Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Stopping Tax Identity Theft: Practical Advice for CPAs and Clients: Learn Preventive Actions and Ways to Correct Problems after a Thief Has Struck

Abstract: [ILLUSTRATION OMITTED] Tax return and other tax-related identity theft is a growing problem that CPAs can help their clients with--both in taking preventive actions and in correcting problems after an identity thief has struck. Tax return identity theft occurs when someone uses a taxpayer's personal information, such as name and Social Security number (SSN), without permission to commit fraud on tax returns to claim refunds or other credits to which a taxpayer is not entitled, or for other crimes. Thieves normally file early in the tax-filing season, often before the IRS has received Forms W-2 or 1099, to thwart information matching and avoid receiving duplicate return notices from the IRS. Taxpayers sometimes discover they are victims of identity theft when they receive a notice from the IRS stating that "more than one tax return was filed with their information or that IRS records show wages from an employer the taxpayer has not worked for in the past" (FS-2012-7 (January 2012)). In 2011, the IRS processed about 145 million returns. About 109 million were claims for refunds, with an average refund amount of almost $3,000. As of May 16, 2012, the IRS had pulled 2.6 million returns for possible identity theft, and that trend is on the increase. The IRS recently reported an inventory of more than 450,000 identity theft cases. For the 2011 filing season, the Treasury Inspector General for Tax Administration (TIGTA) estimated that identity-theft-related fraud accounted for approximately 1.5 million tax returns in excess of $5.2 billion. CONSEQUENCES OF IDENTITY THEFT Tax return identity theft delays legitimate taxpayer refunds because the return appears to be a duplicate return and may be a sign of other fraud or identity theft problems. IRS support to solve traditional and nonfraud problems may be delayed as well when IRS resources are diverted to combat identity theft. Other tax-related identity theft can cause problems for the taxpayer as well. If an individual fraudulently used a taxpayer's SSN to get a job, the taxpayer may have extra W-2 wages erroneously reported (and perhaps also extra taxes withheld), leading to a correspondence matching audit. The National Taxpayer Advocate notes that time and money are spent to clear the individuals' names, during which "victims may lose job opportunities, may be refused loam, education, housing or cars, or even get arrested for crimes they didn't commit" (IRS Publication 4535, Identity Theft Prevention and Victim Assistance). Further, until recently, the IRS would hold suspicious refunds while verifying the underlying W-2 information, for up to 11 weeks. With the increase in the number of cases and budget limitations, refunds may take longer. So, the IRS says, "[I]dentity theft can impose a significant burden on its victims, whose legitimate refund claims are blocked and who often must spend months or longer trying to convince the IRS that they are, in fact, victims and then working with the IRS to untangle their account problems" (IR-2012-66). A typical identity theft starts when thieves have (illegally) bought or stolen information from individuals, employers, hospitals, or nursing homes or have used the public list of deaths with SSNs issued by the Social Security Administration. With a number or list of numbers, they file false tax returns for refunds. For example, investigators found a single address that was used to file 2,137 tax returns for $3.3 million in refunds (see TIGTA Rep't No. 2012-42-80). Most thieves prefer to receive the refund using direct deposit or prepaid debit cards. In another example, 590 tax refunds totaling more than $900,000 were deposited into a single bank account. Although banks have strict rules to verify the identity of account holders, they don't have the ability to monitor whether the direct deposit is for a legitimate refund. Exhibit 1 Sample of Phishing Email Title/Subject of email: Your Tax Refund Payment Update [attachment to email is "Refund Form. …

Efficiency of legal and regulatory framework in combating cybercrime in Malaysia

Abstract: This article examines the increase of cybercrime in Malaysia and how this issue should be resolved. Cybercrime, which is also known as computer crime, involves the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography, intellectual property violations, cyberbullying, identity theft, and privacy violations. There are several legislations covering cybercrime, but statistics show that cybercrime has been increasing in Malaysia. Thus, the objective of this article is to investigate and examine the efficiency of the existing legal and regulatory framework in combating cybercrime and to recommend whether to enact a new legislation to address all types of cybercrime including cyberbullying, which is a serious crime committed by students. Qualitative analyses were used and selected interviews were conducted with relevant agencies.

Identification processes in the higher education sector : risks and countermeasures

Abstract: One of the most intractable crime problems that has arisen in the twenty-first century concerns the criminal misuse of identity - popularly known as identity fraud or identity theft. Computer technologies have enabled documents used to verify an individual's identity to be altered or counterfeited with ease, leading to a problem which, in 2001-02, was estimated to cost $1.1 billion in Australia alone (Cuganesan & Lacey 2003). The higher education sector is not immune from risks of identity-related fraud and other kinds of dishonest practices, and, as this paper demonstrates, risks are present throughout the sector - from enrolment of students, through the examination process, upon qualification, and during subsequent employment. Reducing the risks associated with identification of students and staff alike entails the employment of a wide range of strategies that need to be implemented uniformly across the entire sector. This paper analyses the nature of the problem and how government, business and individuals can share in the task of preventing identity thieves from enrolling and graduating dishonestly. Toni Makkai Director In undergoing higher education, as well as in conducting many business transactions, people are required to establish who they are by providing evidence of unique identifying characteristics. It is usual to produce or disclose something that you have (tokens), something that you know (knowledge), something related to who you are (biometrics), or something indicating where you live (location). Of course there are others, such as the use of a person's name, and a variety of behavioural and psychological characteristics that can be used to identify people. Depending upon the degree of certainty with which one needs to establish one's identity, one or more of these methods may be relied upon. Often only one method will be used, and this will generally involve the disclosure of a document. Each has its own vulnerabilities and risks which are able to be exploited by those who want to act illegally. In the past, identity was more easily verifiable as people conducted most of their transactions in person. With the advent of computers, however, documents can easily be fabricated and personal information obtained from electronic databases either by gaining access without authority, or by tricking unsuspecting users into disclosing their access codes and passwords. In higher education, examples of identity-related fraud and other dishonest practices exist in all aspects of the sector extending from enrolling as a student, undergoing examinations and submitting essays, commencing employment as a staff member, paying fees, receiving salaries, and using technology. There is a continuing need to identify both new students and staff with accuracy and the task for university administrators is considerable. In 2004, for example, 284,184 new students enrolled in Australian universities, 66,494 from overseas (Winchester & Lacey 2003: 194). In 2004, there were also 91,905 staff employed in Australian universities (Department of Education, Science and Training 2004). Evidence is needed of previous qualifications and/or eligibility to enrol for new students; previous employment and qualification details for new staff; as well as identification necessary for conducting business transactions including payment of fees and receiving payments such as salaries. In Australia, a wide range of documents may be used to establish identity. Included amongst them are student identity cards, 358,700 of which were issued by higher educational institutions in 2002-03 - many with rudimentary forms of security against alteration or counterfeiting. One recent study found that of the 16 state and territory Offices of Births, Deaths and Marriages, and driver licence issuing agencies, 15 of these organisations accepted student identity cards and/or statements of results as proof of a person's identity for purposes such as building access, computer access, library usage, public concessions, and examinations. …

Effective identities for trusted interactions in converged telecommunication systems

Abstract: Telecommunication systems have evolved significantly since their inception and the recent convergence of telephony infrastructure allows users to communicate through a variety of ways including landlines, mobile phones and Voice over IP (VoIP) phones. While cellular and public switched telephone (PSTN) networks use Caller ID to identify users, VoIP networks employ user ids, similar to email, to identify users. However, in all these networks this identity is locally asserted and is therefore easily manipulated. It is easiest to assert any identity within IP networks and this has resulted in VoIP spam (e.g., the recent Skype Computer Repair spam calls). As IP networks converge with other PSTN and cellular networks, it has also become easy to assert any Caller ID across these networks. The larger issue of Caller-ID spoofing has increasingly contributed to credit card fraud and identity theft. To address this, we introduce the notion of effective identity which is a combination of mechanisms to (1) establish identity of the caller that is harder to manipulate, and (2) provide additional information about the caller when necessary. In this dissertation, we first look at the specific issue of determining the legitimacy (additional information) of a user id within IP networks to address the VoIP spam problem. We propose CallRank, a novel mechanism built around call duration and social network linkages to differentiate between a legitimate user and a spammer. We realize that any system that determines the legitimacy of users based on their social network linkages leaks private information. To address this, we create a to- ken/credential framework that allows a user to prove the existence of a social network path between him/her and the user he/she is trying to initiate contact with, without actually revealing the path. We combine the privacy properties of two techniques in cryptography: Delegatable Anonymous Credentials (DAC) and E-Cash to create this framework. We then look at the broader issue of determining identity across the entire telecommunication landscape to address the issue of Caller ID spoofing. Towards this, we develop PinDr0p, a technique to determine the provenance of a call - the source and the path taken by a call. In particular, we show that the codec transformations applied by multiple intermediary networks, in combination with packet loss and noise characteristics, allow us to develop profiles for various call sources based solely on features extracted from the received audio. In the absence of any verifiable metadata, these profiles offer a means of developing specific fingerprints that help uniquely identify a call source. We show that the audio can also provide valuable additional information. We use anomalies in timbre created by different undersea telecommunication cables to develop London Calling, a mechanism to identify geography of a caller. Together, the contributions made in this dissertation create effective identities that can help address the new threats in a converged telecommunication infrastructure.