Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

A study on hard-core users and bots detection using classification of game character's growth type in online games

Abstract: Security issues such as an illegal acquisition of personal information and identity theft happen due to using game bots in online games. Game bots collect items and money unfairly, so in-game contents are rapidly depleted, and honest users feel deprived. It causes a downturn in the game market. In this paper, we defined the growth types by analyzing the growth processes of users with actual game data. We proposed the framework that classify hard-core users and game bots in the growth patterns. We applied the framework in the actual data. As a result, we classified five growth types and detected game bots from hard-core users with 93% precision. Earlier studies show that hard-core users are also detected as a bot. We clearly separated game bots and hard-core users before full growth.

Blockchain-based scalable authentication for IoT: poster abstract

Abstract: Device identity management and authentication are one of the critical and primary security challenges in IoT. In order to decrease the IoT attack surface and provide protection from security threats such as introduction of fake IoT nodes and identity theft, IoT requires scalable device identity management systems and resilient device authentication mechanisms. Existing mechanisms for device identity management and device authentication were not designed for huge number of devices and therefore are not suitable for IoT environments. This work presents results of a blockchain-based identity management approach with consensus authentication, as a scalable solution for IoT device authentication management. Our identity management approach relies on having a blockchain secure tamper proof registry and lightweight consensus-based identity authentication.

Method and system for generating virtual identity card

Abstract: The invention relates to a method and a system for generating a virtual identity card. The method includes the following steps: a collection terminal collects the identity card information of a user and checks the identity card information based on the face of the user, and submits a virtual identity card application request; the legitimacy of the information of collection terminal equipment and the user is checked by accessing a police intranet system module; the police intranet system module generates a virtual identity card number according to a specific algorithm, and establishes a mappingrelationship between the virtual identity card number and the real identity card of the user; and the collection terminal releases virtual identity card information to the user according to a virtualidentity card returned by the police intranet system module. According to the invention, the identity card number information of the user is collected and submitted to the police intranet system, thepolice intranet creates a virtual identity card number for the identity card number and establishes a mapping relationship between the virtual identity card number and the real identity card number,and a two-dimensional code is generated for the virtual identity card number and returned to the user. Thus, the number exposed outside is not a real identity card number. The method and the system have no influence on current identity authentication, and play a positive role in preventing identity theft and protecting personal privacy.

The Viability of Removing Personal Information from Online White Page Directories: Are Consumer Perceptions Aligned with Reality?

Abstract: This research undertakes two related studies to investigate the difficulties faced and costs incurred by consumers in order to remove information about themselves from online white page directories. These directories contain an aggregate of personal information and create threats to consumers by allotting easy access. A survey study examines consumer awareness of these online directories and expectations of opt-out procedures. A field study tracks attempts at actual information removal for twenty volunteers to provide a real-world assessment of the effectiveness of current opt-out mechanisms. The results reveal a dramatic misalignment between consumer expectations and the reality of current opt-out practices. The results highlight the costs and difficulties associated with opt-outs and bring the validity of these mechanisms into question. ********** Advancing database technologies have increased the opportunity for businesses to acquire, use, and disseminate customer information (Miceli, Ricotta, and Costabile 2007; Nehf 2007; Youn 2009). Although the permissive use of customer information has benefits for improving buyer-seller relationships (Stanaland, Lwin, and Leong 2009), these benefits must be weighed against privacy abuses associated with unauthorized access to personal information stored in proprietary and commercial databases (Kachhi and Link 2009; Milne, Bahl, and Rohm 2008; Norberg, Horne, and Horne 2009). At the extreme, the unauthorized and illegal use of personal information in the form of identity theft, phishing scams, and database piracy has focused considerable attention on the information privacy debate and the financial and psychological consequences associated with this misuse (Federal Trade Commission 2007; Peltier, Milne, and Phelps 2009; Rotfeld 2009). While consumers are increasingly apprehensive regarding illegal access to information about themselves (Federal Trade Commission 2007; Peltier, Milne, and Phelps 2009; Rotfeld 2009), they are equally concerned about the unauthorized secondary disclosure of their personal dossiers on the commercial market (Culnan 1993; Foxman and Kilcoyne 1993; Sayre and Horne 2000). Unauthorized secondary disclosure occurs when consumer information is shared with other marketers without their knowledge or consent (D'Souza and Phelps 2009). Yet, even when consumers are aware of potential data-sharing arrangements, they often lack sufficient efficacy and knowledge of the mechanisms through which they can control and protect their personal dossiers (LaRose and Rifon 2007; Milne, Labrecque, and Cromer 2009; Peltier, Milne, and Phelps 2009; Peltier et al. 2010; Rifon, LaRose, and Choi 2005). Despite this lack of understanding, recent research suggests that consumer concern over secondary use of their personal information is reduced when they are allowed some control over its use, and specifically in instances where they have the ability to remove their personal information in order to safeguard against future disclosures (Youn 2009). Currently, the Federal Trade Commission (FTC) endorses industry self-regulation and has defined a set of privacy rules to protect consumer information that are based on Fair Information Principles (FTC 2007). To adhere to these principles, marketers must offer opt-in or opt-out mechanisms in which consumers explicitly give permission for marketers to use and collect their data (opt-in) or revoke permission (opt-out), oftentimes after the fact. While research has established that most companies are offering opt-out options as part of their privacy policies (Culnan 2000; Milne and Culnan 2002), there has been no investigation of whether such opt-out mechanisms are working sufficiently to protect consumers' data management rights. Within the data-sharing arena, online white page directories--searchable databases of personal information--offer an interesting context to examine the effectiveness and compliance of opt-out mechanisms. …

An evaluation of inter-organisational identity theft knowledge sharing practice in the UK retail sector

Abstract: Knowledge is an essential source of competitive advantage in modern society and is particularly important in the current on-line environment due to increased business interactions throughout the world. Knowledge sharing initiatives taken by organisations to improve technicalities to tackle cyber threat have been extensively investigated. A particular focus of this study was on the security professionals sharing their learning experience in order to help address and mitigate identity theft. Multiple case studies were employed to interpret the triangulated data collected. ShoppingCo, PaymentCo, TeleCo, and NetworkingCo participated in this investigation. Semi structured interviews were scheduled and conducted in conjunction to company reports, personal communication, presentation slides and related materials was gathered to ensure trustworthiness and authenticity. Pattern matching analysis was employed to draw conclusions by evaluating 30 transcripts and 11 internal documents. The major theoretical contribution of this study was the proposal of a conceptual framework that adapts for private sector organisations knowledge sharing elements in the security profession. Lack of knowledge of the manager’s role is addressed. Current knowledge sharing and corporate communication practices are synthesised. Formal and informal communication, social forums and networking events are evaluated. Thus, improving the current understanding of identity theft. This empirical study contributes to an improved understanding of inter-organisational knowledge sharing practice within three retailers and an official networking forum. Because of this evaluation, an extended framework is proposed and components synthesised into a new framework. Recommendations are drawn based on an evaluation of what is working and what does not seem to be providing benefits with regard to knowledge that address and mitigate identity theft. The framework suggested that the key to improved knowledge sharing was to persuade a range of security officials working for different private sector organisations to share their knowledge of identity theft prevention.