Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

The fair information principles: a comparison of U.S. and Canadian Privacy Policy as applied to the private sector

Abstract: U.S. consumers are worried about their privacy and their personal information. High profile cases of identity theft involving companies losing the private information of hundreds of thousands of customers have only served to elevate the mistrust consumers have for companies that collect and share their personal information. The Federal Trade Commission (FTC) is charged with protecting U.S. consumers from fraud, deception, and unfair business practices in the marketplace; a task made difficult by an overarching need to balance the rights of the individuals against the security needs of the country and the free flow of information required by a free market economy. The FTC has asked U.S. companies to follow the Fair Information Practices developed by the U.S. government in 1973, but does not require adherence to those standards. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) was passed in 2000 to address the similar privacy concerns of their consumers. PIPEDA is based on the Fair Information Principles and requires that companies implement those principles. The Privacy Policy Rating System (PPRS) has been developed for this thesis as a method of rating company privacy policies for how they compare to the Fair Information Principles. Using both the PPRS content analysis technique and a standard stakeholder analysis technique, company privacy policies in both countries are examined to address the question of which government's privacy policy is doing a better job of achieving the Fair Information Principles. The lessons learned in this comparison are used to formulate policy recommendations to improve U.S. privacy policy for better adherence among U.S. companies to the Fair Information Principles.

User-Centred and Context-Aware Identity Management in Mobile Ad-Hoc Networks

Abstract: The emergent notion of ubiquitous computing makes it possible for mobile devices to communicate and provide services via networks connected in an ad-hoc manner. These have resulted in the proliferation of wireless technologies such as Mobile Ad-hoc Networks (MANets), which offer attractive solutions for services that need flexible setup as well as dynamic and low cost wireless connectivity. However, the growing trend outlined above also raises serious concerns over Identity Management (IM) due to a dramatic increase in identity theft. The problem is even greater in service-oriented architectures, where partial identities are sprinkled across many services and users have no control over such identities. This book provides a review of some issues of contextual computing, its implications and usage within pervasive environments. The book will also introduce the concept of Security of Systems-of-Systems (SoS) Composition and its security implications within the domain of ubiquitous computing and Crisis Management in large scale disaster recovery situations and scenarios. To tackle the above problems, the book will emphasise the fact that it is essential to allow users to have full control over their own identities in MANet environments. So far, the development of such identity control remains a significant challenge for the research community. The main focus of this book is on the area of identity management in MANets and emergency situations by using context-awareness and user-centricity together with its security issues and implications. Context-awareness allows us to make use of partial identities as a way of user identity protection and node identification. User-centricity is aimed at putting users in control of their partial identities, policies and rules for privacy protection. These principles help us to propose an innovative, easy-to-use identity management framework for MANets. The framework makes the flow of partial identities explicit; gives users control over such identities based on their respective situations and contexts, and creates a balance between convenience and privacy. The book presents our proposed framework, its development and lab results/evaluations, and outlines possible future work to improve the framework. This book will be of great interest and benefit to undergraduate students undertaking computer science modules on security and ubiquitous computing and postgraduate students studying the security of large scale systems of systems composition, as well as those doing their projects in those areas. The book will also accommodate the needs of early researchers and DPhil/PhD or MPhil students exploring the concept of security in ubiquitous environments, while additionally being of great interest to lecturers teaching related modules and industrial researchers.

Towards a Market for Bank Safety

Abstract: Imagine shopping for a car in 1960. Safety is important to you. How do you assess a car's performance in surviving a crash? What tools were available then to take an informed decision? The modern consumer of financial services is in a similar position as the car shopper of the 1960s. How does the modern consumer choose a bank that is relatively safe from identity thieves and other malicious individuals? Perhaps she chooses the larger institution, because it has more resources to address fraud. Or perhaps a smaller institution offers more protection, because it is more obscure. There is no way to know for sure, and thus, consumers cannot make an informed decision. This article attempts to actuate a market for bank safety by comparing identity theft victim data with government statistics used to measure the relative size of financial institutions. It envisions a future when this market incentivizes financial services firms to explicitly compete to reduce the likelihood that customers will become victims of identity theft or other frauds. In a world of competition in bank safety, consumers who put a premium on avoiding fraud could reward the most proficient firms with their loyalty. This article concludes that the available data, while weakened by several methodological concerns, do show that certain banks, large and small, have different identity theft footprints. Other discoveries were made as well. First, if present trends continue, there will be a substantial upswing in identity theft complaints to the Federal Trade Commission in 2008. Second, over a three-year period, a small group of companies accounted for almost 50 percent of identity theft incidents. Focusing interventions on this small group of companies could have a profound effect on incidence of identity theft. Finally, non-banking institutions, such as telecommunications companies, have an enormous identity theft footprint; in our highly dependent credit markets, impostors may be using these companies as stepping stones for attacks against banks.

Warning of Affected Users About an Identity Leak

Abstract: Identity theft is a typical consequence of successful cyber-attacks, which usually comprise the stealing of employee and customer data. Criminals heist identity data in order to either (mis)use the data themselves or sell collections of such data to fraudsters. The warning of the victims of identity theft is crucial to avoid or limit damage caused by identity misuse. A number of services that allow identity owners to check the status of used identities already exist. However in order to provide proactive timely warnings to victims the leaked identity data has to be on hand. In this paper we present a system for a proactive warning of victims of identity leaks.

Survey on Fake Accounts Detection Algorithms on Online Social Networks

Abstract: AbstractOnline Social Networks (OSNs) are the most popular web services nowadays. They provide users with different kinds of services. Anyone can create his account on a certain OSN such as Facebook, using an email and password for registration. In addition, a single user can own one or more accounts. However, this feature has a lot of disadvantages and security drawbacks, such as creating fake accounts. A fake account is a profile that exists physically on OSN. Nonetheless, it is missing identity information such as names, last name, profile photo, and other profile attributes. Owners of fake accounts exploit them (accounts) for malicious internet activities like phishing, hacking, and more. Recently, this problem attracted considerably the research community. In this context, a lot of approaches have been emerged to solve fake account detection on OSNs. However, despite its importance, this field of research is still missing a systematic review. In this paper, we introduce a survey on sixteen kinds of research studies that have proposed solutions for solving the detection of fake accounts problem. We analyzed the following themes: Social networking platforms, evaluation metrics, machine learning algorithms, and models, data scale, features, and result accuracy were studied and analyzed in this survey.KeywordsFake accountAlgorithmsSocial media analysisSurveyMachine learning