Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Reducing Identity Theft Using One-Time Passwords and SMS

Abstract: Two-factor authentication is a powerful tool for reducing identity theft because it interferes with criminals’ ability to impersonate authorized users of financial systems and other targets. This article explores the value of sending time-limited authentication codes to authorized users via Short Message Service SMS text messages to an authorized user’s registered mobile phone. This research includes details and summaries of two surveys and a series of interviews with security experts. In general, the consensus of the contributors to the analysis is that SMS is a cost-effective method for reducing impersonation when accessing online resources, especially in the financial industry.

The Consumer Protection Ecosystem: Law, Norms, and Technology

Abstract: In recent years, the tools consumers use to buy and borrow have changed radically. New technologies for advertising, contracting, and transacting have proliferated, and so have fierce policy debates on issues such as identity theft and online privacy; arbitration clauses and class action lawsuits; and Americans’ accumulation of debt and the unsavory practices sometimes used by collectors of it. Facing these realities, scholars, policymakers, and advocates have devoted increasing energy to this area of law. Despite its prominence, confusion persists regarding what consumer protection really is or does. Though much discussed, it remains undertheorized. In particular, analysis of consumer law and policy has not sufficiently taken account of the implications of social and technological change. This Article constructs a new model of the consumer protection ecosystem by contextualizing purely legal constraints amid the other realities of commercial relationships. Drawing on scholarship in the areas of technology, social change, and law, the model lays out three basic types of constraints on the activities of participants in consumer commercial transactions: legal, technical, and social. This model provides a basis for exploring how those constraints interact and shape behavior. The model has significant ramifications for scholars, policymakers, and advocates. It underscores why the area of consumer commerce defies one-size-fits-all solutions: good policies require not only consideration of consumers, merchants, and the commercial relationships they pursue, but of the dynamic social and technological contexts of those relationships. For instance, when technology opens unexpected new areas of feasible conduct, both law and social norms may lag behind in their ability to constrain its socially undesirable aspects. Focused, public deliberation and increased regulatory attention may be merited at least until social norms have developed to define the acceptable contours of such conduct. This Article provides a more refined and inclusive framework for future research and debate.

Data Breaches, Identity Theft, and Article III Standing: Will the Supreme Court Resolve the Split in the Circuits?

Abstract: In data breach cases, the plaintiff typically alleges that the defendant used inadequate computer security to protect the plaintiffs personal data. In most, but not all cases, the plaintiff cannot prove that a hacker or thief has actually used or sold the data to the plaintiffs detriment. In most cases, a plaintiff alleges that the defendant's failure to protect his personal data has caused him damages by increasing his risk of suffering actual identity theft in the future and therefore imposed costs on the plaintiff when he reasonably takes measures to prevent future unauthorized third-party data access by purchasing credit monitoring services. In data breach cases, the lower federal courts have split on the question of whether the plaintiffs meet Article III standing requirements for injury and causation. In its 2013 decision Clapper v. Amnesty International USA, the Supreme Court, in a case involving alleged electronic surveillance by the U.S. government's National Security Agency, declared that a plaintiff alleging that it will suffer future injuries from a defendant's allegedly improper conduct must show that such injuries are "certainly impending. " Since the Clapper decision, a majority of the lower federal courts addressing "lost data" or potential identity theft cases in which there is no proof of actual misuse or fraud have held that plaintiffs lack standing to sue the party who failed to protect their data. But a significant minority of lower court decisions have disagreed that the Clapper decision requires denial of standing in data breach cases in which there is no proof of present harm, because a footnote in Clapper acknowledged that the Court had sometimes used a less strict "substantial risk" test when plaintiffs alleged that a defendant's actions increase their risk of future harm. Demonstrating its concern for digital privacy, the Court in Riley v. California recently required police to obtain a Fourth Amendment warrant before examining the digital data on the cellphones of arrested suspects. It would be easy for courts to distinguish the government's seizure of digital data from arrestees in Riley from a third party's hacking of data from a retailer or employer. The Riley decision involves Fourth Amendment warrant issues that are not relevant to private data breach cases. Yet in both cell phone seizure cases and data breach cases, there is the common concern that vast amounts of personal data are often at stake. The new privacy concerns in a digital age should lead the Supreme Court to take a broader view of standing in data breach cases. It is also possible that the Court will follow the Seventh Circuit's Remijas decision to distinguish between cases where there is only a possible risk of theft from those where actual harm has occurred to some plaintiffs. INTRODUCTION Because Article III of the Constitution limits the authority of federal judges to deciding "Cases" and "Controversies," (1) the U.S. Supreme Court has interpreted Article III to impose mandatory standing requirements that require each plaintiff in federal court to demonstrate that he has suffered a concrete injury that is fairly traceable to the actions of the defendant and redressable by a favorable judgment of a federal court. (2) The injury and traceable causation prongs of the Article III standing test have raised problems for plaintiffs in "lost data," "data breach," or potential "identity theft" cases in which plaintiffs allege damages when computer hackers or thieves of physical property such as laptops or hard drives breach a defendant's computer system or network that contains the plaintiffs personal information such as birth dates or Social Security numbers. (3) Data breach cases can involve tens of millions of Americans, as in the Target retail breach, which led to sixty-eight class action lawsuits (4) in twenty-one states and the District of Columbia in less than one month, (5) and, therefore these cases raise important policy concerns. …

TRAKS: Terrorist Related Assessment using Knowledge Similarity

Abstract: Since the terrorist attack on September 11, 2001, homeland security has been a major topic of both research and application. The identification and possible prevention of various contributing factors to terrorist activities, such as money laundering, identity theft, terrorist planning, etc, are in high demand. The terrorist attacks on September 11 have reinforced this area of interest dramatically. These attacks alone caused an estimated “$120 billion of damage” [1] and claimed around 3000 lives [2]. Clearly, something must be done to prevent the types of events from happening in the future.

Who Stole Me? Identity Theft on Social Media in the UAE

Abstract: "Objective – This paper is a first attempt at investigating the self-reported number of instances of identity theft on social media among student population the U.A.E while providing an overview of its impact. Methodology/Technique – As a pilot, this study uses arithmetic analysis to record the first-such study of instances of identity theft among students and its impact on the respondents. Findings – The results of this study showed that students between the ages of 12 and 18 plus are highly active on social media. Although only 59% of the sample reported being victims of some form of SMIDT, in a small sample size of 128, 59% is considered quite high. Novelty – In late 2015, UAE users lost more than five billion dirhams due to cybercrimes such as identity theft (Sophia, 2015). However, little or no research has been conducted on the issue of identity theft on social media to begin to understand the depth of the problem."