Showing papers on "Identity theft published in 2004"

Client-Side Defense Against Web-Based Identity Theft.

Abstract: Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information We discuss some aspects of common attacks and propose a framework for client-side defense: a browser plug-in that examines web pages and warns the user when requests for data may be part of a spoof attack While the plugin, SpoofGuard, has been tested using actual sites obtained through government agencies concerned about the problem, we expect that web spoofing and other forms of identity theft will be continuing problems in

Consumers’ Protection of Online Privacy and Identity

Abstract: This article examines online behaviors that increase or reduce risk of online identity theft. The authors report results from three consumer surveys that indicate the propensity to protect oneself from online identity theft varies by population. The authors then examine attitudinal, behavioral, and demographic antecedents that predict the tendency to protect one's privacy and identity online. Implications and suggestions for managers, public policy makers, and consumers related to protecting online privacy and identity theft are provided. ********** Identity theft, defined as the appropriation of someone else's personal or financial identity to commit fraud or theft, is one of the fastest growing crimes in the United States (Federal Trade Commission 2001) and is increasingly affecting consumers' online transactions. In the discussion of identity theft, the Internet represents an important research context. Because of its ability to accumulate and disseminate vast amounts of information electronically, the Internet may make theft of personal or financial identity easier. Indeed, online transactions pose several new threats that consumers need to be vigilant of, such as the placement of cookies, hacking into hard drives, intercepting transactions, and observing online behavior via spyware (Cohen 2001). Online identity theft through the use of computers does not necessarily have real space analogs as exemplifed by techniques of IP spoofing and page jacking (Katyal 2001). Recent instances of online identity theft appearing in the popular press include a teenager who used e-mail and a bogus Web page to gain access to individuals' credit card data and steal thousands of dollars from consumers (New York Times 2003), and cyber-thieves who were able to access tens of thousands of personal credit reports online (Salkever 2002). The purpose of this article, as depicted in Figure 1, is to explore the extent to which consumers are controlling their information online and whether privacy attitudes, offline data behaviors, online experience and consumer background predict the level of online protection practiced. There is an explicit link being made by privacy advocates that suggests controlling one's information is a step toward protecting oneself from identity theft (Cohen 2001; Federal Trade Commission 2001). To evaluate the level of customer protection, we analyze survey results of consumer online behaviors, many of which are depicted in Figure 1, and investigate their relationship to antecedent conditions suggested in the literature. [FIGURE 1 OMITTED] In particular, we address the following research questions: What is the relationship between offline data protection practices and online protection behavior? What is the relationship between online shopping behaviors and online protection behavior? What is the relationship between privacy attitudes and online protection behavior? What is the relationship between demographics and online protection behavior? The remainder of this article is organized in four sections. We begin in the first section by reviewing the risks consumers face online and the steps they can take to minimize their risk of privacy invasion and identity theft. In the second section, we describe three surveys of consumers' online behaviors related to online privacy and identity theft. We discuss the results in the third section and implications for managers, public policy makers, and consumers in the fourth and final section. ONLINE PRIVACY AND IDENTITY THEFT While identity theft has caught the government's, businesses', and the public's attention (Hemphill 2001; Milne 2003), the empirical scholarly literature in this area is limited to the closely related issue of online privacy. Research has measured consumers' concern for online privacy (Sheehan and Hoy 2000), their ability to opt out of online relationships (Milne and Rohm 2000), and the extent to which businesses have implemented fair information practices through the posting of their online privacy notices (Culnan 2000; Miyazaki and Fernandez 2001; Milne and Culnan 2002). …

Method and system for identity theft prevention, detection and victim assistance

Abstract: A method and system (100) that offers an identity theft prevention/ detection service combined with, a comprehensive victim assistance program. The identity theft prevention/detection services include electronically monitoring an account associated with customer for potential fraudulent activity related to the account can be identified using fraud indicators. Once fraudulent activity (202) is determined the identity of the customer associated with the account can be verified (208) . The verification can be done using information obtained from the customer with information obtained from the account associated with the customer. A credit report (216) can be obtained and reviewed with the customer and a credit specialist (218). The specialist can be associated with a credit bureau or a commercial bureau. After reviewing the credit report, the case specialist an assist the customer in rectifying the fraudulent activity.

Smart-Phone Attacks and Defenses

Abstract: Internet has been permeating into every corner of the world and every aspect of our lives, empowering us with anywhere, anytime remote access and control over information, personal communications (eg, through smart-phones), and our environment (eg, through the use of sensors, actuators, and RFIDs) While enabling interoperation with the Internet brings tremendous opportunities in service creation and information access, the security threat of the Internet also dauntingly extends its reach In this paper, we wish to alarm the community that the long-realized risk of interoperation with the Internet is becoming a reality: Smart-phones, interoperable between the telecom networks and the Internet, are dangerous conduits for Internet security threats to reach the telecom infrastructure The damage caused by subverted smart-phones could range from privacy violation and identity theft to emergency call center DDoS attacks and national crises We also describe defense solution space including smart-phone hardening approaches, Internet-side defense, telecom-side defense, and coordination mechanisms that may be needed between the Internet and telecom networks Much of this space is yet to be explored

Method and system for reporting identity document usage

Abstract: To more rapidly redress identity theft, reports are issued to a person detailing instances in which that person's driver's license, passport, or other government-issued identification documents are presented as a form of ID. These reports can be issued periodically (e.g., integrated with monthly reports aggregating bank and brokerage account information, of the sort provided by Yahoo! and Microsoft Money software), or can be issued by email or text messaging, etc., each time an ID presentment is reported. Upon receiving a report of unfamiliar ID usage (e.g., a report that a driver's license was presented as evidence of age to purchase alcohol in a remote state), the person can take early action to redress apparent identity theft.

Exploring the Psychological and Somatic Impact of Identity Theft

Abstract: Identity theft is a new and growing form of white-collar crime. This exploratory study examined the psychological and somatic impact of identity theft and coping methods utilized by victims. Thirty-seven victims of identity theft participated in regional victim focus groups. Participants completed a victim impact questionnaire designed by the authors and the Brief Symptom Inventory-18 (BSI-18). The majority of participants expressed an increase in maladaptive psychological and somatic symptoms post victimization. Results on the BSI indicated that identity theft victims with unresolved cases, in contrast to those with resolved cases, were more likely to have clinically elevated scores when compared with a normative sample. Relatively similar coping mechanisms were utilized across victims. The results from this study suggest that victims of identity theft do have increased psychological and physical distress, and for those whose cases remain unresolved, distress is maintained over time.

System and method for customer video authentication to prevent identity theft

Abstract: A system for pre-authenticating a magnetic stripped card or smart card holder for a non-checking account transaction at the point-of-sale that includes a database that contains sensitive data, corresponding to digital photographic images of said account holders that employs a pre-authentication process whereby all account holders undergo a meticulous comparison with their submitted data against a plethora of objective public, private and internal databases culminating in a video displayed image at some point in the future enabling a merchant to make a visual comparison of the account holder either on site or during a mail order or telephone order transaction corresponding to the pre-authenticated image to prevent identity theft. While the invention has been described with respect to particular illustrated embodiments, those skilled in the art of technology to which the invention pertains will have no difficulty devising variations which in no way depart from the invention. For example, while the illustrated embodiments have been described in connection with physical links, it will be appreciated that a wireless architecture could be employed to like effect. In addition the modem illustrated in the embodiments could be replaced by embedded software in a magstripe reader or access devices that might also include smart card readers as well as in the video phone and still be employed to like effect. Furthermore voice input/output devices could be deployed during data capture at the front end. The present invention has been described with several embodiments, a plethora of changes, substitutions, variations, alterations, and transformations, and modifications may be suggested to one skilled in the art, and it is intended that the present invention encompass such changes, substitutions, variations, alterations, transformations, and modifications as fall within the spirit and scope of the appended claims.

Systems and methods for identifying and verifying a user of a kiosk using an external verification system

Abstract: The invention includes systems and methods for identifying and verifying the identity of a user of a kiosk using an external verification system. The kiosk receives customer input data that indicates the identity of the user of the kiosk. The kiosk generates an identification query that includes at least some customer input data. The kiosk transmits the identification query to an external verification system. The kiosk receives a verification response from the external verification system. The kiosk then processes the verification response to verify the identity of the user of the kiosk. These systems and methods advantageously provide identification and verification of the identity of a user of a kiosk. With sufficient identification and verification, financial institutions can comply with government regulations designed to reduce the opportunity for money laundering, terrorism, fraud, and identity theft while offering users of kiosks a wider range of financial services.

System and method for storing, creating, and organizing financial information electronically

Abstract: A system and/or method which offers customer-driven aggregation of data, with the ability to dynamically modify the filing hierarchy and to store, create and organize digital financial information. The system enables customers to establish a hierarchy of file folders, file any payment whether paper or electronic in a folder for future reference, provide secure storage for an indefinite period for any payment, including credit card payments, debit card transactions, imaged checks, electronic bill payments or account statements. As such, customers can create and change at will their file folder hierarchy and file documents with notes. Customers can set a preference for automatic filing based on pre-established criteria such as folders based standard merchant categories or by month. Customers can also ‘file’ payments when they are created or viewed in the transaction history. The systems of the exemplary embodiments provide a search function, enabling retrieval of documents based on a document storage time stamp, date last accessed, date posted, dollar amount, or by file folder, group, or category. Customers can view document access history. Further, the systems offer customers convenience, privacy, security and prevention of document loss from disaster, and protection from document or identity theft.

Authentication methods and apparatus for vehicle rentals and other applications

Abstract: An autonomous and portable smartcard reader device incorporates a high level of embedded security countermeasures. Data transfers are encrypted with two specific input devices, namely a light sensor and PIN or other keyboard entry, and at the output through the use of a dual-tone encoder-decoder. The unit may be used alone or as a plug-in to another device such as a PDA, cell phone, or remote control. The reader may further be coupled to various biometric or plug-in devices to achieve at least five levels of authentication, namely, (1) the smartcard itself; (2) the smartcard reader; (2) the PIN; (3) private-key cryptography (PKI); and (5) the (optional) biometric device. These five levels account for an extremely strong authentication applicable to public networking on public/private computers, and even on TV (satellite, cable, DVD, CD AUDIO, software applications. Transactions including payments may be carried out without any risk of communication tampering, authentication misconduct or identity theft. The invention finds utility in a wide range of applications, including commercial transactions and security, including the generation of prepaid credit/debit card numbers, vehicle rental, and other uses.

Identity Cards: Social Sorting by Database

Abstract: Identity (ID) cards connected with large-scale databases are a key item for political debate in the twenty-first century. An increasing number of countries have started to use, or are considering, national ID card systems. The attack on the USA on September 11, 2001 has prompted more to draw up such plans, for example the UK and Canada. Although not all proposals will succeed, this indicates a strong trend towards monopolizing the means of legitimate identification and regulating mobility. ID cards mark certain persons as members of a nation state and are usually intended to combat fraud and 'terrorism'. While they may contribute to law enforcement in minor ways, such as visa infractions and petty crime, it is far from proven that they can actually prevent determined violence against civilians or fraudulent activity such as identity theft. At the same time, the association of ID cards with databases means that these are systems for social sorting, permitting extensive discrimination between different populations through modes of classification that may include ethnicity and religion. The pressing challenge is to establish systems that avoid exclusionary bias and in which accountability for handling personal data is paramount. This Issue Brief gives an overview of the main social and technical issues raised by ID cards, particularly in their modern form as electronic systems linked to computer databases. It explains the nature of ID cards and answers key questions about why they are needed, whether they work and who is affected by them, before concluding with an analysis of their likely broad national and global impacts as systems of social sorting.

The role of organizations in identity theft response: the organization-individual victim dynamic

Abstract: This study considers the role of organizations in relation to identity theft from three perspectives: as a site of identity use (and misuse), as detectors of identity theft, and ultimately, as a site where a fundamental social imperative exists to ensure responsible action is taken to address this form of criminality Through investigating the organizational--individual victim dynamic, this article examines how organizations react to the possibilities of identity fraud and draws out the implications of this for individual consumers in scenarios of identity theft The evidence presented leads to a critical examination of the issues confronting organizations in seeking to anticipate and respond to these criminal acts ********** Identity theft threatens the very essence of an individual's sense of self and his or her capacity to participate in society The consequences of this form of criminality are significant and wide-ranging, with current assessments of its impacts exceeding billions of dollars each year (Cuganesan and Lacey 2003; Cabinet Office [UK] 2002; General Accounting Office [US] 1998, 2002) Available evidence indicates that identity theft is becoming increasingly attractive for perpetrators vis-a-vis other forms of crime In the United States, for example, identity theft is described as growing at a rate of 30% per year, with its losses estimated at reaching $8 billion by 2005 (Supreme Court of the State of Florida 2002) Although improved awareness and reporting may be partially responsible, these trends are nonetheless of concern to the individual consumer The loss of funds and/or other forms of property, a tarnished credit history, and a criminal record are all potential outcomes for the identity theft victim, with ongoing consequences for the ability to secure employment, obtain goods and services on credit, travel freely, and participate in the wider society in a generally unencumbered fashion In fact, merely seeking to reestablish an identity can result in ongoing denial of services for the victim, such as access to existing accounts and execution of existing contracts Investigating identity theft and the current environment of responses is thus timely Although the formulation of identity theft responses is increasingly dominating the agenda of governments, policy formulators, legislators, and researchers, often overlooked is the important function of organizations in enabling and preventing identity theft As discussed herein, the role of organizations in relation to identity theft is threefold: as a site of identity use (and misuse); as detectors of identity theft; and, ultimately, as a site where a fundamental social imperative exists to ensure responsible action is taken to address this form of criminality, an imperative based on the increasingly accepted notion that organizations are responsible for the long-term well-being and sustainability of the broader community (Executive Committee of World Business Council for Sustainable Development 2002; Maignan, Hillebrand, and McAlister 2002; Newson 2002) Consequently, it is important to consider organizational initiatives in formulating holistic policy responses to identity theft While focused on issues of identity theft, this article draws from a research program seeking to measure the nature, cost, and extent of the broader construct of identity fraud Identity theft involves an individual falsely representing him- or herself as another real person for some unlawful activity (General Accounting Office 1998; Identity Theft Assumption and Deterrence Act of 1998) In contrast, identity fraud comprises both the illegal use of a real person's identity (identity theft) as well as that of a fictitious identity (Main and Robson 2001; Cabinet Office 2002) Thus, identity theft is a narrower subset of identity fraud Of importance are the implications of this for the organizational--individual victim dynamic For the individual consumer to be impacted, the crime must be one of identity theft …

Unobtrusive user identification with light biometrics

Abstract: Biometric methods are used for recognition and verification of the identity of a person in many applications. Certain concerns over the obtrusive nature of their use, threats to privacy and even the danger of identity theft are rising. In this paper unobtrusive and privacy preserving light biometrics, such as height, weight, and body fat percentage are suggested for user identification. An experiment with 62 test subjects was conducted. In verification type of application total error rate of 11% was achieved using weight data alone and fusion with height data reduced the error rate to 2.4%. With a short list of five best scoring identities the percentage of cases with the correct identity on the list was 90% for weight alone and 100% for the combination of weight and height. The application domain for light biometrics is seen in non-security applications, such as homes, small offices and health clubs.

Identity Theft Legislation: The Fair and Accurate Credit Transactions Act of 2003 and the Road Not Taken

Abstract: This article provides a review of the Fair and Accurate Credit Transactions Act of 2003 (FACTA) as it relates to the growing problem of identity theft. The article also examines other identity theft-related proposed legislation from the 108th Congress and analyzes the effectiveness of the proposed measures. The authors conclude that FACTA represents an important step toward reducing the incidence of identity theft as well as ameliorating the damage that it causes. However, unless and until Congress addresses the extensive use and distribution of Social Security numbers and the safeguarding of data, identity theft is likely to continue to wreak financial and social havoc. ********** In recent years, the number of identity theft victims has skyrocketed as has the economic and social cost of this now-prevalent crime, and although it is difficult to quantify its precise impact, there is little doubt that identity theft is growing in frequency and severity, exacting an enormous social and financial toll (FTC 2003a, 2003b, 2003c; GAO 2002; Lormel 2002). Given the gargantuan costs of identity theft, lawmakers have not just fiddled while Rome burned. The Identity Theft and Assumption Deterrence Act (P.L. 105--318) was passed in 1998, making identity theft a federal crime, and the U.S. Patriot Act (P.L. 107--56), passed in the wake of the September 11th terrorist attacks, makes it more difficult for impersonators to open bank accounts. From the January 2003 start of the 108th Congress until this writing as of June 4, 2004, 24 bills were introduced that deal specifically with identity theft. Eventually emerging from the deluge of legislative efforts, Congress passed the Fair and Accurate Credit Transactions Act of 2003 (FACTA) (P.L. 108--159), a statute that makes permanent many uniform national standards for credit reporting as well as addressing identity theft problems at the federal level. This article provides a measure-by-measure analysis of the portions of the Act that address identity theft, as well as the many other legislative solutions that have been proposed to combat this particularly insidious consumer problem. We evaluate the extent to which each part of FACTA is likely to be effective in combating identity theft, and make similar evaluations about the bills that have yet to pass congressional muster. Of course, the article does not discuss every detail of the Act or of every bill. Instead, the major provisions and their likely effects are analyzed. Such an assembly of information enables a quick comparison between the route that U.S. legislators have chosen and the road not taken, with the alternatives not selected perhaps having as much effect on consumers as the statute that was actually passed. THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT OF 2003 (P.L. 108--159) Signed by President Bush on December 4, 2003, FACTA attacks identity theft on many fronts, including compulsory credit card number truncation on receipts, mandates to card issuers to investigate change of address and new card requests, fraud alert requirements by credit reporting agencies, mandatory blocking of identity theft-related information on credit reports, and free annual credit reports. The statute also requires credit reporting agencies to divulge consumer credit scores, provides for the improvement of the resolution process once identity theft has occurred, and includes several measures limiting the sharing of medical information in the financial system. The statute substantially improves the balance of power between identity thieves and consumers and addresses many of the most pressing concerns. Below we detail each of FACTA's major identity theft provisions. Credit Reporting Agencies Required to Add a Fraud Alert on Request FACTA requires credit reporting agencies to include a fraud alert in their files upon request by a consumer. A fraud alert is simply a statement that some information in the report may be based on identity theft. …

Identity Theft: Myths, Methods, and New Law

Abstract: I. INTRODUCTION For centuries, philosophers have considered the concept of human identity, (1) a notion that refers to an individual's sense of "self" and distinguishes one individual from another. In modern society, not only does one's identity--and the ability to prove it--serve to distinguish one person from another, but it also plays an obvious role in many of today's commercial and personal transactions. Doctors need to disclose medical records only to their patients; buyers of real estate need to know that the persons signing the deed really are the ones who own the property; vendors need to know that the person purporting to purchase product on behalf of a company really is the employee authorized to do so; governments need to know that the person claiming benefits is the person entitled to them; and police need to know who they are actually arresting. Identity theft has been described as one of the "fastest growing crimes in the nation," (2) and "the crime of the new millennium." (3) If so, certainly there is a need to understand what identity theft is and its legal underpinnings. Hence, this article is intended to explain what identity theft is, how it happens and legal responses to it. This article includes an extensive discussion of the latest federal response, the Fair and Accurate Credit Transactions Act of 2003 ("FACT"), as well as a discussion of state statutory and common laws. Finally, the article ends with suggestions for how to avoid identity theft. In one sense there is nothing new here given that determining with whom one is really dealing has always been important. However, making that determination becomes more complex when e-commerce is involved (4) because there is no face-to-face interaction and documents, such as a driver's license picture or handwritten signature, cannot be easily examined. Data can be collected that tends to identify a person, such as a social security number, telephone number, maiden name, birth date and the like. However, laws increasingly restrict that collection, and some identifiers may be public information or discoverable with an ease that may make the information of questionable use. This situation provides opportunity for illegal activity which can be exacerbated in electronic settings. The reality, however, is that the opportunity for identity theft has always existed and that "offline" methods for illegal activities cannot be ignored. For example, a 2003 Federal Trade Commission ("FTC") survey indicated that "a lost or stolen wallet or pocket book, or theft of the victim's mail including lost or stolen credit cards, checkbooks, and social security cards," were the most commonly mentioned ways that an identity thief obtained information. (5) This was 25% of those who knew how their information was obtained; a group which accounts for 51% of all victims (leaving almost half of victims not knowing how their personal information was obtained). (6) Identity thieves also include persons who give the name of another person in order to delay or avoid being charged with a crime. In fact, there is nothing more "face-to-face" or "non-electronic" than an arrest. The likely difference between now and yesterday is not a difference between online and offline activities, but changes in technology which generally allow thieves to do more, online or off: At one time, not that many years ago, a breeder document, such as a driver's license, meant something; it could be used to establish a person's identity with little or no question. Now, technology has enabled criminals to produce fraudulent documents, which can be used to procure additional fraudulent documents. Counterfeit documents, such as credit cards, used to be easily detectable; now it is relatively easy to produce a counterfeit hologram that usually passes for the real thing..... Technology and the ability of the criminal element to adapt and defeat existing identification methodologies, predicated on breeder documents that are susceptible to counterfeiting, have made it necessary to develop different, more advanced identity authentication systems. …

Consumer Economics: Issues and Behaviors

Abstract: Table of Contents: PART I: CONSUMER PERSPECTIVES 1. Consumers in a Changing World 2. The Consumer Movement 3. Consumer Theories and Developing a Model PART II: CONSUMER PROTECTION 4. Consumer Responsibilities, Redress, and Law 5. Government Protection, Nongovernmental Proconsumer Groups, and Media PART III: CONSUMERS IN THE MARKETPLACE 6. Buying Process, Brands, and Product Development 7. Decision Making and the Influence of Advertising 8. Food and Beverage Issues 9. Health and Wellness Issues 10. Ownership, Safety and Repairs 11. The Internet and Identity Theft 12. Being a Better Consumer of Housing and Vehicles PART IV: CONSUMERS IN THE FINANCIAL MARKETPLACE 13. Saving, Banking, Debt, and Credit Issues 14. Insurance and Investment Issues PART V: EMERGING CONSUMER ISSUES AND THE GLOBAL PERSPECTIVE 15. Ethics and Globalization

Systems and methods for mitigating identity theft associated with use of credit and debit cards

Abstract: The methods and systems of the present invention addresses the problem of identity theft associated with the use of a credit/debit card. A security code having a predetermined expiration, or equivalently lifetime, is generated. The cardholder is informed that his/her current security code is ready for downloading by sending a “security code ready” message to the cardholder. On receiving a transaction from the cardholder with an included a second security code, the security code is verified against the current, that is, the presently unexpired, security code.

Protecting your good name: identity theft and its prevention

Abstract: Identity theft is becoming one of the most common forms of theft in the United States It has affected millions of Americans in the past few years This type of crime is devastating to the victim This paper will discuss what is identity theft, how does it occur, the types of identity theft, the consequences of identity theft, things victims can do if they discovered that their identity has been stolen and how to minimize the risk of identity theft

Stopping Identity Theft

Abstract: Each year, millions of consumers are victimized by identity theft—the practice of using the identity of another to obtain credit. After the identity thief defaults, lenders and credit bureaus attribute the default to the impersonated consumer. The article draws on the traditional loss allocation rules of the common law to suggest ways to reduce the incidence of identity theft. Lenders and credit bureaus do not at present have a sufficient incentive to avoid attributing the acts of identity thieves to consumers. The piece argues that consumers should have a claim against creditors and credit bureaus for including the transactions of identity thieves in reports on impersonated consumers. That would give the credit industry—the entity that can avoid the losses at the lowest cost—an incentive to take steps to prevent identity theft. Finally, the article briefly reviews current law and suggests some implications for public policy.

Prevent Online Identity Theft – Using Network Smart Cards for Secure Online Transactions

Abstract: This paper presents a novel method that can be used to prevent online identity theft and thereby ensure secure online transactions. In particular, the method combats online identity theft mechanisms that capture information on the computer before the information is encrypted. The key feature of this method is the use of secure network smart cards to establish secure connections between the smart card and remote Internet nodes. Using this end-to-end secure connection, one can securely exchange confidential information between the smart card and a trusted remote server. Any intermediate node, including the host computer to which the smart card is connected, cannot compromise this secure connection.

What Price Privacy? (and why identity theft is about neither identity nor theft)

Abstract: : It is commonplace to note that in surveys people claim to place a high value on privacy while they paradoxically throw away their privacy in exchange for a free hamburger or a two dollar discount on groceries. The usual conclusion is that people do not really value their privacy as they claim to or that they are irrational about the risks they are taking. Similarly it is generally claimed that people will not pay for privacy; the failure of various ventures focused on selling privacy is offered as evidence of this. In this chapter we will debunk these myths. Another myth we will debunk is that identity theft is a privacy problem. In fact it is an authentication problem and a problem of misplaced liability and cost. When these are allocated to those who create them, the problem does not exist. Finally we consider the oft asked question of how much privacy should be given up for security. We find this to be the wrong question. Security of institutions may decrease and infrastructure costs may be increased by a reduction in privacy.

Distributed hybrid agent based intrusion detection and real time response system

Abstract: Wireless LANs are growing rapidly and security has always been a concern. We have implemented a hybrid system, which does not only detect active attacks such as identity theft causing denial of service attacks, but also detects the usage of accesspoint discovery tools. The system responds in real time by sending out an alert to the network administrator.

Financial instrument, system, and method for electronic commerce transactions

Abstract: A financial instrument for limited use with electronic commercial transactions corresponds to a subordinate account with a financial institution, where the instrument and the subordinate account has a randomly-selected or a generated name, an assigned number, and a pre-defined billing address. The financial instrument can be used for on-line transactions without fear of identity theft because the account holder's true identity is not associated with the subordinate account but rather with an account related to the subordinate account.

Identity Theft: Laws, Crimes, and Victims

Abstract: A student of mine learned recently that somebody had rented an apartment in his name in a city a few hundred miles away. Another student shared a story about his credit cards being used to view pornographic materials on the Internet. These stories are certainly not unique. In the media, countless reports of stolen identities and credit cards abound, creating an increased threat to individuals' peace of mind and financial standing. In one case, an Arlington, VA, woman found that within a month, four retail credit cards were opened in her name with more than $12,000 charged in that short time period (Breitkopf 2003). Interestingly, it wasn't until 1998 when the Identity Theft and Assumption Deterrence Act was passed that identity theft was officially established as an actual offense (www.usjdoj .gov 2004). Consequently, the Arlington, VA, woman actually saw her perpetrators tried and convicted (Breitkopf 2003). On December 4, 2003, President Bush signed the Fair and Accurate Credit Transaction Act of 2003 (FACTA) into law (www.whitehouse.gov 2003); the law was developed to protect consumers in a wide range of financial transactions. Although part of the law relates to increased access to credit for all consumers, much of it is developed to prevent and combat identity theft. For example, merchants are now required to omit all but the last five digits of a credit card number on customer receipts. Additionally, the act creates a national system of fraud detection and alerts that makes it easier for victims to report incidents of identity theft and protect their credit standings. When an individual becomes a victim, he must make only one phone call to secure his credit standing and generate a nationwide fraud alert (www.whitehouse.gov 2003). This is a significant improvement over past situations, which often resulted in frustration over lack of support for identity theft victims. (For a sample of personal experiences related to identity theft, see the Privacy Rights Clearinghouse, http://www.privacy rights.org/case/victim.htm.) The act is one that is clearly needed. According to the FTC (2003), over 9.9 million people were victims of identity theft during the 12 months prior to the report, and the loss to consumers has been estimated at $5 billion. Moreover, it is believed that, on average, an individual spends 30 hours trying to resolve the consequences associated with the theft. The Arlington, VA, woman spent more than 150 hours clearing her name (Breitkopf 2003). Clearly, the incidence of identity theft is growing and the consequences can be severe. Based on these concerns, The Journal of Consumer Affairs circulated a call for papers for a refereed research colloquium on identity theft; results from this call are presented in this issue. The four resulting papers provide insight and direction into a variety of important issues related to identity theft. Linnhoff and Langenderfer offer an analysis of the Fair and Accurate Credit Transaction Act of 2003 and provide a discussion of other pending bills and proposals related to identity theft; they conclude with a call for additional legislation. Milne, Rohm, and Bahl examine online consumer behaviors and activities associated with increasing or reducing the risk of identity theft online. Sovern looks toward loss allocation rules as a potential means of stopping identity theft and argues that utilization of loss allocation rules has the potential to reduce the incidence of identity theft, where the same people would absorb the costs of identity theft as well as the costs and benefits of preventing it. Building on the importance of the organization in identity theft, Lacey and Cuganesan discuss the role that organizations play in identity theft response. …

Biometric authentication for e-commerce transaction

Abstract: E-commerce is an outcome of globalization and technology outbreak of the 21st century. The consistency on Internet privacy protection plays a major role to boost the growth of e-commerce. E-commerce industry is slowly addressing security issues on their internal networks. But security protection for the consumers is still in its infancy stage posing a barrier to the development of e-commerce. There is a growing need for a combination of legislation and technical solutions to globally secure customer privacy. The U.S Federal Trade Commission has identified the need for defining privacy policies to address consumer data security. A technology solution using biometric technique is proposed for preventing identity theft and false authentication in the course of e-commerce transactions. This research proposes a Web-based architecture that uses the encrypted iris patterns as a biometric attribute for authentication of a customer for e-commerce transactions, because iris patterns are unique to an individual.

Identity Theft Statutes: Which Will Protect Americans the Most?

Abstract: INTRODUCTION Imagine opening up your mail and finding a credit card statement demanding the payment of thousands of dollars for items you never bought. Or, imagine getting pulled over on a neighborhood street for traveling a couple of miles over the speed limit only to end up getting arrested, strip searched, and taken to jail due to an outstanding arrest warrant for drugs and gun charges that someone else committed in your name. Unfortunately, for too many Americans, these nightmarish scenarios have become a reality. As the crime of identity theft has swept the nation, thousands of victims have been left with damaged credit, a criminal record, and emotional distress. (1) With the advent of the Internet, personal information travels across the globe at lightning speed. (2) Identity thieves use personal information--such as names, social security numbers, and birth dates--to commit frauds or crimes in someone else's name. As a result, state and federal governments have passed laws in an attempt to punish the perpetrators and to deter others from committing these crimes in the future. Each law is different, and each law takes a different approach to combat the problem. This Comment compares and contrasts four different identity theft statutes, and ultimately proposes an alternative statute that combines the strengths of the existing statutes. This proposed alternative statute includes additional provisions which provide more effective solutions to the identity theft problem in America. I. ARIZONA'S IDENTITY THEFT STATUTE The earliest identity theft statute adopted was in 1996 by the State of Arizona. (3) This statute made it unlawful for a person to "knowingly take[] or use[] any personal identifying information of another person, without the consent of that other person." (4) To violate the statute, the identity thief must have "the intent to obtain or use the other person's identity for any unlawful purpose or to cause loss to a person." (5) Finally, the statute states that a victim is the person "whose personal identifying information is taken or used without consent, whether or not the victim actually suffers any economic loss as a result of the offense." (6) In codifying the identity theft statute, the Arizona Legislature sought to warn criminals of the serious nature of this offense by labeling it a Class 4 felony. (7) This classification translates into a sentence of between one-and-one-half and three years in prison for first time offenders (8) and between three and twelve years for repeat offenders. (9) The statute's simple language and relatively short provisions address most acts that could be considered identity theft crimes. First, the term "personal identifying information" (10) is extremely broad and, although never interpreted by the courts of Arizona, could be used to include most government issued items. Second, the statute criminalizes any attempt to obtain a person's personal identifying information, whether or not the victim actually suffers economic loss. (11) This provision serves a two-fold purpose: it broadens the class of people susceptible to prosecution, and serves as a deterrent to those considering committing the crime of identity theft. Finally, it is important to note that the statute specifically limits the class of victims of identity theft to persons whose personal identifying information was taken or used. (12) The Arizona statute does not include banks or businesses that suffer financial loss as a result of the fraudulent transaction. (13) This limitation is both a strength and a weakness. By limiting the victims of identity theft to individuals, the provision creates a private cause of action only for individuals whose personal identifying information was stolen. The status of identity theft victim, as defined by the statute, may give a person more credibility with credit-reporting agencies when attempting to clear their credit. …