caroline Spiranovic, Research Assistant Professor, Crime Research Centre, University of Western Australia, 35
Stirling Highway, Crawley WA 6009.
Caroline.Spiranovic@uwa.edu.au Tel: +61 8 6488 2830
Fear of Cyber-Identity Theft
2
Abstract
Identity theft and related fraudulent activities affect approximately one in twenty-five adults each
year across western societies. The Internet provides a new avenue for obtaining identity tokens
and identifying information and increases the scale on which identity theft can be perpetrated.
Recent research has suggested that fear of these types of crimes now matches or exceeds the fear
of traditional place-based crimes, and has the potential to curtail online activities and hinder the
further development of e-commerce applications. In this paper we conduct exploratory research
identifying predictors of fear of cyber-identity theft and related fraudulent activities, based on the
analysis of items included in the Australian Survey of Social Attitudes (2007). Fear was
predicted by a generalised fear of crime component and a specific internet exposure component.
Traditional predictors of fear of crime were insignificant or weak predictors, highlighting the need for
further research.
Keywords: fear of crime; cyber-identity theft; fraud; cyber-victimisation; identity theft
Fear of Cyber-Identity Theft
1
Fear of Cyber-Identity Theft and Related Fraudulent Activity
The Internet provides new opportunities for criminal activities. It may be used to support
existing criminal activities, provide new ways of conducting existing criminal activities, extend
the geographic reach of criminal activities or create new types of criminal activity (Savona &
Mignone, 2004). One type of cyber-criminal activity that is frequently featured in the media is
cyber-identity theft and related fraudulent activity. The Internet enables an extension from
‘traditional’ identity theft (the misappropriation of identity tokens such as credit cards through
non-technical means such as mail theft) to the online harvesting of identity tokens, potentially on
a larger scale due to information and communication technologies increasing the ease and
reducing the costs (time, financial and location) of data acquisition. Further, the Internet provides
the means for conducting fraudulent activity with the stolen identity tokens, including online
banking and e-commerce.
In this paper we first examine what is currently known about cyber-identity theft.
Information on the incidence of identity theft and related fraudulent activity across three
countries, the United States, United Kingdom and Australia is presented. This analysis highlights
the difficulty of determining the percentage of this activity that is cyber-related. We then
examine fear of cyber-identity theft and related fraudulent activity, situating our discussion
within the body of literature concerning fear of traditional place based crimes. In the body of this
article we examine possible predictors of fear of cyber-identity theft and related fraudulent
activity. Three categories of predictors are considered. The first relates to demographic variables,
the second to fear of traditional crime and the third to levels of access and activity on the
Internet. It appears that traditional demographic predictors of fear of crime victimisation, such as
Fear of Cyber-Identity Theft
2
age and gender, are poor predictors of fear of cyber-identity theft victimisation. In contrast, fear
of physical place-based crime and internet use variables were relatively stronger predictors of
fear of cyber-identity theft. These results suggest that to comprehensively understand the nature
of the fear of cyber-identity theft and related fraudulent activity a research program incorporating
investigations at both quantitative and qualitative levels is needed.
Cyber-Identity Theft
Cyber-identity theft
4
involves the online misappropriation of identity tokens. Common
online identity tokens include email addresses, web-pages and the combination of username and
password used to access systems such as online banking. Traditional identity tokens can also be
harvested online and include name, contact details (address, telephone number), tax file numbers
and social security numbers. These identifiers are sufficient for an individual to obtain a credit
card in the victim’s name (Sweeney, 2006).
Cyber-identity theft typically combines the affordances of new Information and
Communication Technologies (ICTs) with social engineering and includes methods such as
hacking, phishing, pharming, traffic redirectors, advance-fee frauds, fake taxation forms,
keyloggers and password stealers (Paget, 2007). Hacking has been employed successfully to
obtain mass identifying information, including the account information held by Card Systems
Solutions for 40 million credit card customers (Haygood & Hensley, 2006). The ease of
obtaining identity tokens and identifying information online changes the scale on which identity
theft can be perpetrated, expanding the range of potential victims (Finch, 2007; Marshall &
Tompsett, 2005).
4
A detailed exploration of cyber-identity theft is beyond the scope of this paper. For a review see Roberts (2008).
Fear of Cyber-Identity Theft
3
The number of individuals directly affected by cyber-identity theft remains difficult to
estimate, partly because most victims of identity theft and related fraudulent activity are unaware
of how the perpetrator obtained their identity tokens or identifying information. Whilst the
individual knows they have been the victim of a fraud they remain unaware of whether this was
as a result of an on-line breach or through some off-line means. For example, Synovate (2007)
reported that the majority (56%) of identity fraud victims did not know how their identity
information was obtained. In 2001 a US Federal Trade Commission director claimed that less
than one per cent of reported cases of identity fraud could be linked to the Internet (Verton,
2001). Similarly, the results from the Pew Internet Tracking Report (Fox, 2001) indicated that
only 8% of identity theft victims indicated the Internet might have been involved. Despite the
technological and personal factors conducive to cyber-identity theft, at present offline identity
theft appears to be the most commonly utilised form of identity theft, although this may change
in the future.
While the proportion of identity theft and related fraudulent activity attributable to the
Internet is unknown, population surveys conducted over the last decade are providing estimates
of the proportion of the population affected by identity theft and related fraudulent activity of all
types. Available estimates from the US, UK and Australia are reviewed below. While these
prevalence statistics provide an indication of the extent of the problem of identity theft, White
and Fisher (2008) caution that our knowledge of identity theft is hampered by variations in
definitions used and reporting practices.
In the US, major population surveys on identity theft have been conducted by two
organisations, Synovate (for the Federal Trade Commission) and Javelin Strategy and Research.
Questions on identity theft have also been included in the National Crime Victimization Survey.