Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Online Routines and Identity Theft Victimization: Further Expanding Routine Activity Theory beyond Direct-Contact Offenses

Abstract: Objectives: The purpose of the current study was to extend recent work aimed at applying routine activity theory to crimes in which the victim and offender never come into physical proximity. To that end, relationships between individuals' online routines and identity theft victimization were examined. Method: Data from a subsample of 5,985 respondents from the 2008 to 2009 British Crime Survey were analyzed. Utilizing binary logistic regression, the relationships between individuals' online routine activities (e.g., banking, shopping, downloading), individual characteristics (e.g., gender, age, employment), and perceived risk of victimization on identity theft victimization were assessed. Results: The results suggest that individuals who use the Internet for banking and/or e-mailing/instant messaging are about 50 percent more likely to be victims of identity theft than others. Similarly, online shopping and downloading behaviors increased victimization risk by about 30 percent. Males, older persons, and ...

Phoolproof phishing prevention

Abstract: Phishing, or web spoofing, is a growing problem: the Anti-Phishing Working Group (APWG) received almost 14,000 unique phishing reports in August 2005, a 56% jump over the number of reports in December 2004 [3]. For financial institutions, phishing is a particularly insidious problem, since trust forms the foundation for customer relationships, and phishing attacks undermine confidence in an institution. Phishing attacks succeed by exploiting a user's inability to distinguish legitimate sites from spoofed sites. Most prior research focuses on assisting the user in making this distinction; however, users must make the right security decision every time. Unfortunately, humans are ill-suited for performing the security checks necessary for secure site identification, and a single mistake may result in a total compromise of the user's online account. Fundamentally, users should be authenticated using information that they cannot readily reveal to malicious parties. Placing less reliance on the user during the authentication process will enhance security and eliminate many forms of fraud. We propose using a trusted device to perform mutual authentication that eliminates reliance on perfect user behavior, thwarts Man-in-the-Middle attacks after setup, and protects a user's account even in the presence of keyloggers and most forms of spyware.We demonstrate the practicality of our system with a prototype implementation.

System and method for early detection and prevention of identity theft

Abstract: A system and method for early detection of identity theft are provided. With the system and method an authorized user establishes an identity with an organization's computing system and registers both a mobile device and a notification device with the organization's computing system. When a use of the identity is attempted, a record associated with the identity is retrieved and a request is sent to the registered mobile device for location information. The current location of the mobile device is then compared to the location of the source of the request for authorization. If the current location of the mobile device is not within an area of the source of the authentication request, then information about the attempted use is compared with the registered notification criteria to determine if a notification should be sent to the notification device requesting authorization of the attempted use. If the conditions of the attempted use fall within one or more of the notification criteria, a notification message may be composed and sent to the notification device. The notification message allows an authorized user of the notification device to authorize use of the identity at the source location.

System, method and computer program product for assessing risk of identity theft

Abstract: In one embodiment, this invention analyzes demographic data that is associated with a specific street address when presented as an address change on an existing account or an address included on a new account application when that address is different from the reference address (e.g., a credit bureau type header data). The old or reference address and the new address, the new account application address or fulfillment address demographic attributes are gathered, analyzed, compared for divergence and scaled to reflect the relative fraud risk.