Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Methods and techniques to protect against shoulder surfing and phishing attacks

Abstract: Identity theft refers to the preparatory stage of acquiring and collecting someone else's personal information for criminal purposes. During the past few years, a very large number of people suffered adverse consequences of identity theft crimes. In this thesis, we investigate different methods and techniques that can be used to provide better protection against identity theft techniques that have some hi-tech relevance such as shoulder surfing of user's passwords and personal identification numbers (PINs), phishing and keylogging attacks. To address the shoulder surfing threat to traditional PIN entry schemes, two new PIN entry schemes are proposed. Both schemes achieve a good balance between security and usability. In addition, our analysis shows that these two schemes are resilient to shoulder surfing, given that the attacker has a limited capability in recording the login process. We also propose a click-based graphical password authentication scheme. This scheme aims at improving the resistance to shoulder surfing attacks while maintaining the merits of the click-based authentication solutions. It is also resilient to shoulder surfing attacks even if the attacker can record the entire login process for one time with a video device. Finally, in order to defend against online phishing attacks, we present a framework to strengthen password authentication using mobile devices and browser extensions. The proposed authentication framework produces a different password depending on the domain name of the login site. Besides defending against phishing attacks, this solution does not require any modifications at the server side

Economics of theft

Abstract: ‘Economics of Theft’ analyses theft as an economic and social activity. The article challenges conventional attitude to theft as repulsive activity which causes moral indignation. Theft is analysed through two criteria which economists usually use when judging any economic activity; efficiency and equity. In addition to these two criteria a third one is introduced, namely the optimal level of theft. In a vast majority of cases theft redistributes income from better off to worse off; therefore, theft passes the test of equity. Also, at lower levels a thief’s utility exceeds the damage which a victim of theft suffers. As levels of theft increase, marginal utility to a thief falls and marginal damage to a victim of theft increases. Optimal level of theft is achieved when marginal utility to a thief equals marginal damage to a victim of theft. Economists do not feel any moral indignation to theft since it passes the test of equity. What concerns economists is the fact that theft is unproductive activity which does not create any new value. Theft, therefore, does not pass the test of efficiency. The article analyses and compares theft with several economic activities which do not create any material, intellectual or spiritual value and which pass neither the efficiency nor the equity test. Those activities might cause moral indignation but are perfectly legal. Economists can justify theft until optimal level is reached, i.e. when the thief’s utility is equal to the damage suffered by a victim of theft. Laws, however, punish every theft even when it is socially just. Apparently, there is a friction between the economic theory and the legal system. Something must be wrong either with the economic theory or with the law. Or maybe both of them are wrong. A possible explanation might be found in Montesque’s statement that the legal system is a network through which big fish pass and small fish are caught.

System and method for determining a measure of identity authenticity

Abstract: Aspects of embodiments relate to providing a system and method for determining a measure of identity authenticity (IDA) of a first party responsive to assessing the veracity of information provided by the first party over an electronic communication network. With the ever increasing employment of electronic communication in which people communicating with each other do not meet face to face, use of false aliases and/or of false information has become a relatively convenient modus operandi for illicit purposes, such as by way of example, industrial espionage, unlawful enticement, and identity theft.

Georgia Bank Turns Privacy into a Marketing Plus

Abstract: Like many bank employees, "worker x" at West Georgia National Bank had authorized access to systems that enabled him to look up a great deal of account information regarding the customer before him. There was only one catch: He was looking up the information about a customer who wasn't in front of him. In fact, that customer hadn't even been in the bank at all that day. The particulars--why the employee was digging into customer records--couldn't be revealed by Leighton Alston, president and CEO of WGNB Corp. and CEO of West Georgia National Bank, during a recent interview. But the fact that the employee was accessing customer information that he had no need for to meet the customer's or the bank's requirements was picked up by software that the bank had installed, and, when the intrusion was detected, the employee not only became an ex-employee, but the subject of a criminal referral filed by the bank earlier this year. In 2002, one of the bank's drive-up tellers didn't like the look of the signature a "customer" was using to cash a check. The teller summoned police, but the fraudster, smelling trouble, began to take off. In the resulting chase the crook wound up smashing into police vehicles, but was apprehended. It turned out he had burgled the checks from a customer's home mailbox and had hoped to score some quick cash. The bank's systems helped the teller detect the attempted fraud. As these stories indicate, West Georgia National, a $384.5 million community bank based in Carrollton, takes customer privacy very seriously. This is not only out of customer interest, but self interest. It started with a "lost" customer To many banks of all sizes, the privacy issue, in all its forms, represents a necessary but frequently onerous compliance responsibility. But to West Georgia National, privacy and identity theft concerns represent an opportunity to visibly demonstrate its concern for its customers as well as potential customers. The bank had already been taking a number of steps when an elderly woman came into one of its offices with a problem. She was convinced she was the victim of an identity theft scam of some kind, but couldn't make her own bank's staff take the time to hear her out and help her fix things. She was lost, and wondered if someone at West Georgia National could point her in the right direction? Alston says the staff helped her through the case as much as they could, at various points going to internet sites relating to ID theft. That got the veteran banker's wheels turning, and spawned a collection of efforts that were combined with programs already underway. The bank eventually branded the whole group of efforts under the trademarked name of "MyID." The program incorporates elements of photo and signature identification technologies; privacy policies that go beyond federal requirements; physical security efforts for data; and several different efforts to help prevent or remedy situations of identity fraud. "Say cheese!" The bank's efforts started several years ago with software developed inhouse to enable tellers to verify customer signatures right at their stations. Stored signatures came up on their workscreens. Subsequently, the bank purchased Harland Financial Solutions' EZ Teller system, which includes the EZId module. The latter captures and retrieves identification documents. The bank includes signature cards in this, and, for the last two years, has been including photos taken of new account customers in the bank's seven branches with digital cameras. …