Topic
Identity theft
About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.
Papers published on a yearly basis
Papers
More filters
•
TL;DR: The costs of credit monitoring should be recoverable in cybersecurity tort litigation if a data subject’s personal information has been seriously exposed to improper access by a data possessor's negligence and expenses incurred to detect the opening of unauthorized accounts.
Abstract: This article argues that the costs of credit monitoring should be recoverable in cybersecurity tort litigation. If a data subject’s personal information has been seriously exposed to improper access by a data possessor’s negligence, expenses incurred to detect the opening of unauthorized accounts should be compensable. This issue — which is far from definitively resolved — arises with great frequency in suits against banks, universities, retailers, and employers. Although early court decisions denied recovery of credit monitoring damages on a variety of grounds, recent developments have called that precedent into question. On the one hand, there is increasing recognition that data possessors have a duty to protect the personal information of data subjects from improper access and to reveal information about breaches in data security. On the other hand, businesses now routinely make voluntary offers of credit monitoring to cybersecurity victims; class action settlements often provide compensation for credit monitoring; and courts and administrative agencies impose sanctions which require provision of credit monitoring services or reimbursement for the same. Credit monitoring enables the persons placed at risk by a data security breach to promptly detect the opening of unauthorized accounts and to take remedial action. Thus, the costs of credit monitoring are a reasonable and necessary response to any serious breach of cybersecurity. Recovery of credit monitoring damages is consistent with basic tort rules (including the duty to mitigate damages) and the principles of public policy favoring deterrence of deficient data practices and efficient allocation of losses.
3 citations
••
TL;DR: Investigation of factors influencing cashiers’ identification (ID)-checking behavior in order to inform the development of interventions to prevent credit-card fraud found an A-B-A design approach to evaluate the impact of a “Check my ID” prompt placed on the credit/debit card.
Abstract: Two studies examined factors influencing cashiers' identification (ID)-checking behavior in order to inform the development of interventions to prevent credit-card fraud. In both studies, research assistants made credit purchases in various stores and noted the cashiers' ID-checking behavior. In the first study, the store type, whether the cashier swiped the credit/debit card, the amount of the purchase, and whether the credit/debit card was signed significantly influenced ID-checking behavior. In the second study, an A-B-A design was used to evaluate the impact of a "Check my ID" prompt placed on the credit/debit card. The prompt increased cashiers' ID-checking behavior from 5.9% at Baseline to 10.3% during the Intervention. When the prompt was removed, the cashiers' ID-checking behavior decreased to 7.2%. Implications for further intervention research to prevent credit-card fraud are discussed.
3 citations
••
08 Mar 2021TL;DR: In this paper, the authors take a closer look at Pure Recall-based GUAs with emphasis on a user authentication design factor contextual parameter, and propose Graphical User Authentication (GUA) schemes to perform better in memorability and potentially by implication security.
Abstract: In an era of mobile, embedded and ubiquitous computing, activities of hackers and cybercriminals has metamorphosed into a global pandemic. Resulting effects cuts across most sectors of human endeavor given the high penetration level of technology. Successful unauthorized access leading to information and identity theft, system infiltration, intellectual property theft, financial crimes, extortion, carding and much more are on the increase, consequently making user authentication an important process, ensuring systems and services are accessed by their intended users. Text passwords are the most widely deployed user authentication scheme today. However, are hardly human-friendly for the vast majority, leaving humans with a memorability problem and consequently a security problem. Graphical User Authentication (GUA) schemes, on the other hand, are proven by state-of-the-art research with compelling evidence to perform better in memorability and potentially by implication security. However currently available GUA schemes provide theoretical entropy levels far from that offered by text password scheme. Thus the research community constantly is seeking to improve GUAs to position them as possible alternatives to Text passwords. This study is a first of two planned studies. It seeks to take a closer look at Pure Recall-based GUAs with emphasis on a user authentication design factor contextual parameter. The study aims at a better understanding of Pure Recall-based GUAs developed between the first 20 years (1996 to 2016), then others in a later study in an attempt to better position Pure Recall-based GUAs as alternatives to text passwords.
3 citations
••
01 Dec 2007TL;DR: Assessment of how well banks are prepared against phishing by analyzing security information available on their official Web sites shows that among the four types of phishing attacks, banks in both places are well prepared to handling bogus Web sites but are inadequately prepared to handle phishing emails.
Abstract: Phishing poses a huge threat to the e-commerce industry. Not only does it shatter the confidence of customers towards e-commerce, but also causes electronic service providers tremendous economic loss. In order to safeguard the interests of customers, both academia and industrial practitioners have proposed various anti-phishing measures and online security policies. In this paper, we investigate the banking industry, which is one of the frequent targets of phishing, of two prominent international financial hubs - Hong Kong and Singapore. Our goal is to assess how well banks are prepared against phishing by analyzing security information available on their official Web sites. The result shows that among the four types of phishing attacks, banks in both places are well prepared to handle bogus Web sites but are inadequately prepared to handle phishing emails. In terms of method of presentation of security information, banks in both regions generally preferred FAQs and demonstrations. Despite some similarities, it is found that some regional factors like government advocacy played a significant role in adoption of the security measures. Through this research, we hope to give insights to both industry practitioners and academic researchers about preparedness of banks against phishing.
3 citations
01 Jan 2013
TL;DR: Gaining unauthorized access to computer network tends to compromise the system which could potentially cause undetected fatal destruction and disastrous consequences for individuals and the nation.
Abstract: Identity theft is a burgeoning issue. Gaining unauthorized access to computer network tends to compromise the system which could potentially cause undetected fatal destruction and disastrous consequences for individuals and the nation. It is to the extent
3 citations