Showing papers on "Identity theft published in 2005"

Identity Theft

Abstract: On February 7, 2005, the Federal Trade Commission reported that at least 10 million Americans are affected by identity (ID) theft each year[7]. The US Department of Justice defines identity theft as ”all types of crime in which someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain[17].” ID thieves target any personal information they can get including social security numbers, bank account or credit card numbers, mother’s maiden name, drivers license numbers, financial account numbers and pins, and online account names and passwords[7], [17]. These criminals use many different methods to attack unsuspecting people, gaining information that they then use to pretend to be those people. In this paper we explain some of the methods used by ID thieves. We will focus on Phishing, a web-based social engineering method of extracting personal information for the purpose of assuming the identity of the unsuspecting. The government has stepped up legislation to help prosecute those caught engaging in identity theft, but we must do more through education and personal protection[17], [7], [4]. II. GOALS AND MOTIVATION

Aphasia as identity theft: Theory and practice

Abstract: Background: The impact of aphasia on identity is frequently acknowledged, but there have been few theoretical or research publications focusing on identity as an explanatory construct in understanding quality of life issues for persons with aphasia and their significant others. This article is abbreviated from a keynote address at the 2004 Clinical Aphasiology Conference.Aims: The purpose of this article is to review concepts from the sociocultural literature that bear upon social identity and can be applied to an understanding of short- and long-term consequences of aphasia.Main Contribution: Theoretical premises related to social identity are outlined, then applied to the life experiences of persons with aphasia and their significant others. The clinical relevance of such concepts is illustrated through specific examples. Particular attention is paid to the recognition work involved in moving on with life in the context of aphasia. The implications of the identity construct are also addressed through qu...

Fraud risk advisor

Abstract: A fraudulent business transaction application (110) is provided for monitoring application based fraud (112). When a consumer supplies account access information in order to carry out an Internet business transaction, the FBTA uses an online fraud mitigation engine to detect phishing intrusions and identity theft (114). Methods are also provided for calculating travel velocity and transaction frequency, which are useful for determining a fraudulent transaction (120).

Identity theft monitoring and prevention

Abstract: Systems and methods of monitoring financial information of a consumer for fraudulent activity. One system can include an identity verification system configured to verify an identity of a consumer. The system can include a new account identity theft detection system configured to determine a first score for a new account application submitted by the consumer, the first score indicating likelihood that the new account application is fraudulent, and an address analyzer configured to determine a second score for an address modification submitted by the consumer, the second score indicating likelihood that the address modification is fraudulent.

Personal credit management and monitoring system and method

Abstract: This document discloses fully-integrated consumer credit management and identity theft detection, protection and resolution systems, methods, and computer program products. These solutions enable consumers to manage the entire lifecycle of their credit profile and personal identity through a simple integrated application that combines credit management, credit monitoring, identity theft detection, and identity restoration. The credit management and identity theft protection system integrates the complexities of credit reports and identity theft protection into a single solution giving consumers more control over their financial future than conventional systems.

Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures

Abstract: Acknowledgments The author acknowledges sponsorship from the U.S. Department of Homeland Security, Science and Technology Directorate (DHS S&T). Points of view in this document are those of the author and do not necessarily represent the official position of the U.S. Department of Homeland Security or the Science and Technology Directorate. The content of this report was shaped by the members of the Identity Theft Technology Council, a public-private partnership between DHS S&T, SRI International, the Anti-Phishing Working Group (APWG), and private industry. Particular thanks are due to Dan Boneh, Drew Dean, Louie Gasparini, Ulf Lindqvist, John Mitchell, Peter Neumann, Robert Rodriguez, Jim Roskind and Don Wilborn for their contributions.

Establishing and protecting digital identity in federation systems

Abstract: We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication. This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.

Identity verification system

Abstract: An electronic system is provided to confirm the identity of an individual or customer. The confirmation process permits businesses and other entities to access a preapproved list of authorize customers for purposes of preventing identity theft or fraud. Biometric data obtained from the person of the customer is compared against an authorized version of customer biometric data for this purpose. Even if an individual customer is not an authorized customer, the biometric data may be compared to a known fraud database to see if this individual has perpetrated past instances of fraud.

Is spyware an Internet nuisance or public menace

Abstract: Recent media attention to spyware [2, 5, 7, 8] has brought to light the blunt intrusion into individual privacy and the uncertain hidden cost of free access to Internet sites, along with freeware and shareware. Most spyware programs belong to the more benign category of adware that delivers targeted pop-up ads based on a user's Web surfing habits. The more malicious type of spyware tracks each keystroke of the user and sends that information to its proprietors. Such information could be used for legitimate data mining purposes or it could be abused by others for identity theft and financial crimes.

Identity Theft Literature Review

Abstract: To provide better customer service, NCJRS has made this Federally-funded grant final report available electronically in addition to traditional paper copies. Opinions or points of view expressed are those of the author(s) and do not necessarily reflect the official position or policies of the U.S.

Credit report lock system

Abstract: A method and system to protect, manage and control access to credit reports by the consumer. The company provides a website for the consumer to lock his credit report from being viewed without authorization. The report may be accessed via a previously assigned ID number and password. For a merchant to obtain the credit report, the consumer must grant access. The system eliminates manual intervention with access codes to lock or grant access to the report. Response to requests to access a report is instantaneous with the correct access code. Before a consumer subscribes, his is challenged to prove his identity. The verification method is based on his using a credit card to pay for the service that has the same name as the person in which they are attempting to subscribe to the service as. Address verification is provided by the credit card company. A credit report is then pulled from each of the credit reporting agencies, and the data used to further challenge the consumer's identity. Once correct identity has been established, the consumer enters an access code that is stored and instructions transmitted to the credit reporting agencies. Instructions are sent to the credit reporting agencies requiring them to lock the consumer's credit report and assign an access code to the file for consumer access. The system gives the consumer total control in protecting credit information from theft or misuse.

Anti-identity theft system and method

Abstract: A method of entering information for identity validation of an individual is provided, where an individual enters their personal information and biometric information that is compared to one or more databases to verify the identity of the individual. Once the identity is verified, the individual selects one or more random biometrics that are stored as random biometric information on a database for later identity verification purposes. When the individual later wants to review or change his personal information, or when the individual wants to perform or consummate a transaction, the individual simply submits his/her one or more random biometrics that were previously selected and stored in the database. The biometrics are compared with the random biometric information in the database, and if the one or more random biometrics match the random biometric information in the database, then the identity is verified.

Debit-based identity theft monitoring and prevention

Abstract: Systems and methods of monitoring financial information of a consumer for fraudulent activity. One method can include receiving an account closure event from an event provider, determining if the account closure event is associated with financial information of the consumer, generating a notification, and providing the notification to the consumer. Another method can include receiving a returned check event from an event provider, determining if the returned check event is associated with financial information of the consumer, generating a notification, and providing the notification to the consumer.

An analysis of online gaming crime characteristics

Abstract: Purpose – To arouse the public awareness of online gaming‐related crimes and other societal influences so that these problems can be solved through education, laws and appropriate technologies.Design/methodology/approach – A total of 613 criminal cases of online gaming crimes that happened in Taiwan during 2002 were gathered and analyzed. They were analyzed for special features then focusing on the tendency for online gaming crime. Related prosecutions, offenders, victims, criminal methods, and so on, were analyzed.Findings – According to our analysis of online gaming characteristics in Taiwan, the majority of online gaming crime is theft (73.7 percent) and fraud (20.2 percent). The crime scene is mainly in internet cafes (54.8 percent). Most crimes are committed within the 12:00 to 14:00 time period (11.9 percent). Identity theft (43.4 percent) and social engineering (43.9 percent) are the major criminal means. The offenders (95.8 percent) and victims (87.8 percent) are mainly male and offenders always p...

Phishing Attack Victims Likely Targets for Identity Theft

Abstract: © 2004 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. Phishing Attack Victims Likely Targets for Identity Theft

Identity Theft and E-Fraud as Critical CRM Concerns

Abstract: Fraud and identity theft have been increasing with the use of e-commerce. In the U.S. alone, it has been estimated that victims may spend on average $1,500 in out-of-pocket expenses and an average of 175 hours in order to resolve the many problems caused by such identity thieves. Organizations that engage in e-commerce as a large part of their business need to protect their customers against these crimes. An empirical study of 75 managerial employees and/or knowledge workers in five large organizations in Pittsburgh, Pennsylvania, revealed a number of interesting facts about how much information they share with others, what the likelihood is that they will conduct business online, and whether or not they take steps to protect their personal identity and credit. Model construction and implications were generated concerning steps that employees and customers may take to avoid identity theft.

Guidelines and Strategies for Secure Interaction Design

Abstract: To give you a sense of how important it is to look beyond authentication, consider some of today’s most serious security problems. Viruses are a leading contender, with email viruses making up a large part. Spyware is growing into a nightmare for home users and IT staff. Identity theft is becoming widespread, perpetrated in part through “phishing” scams in which forged email messages entice people to give away private information. None of these problems is caused by defeating a login mechanism. They would be better described as failures of computers to behave as their users expect.

Federated identity management for protecting users from ID theft

Abstract: Federated identity management is sometimes criticized as exacerbating the problem of online identity theft, based as it is on the idea of connecting together previously separate islands of identity information. This paper explores this conjecture, and argues that, while such linkages do undeniably increase the potential scope of a successful theft of identity information, this risk is more than offset by the much greater value federated identity, in combination with strong authentication, offers in preventing such theft in the first place.

Identity Theft in Cyberspace: Crime Control Methods and Their Effectiveness in Combating Phishing Attacks

Abstract: This article discusses the growing identity theft problem in cyberspace, focusing specifically on phishing attacks. Victims of identity theft and phishing attacks suffer direct financial losses, though the real price these crimes exact is in the time and money spent trying to rebuild a victim’s credit and good name. Society also suffers through business losses, generally passed on to consumers through higher costs for goods and credit, and, more importantly, through loss of consumer confidence in conducting business online.Section II presents an overview of identity theft through a discussion of associated costs, laws, and stakeholders. Section III presents facts and statistics on the phishing problem. Section IV sets up a structure for analyzing identity theft crime control methods based on primary, secondary, and tertiary responses to crime. The primary level includes victim self-help measures, the secondary level involves private-party architecture solutions, and the tertiary level includes public law enforcement efforts. The article then discusses recent developments in fighting identity theft at each level, focusing on new laws and services that help consumers secure their identity, advances in private-party methods to detect and prevent fraud, and new and proposed changes to criminal laws used in the battle against identity theft. It will discuss the effectiveness of these new developments on phishing attacks and critically examine who is best equipped to combat the phishing problem. The article concludes that no single crime control method alone will be enough to combat phishing. Only a combined approach, incorporating strategies from each level, will diminish the phishing problem.

Apparatus and method of enabling a victim of identity theft to resolve and prevent fraud

Abstract: A web-based application method that allows victims of identity theft to rectify and prevent further fraudulent activity is comprised of communicating with a central system and receiving a series of actions and prompts by the system. The invention also allows the user to obtain general information relating to the various types of fraud and gives the user the ability to store and be able to archive all information relating to the fraud in one convenient place. Once the user has been guided through all of these actions, all necessary action will have been taken to rectify the present fraud, and also to prevent further fraudulent activity from occurring.

Identity Theft in Cyberspace: Crime Control Methods and Their Effectiveness in Combating Phishing Attacks

Abstract: This article discusses the growing identity theft problem in cyberspace, focusing specifically on phishing attacks. Victims of identity theft and phishing attacks suffer direct financial losses, though the real price these crimes exact is in the time and money spent trying to rebuild a victim’s credit and good name. Society also suffers through business losses, generally passed on to consumers through higher costs for goods and credit, and, more importantly, through loss of consumer confidence in conducting business online.Section II presents an overview of identity theft through a discussion of associated costs, laws, and stakeholders. Section III presents facts and statistics on the phishing problem. Section IV sets up a structure for analyzing identity theft crime control methods based on primary, secondary, and tertiary responses to crime. The primary level includes victim self-help measures, the secondary level involves private-party architecture solutions, and the tertiary level includes public law enforcement efforts. The article then discusses recent developments in fighting identity theft at each level, focusing on new laws and services that help consumers secure their identity, advances in private-party methods to detect and prevent fraud, and new and proposed changes to criminal laws used in the battle against identity theft. It will discuss the effectiveness of these new developments on phishing attacks and critically examine who is best equipped to combat the phishing problem. The article concludes that no single crime control method alone will be enough to combat phishing. Only a combined approach, incorporating strategies from each level, will diminish the phishing problem.

Phishing: Cutting the Identity Theft Line

Abstract: About the AuthorsIntroductionChapter 1: Phishing for Phun and ProfitChapter 2: Bait and Switch: Phishing EmailsChapter 3: False Fronts: Phishing WebsitesChapter 4: Are You Owned? Understanding Phishing SpywareChapter 5: Gloom and Doom: You Can't Stop Phishing CompletelyChapter 6: Helping Your Organization Avoid PhishingChapter 7: Fighting Back: How Your Organization Can Respond to AttacksChapter 8: Avoiding the Hook: Consumer EducationChapter 9: Help! I'm a Phish! Consumer ResponseAppendix A: Glossary of Phishing-Related TermsAppendix B: Useful WebsitesAppendix C: Identity Theft AffidavitIndex

The Emergence of Biometrics and Its Effect on Consumers

Abstract: Biometric authentication systems are becoming increasingly common. Though their use offers important advantages to governmental agencies, business, and consumers, the widespread use of biometric technology has the potential for serious negative consequences. In this paper, the authors explore the effects on consumers of the incorporation of biometric authentication into mainstream commerce, specifically focusing on privacy concerns of consumers in the context of the fair information practice principles of notice/awareness, choice/consent, access/ participation, integrity/security, and enforcement/redress. ********** Biometric systems are quickly becoming a standard part of modern life as commercial and governmental entities rapidly embrace a technology that promises enhanced security and improved identification. Japanese cell phone manufacturers have begun including fingerprint readers into their devices to prevent unauthorized use (Dvorak 2004), and the U.S. manufacturers are expected to release similar products by the end of 2005 (Smith 2005). Accenture was recently awarded a $10 billion contract to incorporate biometric identification measures into the U.S. Visitor and Immigration Status Indicator Technology program, a tracking system for foreign nationals entering the United States (Stein 2004), and the State Department is planning to add electronic chips to passports by late 2005 to allow for facial comparisons (Krim 2004; Lucas 2005). Biometric payment systems using fingerprint scanning technology are now in use by a wide range of merchants including Piggly-Wiggly, General Nutrition Center, and Blockbuster (Clark 2004; Lucas 2005). Point-of-sale biometrics, a mere 2% of the total biometrics market, generated $16.1 million in 2003 and are expected to rise to over $250 million by 2008 (International Biometric Group 2004). Biometric technology, once the science fiction fodder of the Mission Impossible world, is quickly becoming a staple of American and world commerce. Biometrics is the science of measuring biological characteristics and behaviors for the purpose of determining or verifying identity (Bolle et al. 2004; International Biometric Group 2004; Reid 2004). Authentication is a critical function in many consumer and industrial applications, and the shift to biometric technology is the result of governmental and industrial sectors seeking better identification methods for security and fraud prevention than traditional identity cards. Since the September 11, 2001, attacks and overall rise in worldwide terrorist activity, governmental entities have increasingly focused on the development of foolproof identification and tracking systems turning to biometric technology as a central part of the solution (Greenemeier 2005; Piazza 2005). Commercial use of biometrics has simultaneously been spurred by dramatic increases in identity theft and related crimes (Linnhoff and Langenderfer 2004; Sraeel 2005). The promise of biometric technology is not insignificant. From an organizational perspective, biometric identifiers are attractive because they generally do not vary over the lifetime of the individual, they typically cannot be shared, and they cannot be acquired through computer hacking or surreptitious observation (Jain et al. 2004; Ratha, Connell, and Bolle 2001). This means, for example, that with biometric technology enhancements, employees cannot punch each other in on a time clock, criminals can be identified regardless of what identification cards they have stolen or forged, terrorists can potentially be denied boarding on aircraft, and health care providers can be relatively certain that the individual they are treating does indeed match the name on the insurance card and the medical history file. From a consumer perspective, biometric authentication offers advantages as well. Once enrolled in a biometric system, consumers are potentially free from worry about the fraudulent use of their credit cards. …

Credit and identity protection network

Abstract: A computer network, Credit and Identity Protection Network (“CIPN”), is established to detect credit damage and identity theft occurring to individuals, organizations, and other entities It automatically advises the potential victims to verify the possible fraudulent activities and helps them to take proper actions to protect their credit and identity In addition, this computer network provides the potential victim with assistance in notifying financial institutions, credit bureaus, merchants, and government agencies of suspicious activities and/or of confirmed fraudulent cases so that these organizations can take proper actions to protect themselves and the victims

Will You Spend to Thwart ID Theft? Internet Based or Not, Ill-Protected Records Are Yielding Criminals a License to Steal. Vendors and Bankers Want to Fight Back

Abstract: When it comes to identity fraud and its narrower cousin, identity theft, the Federal Trade Commission is on red alert and banks are rethinking the issue of combating thieves who lift legitimate account holder's credentials to line their own pockets You could say the tipping point occurred with headlines from February's ChoicePoint data breach and the Alpharetta, Ga-based firm's required disclosure under California law Or, that the issue was greenlighted to greater importance soon after with an insider infiltration of a database at a newly acquired subsidiary of New York City headquartered LexisNexis, itself active in the ID theft prevention market (Although no known cases of identity theft have, as of yet, resulted from these events, there is a high correlation between breaches and subsequent spikes in consumer accounts fraud) Clearly, there has been a spike in consumer awareness and anxiety It has helped to generate renewed industry interest in a chronic problem In terms of what the hard evidence illustrates, reported complaints of ID theft have shot up to 93 million from 500,000 in 2001, according to the FTC and other sources Before recent events and headlines, leading banks were already struggling to work more effectively with law enforcement and considering which channels to monitor (ABABJ, January 2001, p27) Certain ATMs, as an example, can be altered to take in account and password information and new account fraud tends to occur in the branch Moreover, the most progressive banks have taken steps to address problems particular to their organizations But ID theft continues to confound more than a few financial services firms with its shifty form Some variants include new account opening with a false identity and account takeover--or use of stolen information to say, pay the bills of the thief, who is perhaps more desperate than professional in that instance To this day, the topic inspires mixed industry commentary, particularly "on background," where an astute listener will notice that all the experts have a distinct opinion about (1) whether the problem really is significant enough to take "drastic action" against it; (2) what root causes of ID theft are the "best ones" to address; and 3 whether the problem will spike further or gradually level off and become a non-issue on its own over time If short-run patterns are any indication, ID fraud will only continue--gushing before it settles into a trickle Yet all sources seem to agree on this point on and off the record: as part of an operational risk management plan, banks need to have some strategy in place because of the potential impact of ID theft on their brand and because it can erode consumer confidence in the banking industry Synergistic effect Today some of the terms of debate have shifted, but talk, and, finally, action, has intensified in an effort to head criminals off at the pass Consider phishing attacks, which have reared their collective ugly head over the last two years These have also promoted interest in addressing ID theft and fraud, as the technique represents yet another way to harvest account information In this variation, phishers trick unwitting internet users into giving up account information by presenting legitimate looking e-mails that link to phony web pages, which harvest data Some technologists believe that--as phishing "automated" the information gathering that can lead to other types of fraud--capabilities such as scripts, Trojans, "bots," and spyware will be increasingly used to set other aspects of fraud spinning out in a no-holds-barred auto-attack "It's conceivable that fraud will have a mechanized aspect in the future," says Eli Katz, practice director in the global financial services practices, Unisys, Blue Bell, Pa "If that happens, phishing will only be part of a broader, automated theft industry," he explains, adding, "Certainly today, there is more to the story of ID theft than phishing …

Deterrence of phishing and other identity theft frauds

Abstract: Techniques are introduced for reducing internet phishing and identity theft and for helping to capture criminals who perpetrate such frauds. Invalid financial data for use in deterring fraud is generated and stored in an electronic database. The invalid financial data is made publicly accessible for use by individuals when approached with a suspicious attempt to obtain financial data. Financial transactions are monitored to detect any attempted use of the invalid financial data stored in the electronic database.

Means and method of using cryptographic devices to combat online institution identity theft

Abstract: Customers of institutions which engage in e-business are issued with tamper resistant smart cards which include among other things a cryptographic public key of the institution. When the customer communicates with the institution on-line the customer uses the smart card to challenge the identity of the on-line business interface. Ghost web sites, bogus e-mails and unauthorised, modified or corrupted data are thereby identified effectively combating any attempted theft of the institution’s on-line identity.

Hands-On Ethical Hacking and Network Defense

Abstract: It's nearly impossible to pick up a newspaper or read your favorite online news source these days without seeing yet another article about identity theft or credit card numbers being stolen from unprotected databases. Cyber crime and the threat of computer-related attacks are growing daily, and the need for security professionals who understand how attackers compromise networks is growing right along with the threat. Government agencies and private companies rely on "ethical hackers"--professional security testers--to put their networks to the test and discover vulnerabilities before attackers do. If you have an understanding of computers and networking basics and are considering becoming a security tester, HANDS-ON ETHICAL HACKING AND NETWORK DEFENSE will show you how to get started in this fascinating, growing field. This book covers the gamut, from the legalities of ethical hacking to the details of malware, network attacks, cryptography, OS vulnerabilities, wireless network hacking, and much more. Successful security testers know their work calls for creative, critical thinking, and they enjoy the challenge of digging deep to solve complex problems. Step up to the challenge with HANDS-ON ETHICAL HACKING AND NETWORK DEFENSE.