Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

FakeBuster: A Robust Fake Account Detection by Activity Analysis

Abstract: Online social network is playing an important role in modern society. It not only significantly changed the way people communicate, but also provided a new way of potential attack, such as identity theft, false information, etc. Recently, fake accounts in online social networks (OSNs) have made several problems throughout online social network. With the massive creation of fake account, OSNs providers are suffered by overflooded advertisement, false information spread, etc. Traditional method such as cannot distinguish between real and fake account efficiently. Some previous work has studied the structure and composition of fake account that distribute spam messages, however the fast improvement of fake account creation made these previous works outdated or getting ineffective. We then target on new model of fake account that may not only automatically post or comment, but also spam with advertisement or spread false information. In this research, we proposed an innovative method to detect fake account in OSNs. This method based on user activity pattern through Facebook activities, and we leverage machine learning to predict if an account is controlled by fake user. We also provide an analysis of those account activity from the prediction result. This research may bring up to a whole new level in fake accounts detection

Identity theft as a threat to CRM and e-commerce

Abstract: Customer loyalty, a main component of customer relation management, is a tool used by companies to become profitable online. However, is currently under attack by the exponentially growing menace of identity thieves. In the past few years, identity theft has cost US consumers and businesses over $35 billion dollars. Identity theft affects everyone from businesses to consumers to government agencies. Through conceptual modelling and a variety of statistical techniques, including factor analysis and principal-components analysis, a series of hypotheses was tested on a sample of 107 working professionals in the metropolitan sector of Pittsburgh, PA. Six independent variable constructs, in order of decreasing variance explained or importance included Passwords and Security, Online Invasion, Security Priorities, Poor Experiences, Anti-Virus Protection and Employment Experience. A number of results points to the fact that individual customers must bear the majority of the burden to develop prevention strategies when dealing with identity thieves.

Identity Theft and Consumer Payment Choice: Does Security Really Matter?

Abstract: Security is a critical aspect of electronic payment systems. In recent years, the phenomenon of identity theft has gained widespread media coverage and has grown to be a major concern for payment providers and consumers alike. How identity theft has affected consumer’s payment choice is still an open research question. Using a newly available nationally representative survey from the U.S., we study the effect of identity theft incidents on adoption and usage patterns for nine different payment instruments. Our results suggest that specific identity theft incidents alter the probability of adopting cash, money orders, credit cards, stored value cards, bank account number payments and online banking bill payment, after controlling for socio-demographic and payment characteristics. As for payment usage, we observe a positive and statistically significant effect of certain types of identity theft incidents on cash, money orders and credit cards. However, we also find that specific identity theft incidents could decrease the usage of checks and online banking bill payment. These results are robust across different types of transaction after controlling for various socio-demographic characteristics and perceptions toward payment methods.

Human Identification Theory and the Identity Theft Problem

Abstract: This paper builds on the theory of human identification proposed by Professor Roger Clarke and uses the product as the basis for a proposed solution to the identity theft problem. The expanded theory holds that all human identification fits a single model. The identifior matches the characteristics of a person observed in a first observation with the characteristics of a person observed in a second observation to determine whether they are the same person. From the theory it follows that a characteristic used for identification in the credit reporting system, such as social security number, mother's maiden name and date of birth, must be known to all entities participating in that system. Because those characteristics - and any substitute for them - must be distributed so widely, it is unrealistic to think they can at the same time remain secret. Hence the current efforts to curb identity theft by keeping personal information secret are doomed to failure. As an alternative solution to the identity theft problem, this paper proposes a system by which persons concerned about identity theft can register their identities through a government agency that will make their names, social security numbers, and non-sensitive contact information publicly available on an open-access website. Credit grantors and credit reporting agencies would have the option to contact the registrant to verify that he or she is in fact the credit applicant. Creditors who opted to use the system to identify a borrower would retain their current exemption from legal liability for misidentification. Those who did not would be liable for misidentification under common law principles, including theories of defamation, invasion of privacy, and negligence. In cases in which credit grantors and credit reporting agencies used the system, the effect would be to give the individual person control over the process of his or her own identification in credit transactions, with no meaningful loss of privacy.

Identity Theft: Risks and Challenges to Business of Data Compromise

Abstract: The loss of private customer data such as Social Security numbers, credit card numbers, birth-dates, and other confidential information to unauthorized third parties presents a daunting set of challenges and legal obligations to affected businesses. Identity theft has been America's “fastest growing crime” since at least 1989 and although actual cost data is difficult to gauge, various studies estimate that the U.S. business community suffers direct domestic losses of fifty-six to one-hundred billion dollars per year. These rather staggering figures do not include significant additional tangential costs such as the criminal prosecution and incarceration of offenders. Identity theft also directly costs private consumers over two billion dollars and one-hundred million hours of time per annum to resolve in the aftermath of having their identities stolen. The Privacy Rights Clearinghouse reports that over eight *50 million individuals were victims of identity theft in 2007 alone. That source also reports at least 900 business-related data breaches in the United States alone involving the compromise of over 245 million records containing personal information. Over the past two years, hackers, disaffected employees, and other cyber criminals have compromised data networks at TJ Maxx/Marshalls, Barnes & Noble, Bank of America, Wells Fargo, Stanford University, Princeton University, The Veterans Administration, Fannie Mae, and the City of San Francisco. According to the Department of Justice, reports of data breaches increased even more dramatically in 2008 with 656 reported breaches, reflecting an increase of 47% over the preceding year's total of 446. This includes a total of 35,691,255 stolen or otherwise compromised identities. According to that same study, only 2.4% of all breaches had encryption or other strong protection methods in use, and 8.5% of reported breaches had password protection. Considering the enormity of these incidents, there is no way to be certain “how many other retailers, who might not be quite as careful, are already being breached?” As dependence upon data access, especially wireless applications, continues to grow, new vulnerabilities will be further exploited. Obviously, given the current risk environment, businesses are obligated to do their utmost to protect systems and ensure customer confidentiality. Unfortunately, in this same threat environment, careful consideration must also be given to planning and preparation for worst case scenarios. In the event of a major system compromise, who bears the cost of system restoration or customer reimbursements? What about negative publicity, loss of goodwill, and lawsuits? What constitutes minimum due diligence before and after a data-compromise? What steps should management consider post-breech? What are the legal consequences to our business, customers and other stake-holders? Should we purchase cyber-insurance?Part one of this article addresses current infrastructure risks and the challenges associated with cyber insurance underwriting. Part two attempts to summarize what has become a rather complex legal and regulatory landscape. Part three addresses due diligence and post-breach best practices that may facilitate the retention of customer goodwill while minimizing business costs and legal liabilities.