Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Better Beware: Comparing Metacognition for Phishing and Legitimate Emails

Abstract: Every electronic message poses some threat of being a phishing attack. If recipients underestimate that threat, they expose themselves, and those connected to them, to identity theft, ransom, malware, or worse. If recipients overestimate that threat, then they incur needless costs, perhaps reducing their willingness and ability to respond over time. In two experiments, we examined the appropriateness of individuals’ confidence in their judgments of whether email messages were legitimate or phishing, using calibration and resolution as metacognition metrics. Both experiments found that participants had reasonable calibration but poor resolution, reflecting a weak correlation between their confidence and knowledge. These patterns differed for legitimate and phishing emails, with participants being better calibrated for legitimate emails, except when expressing complete confidence in their judgments, but consistently overconfident for phishing emails. The second experiment compared performance on the laboratory task with individuals’ actual vulnerability, and found that participants with better resolution were less likely to have malicious files on their home computers. That comparison raised general questions about the design of anti-phishing training and of providing feedback essential to self-regulated learning.

An Economic Analysis of Notification Requirements for Data Security Breaches

Abstract: In this paper, we examine the costs and benefits of laws requiring businesses to notify consumers if their private data is compromised, such as the law in California and other state and federal laws recently passed or proposed. Identity theft and related frauds do not seem to be increasing in recent years, and may be decreasing. A 2004 Survey finds virtually identical results to a survey in 2003, and industry reports find no increase. This may be because credit card companies have increasingly sophisticated detection methods to prevent fraud. In addition, there are strong industry incentives to maintain security. Firms bear almost all of the cost of fraud, and firms suffering such fraud exhibit large stock losses in event studies. The cost to individuals of all sorts of identity theft, weighted by frequency and adjusting for time costs, are about $1000 for actual victims. Most identity theft (at least 70%) is based on data obtained offline, not online. The probability of a victim whose data is compromised actually being victimized is about 2%, so the maximum savings from notice is only $20. For various reasons (including time to receive notice and likely action if notice is received) the actual benefits are more likely to be about $10. The costs of notice include actions such as fraud alerts which consumers may take which are likely to be more costly than the benefits. New credit cards cost between $10 and $20. Even though online commerce is safer than offline commerce, consumers receiving notice may decide to do business offline, thus increasing their risk. Firms may also react strongly to minimize reputation losses; this may have perverse effects, as when it becomes more expensive for new businesses to obtain data about potential customers. Thus, any laws mandating notice should be limited. Finally, state laws that have already passed differ in significant ways, but since this is at least a national market, notice will probably be the same in all states. This means that the most restrictive set of state laws will overall govern in all states. This is an argument for federal preemption in this issue.

Student and Non-Student Perceptions and Awareness of Identity Theft

Abstract: Several recent reports have recognized identity theft as a major concern to law-enforcement agencies and the judicial system in Canada. While there is considerable descriptive information on identity theft and identity fraud in Canada, there is a dearth of information about peoples’ knowledge and awareness of identity theft and their potential risk to becoming a victim. This study measured the self-reported perception and awareness about the nature, extent, risk, and effects of identity theft and a variety of fraudulent behaviours among 360 college/university students and 106 non-students using a 5-point Likert scale survey. The findings indicate that students are perhaps slightly more at risk but are also somewhat better informed than adult non-students about identity theft. Based on the findings, some general policy implications and educational strategies are offered to better combat identity theft in Canada. A number of suggestions for future research are also proposed.

The problem of stolen identity and the Internet

Abstract: Identity is a complex and multi-faceted concept that is best understood by a division into three categories: personal, social and legal. Personal identity relates to the self as experienced by the individual which can be explained as ‘what most of us think of when we think of the deepest and most enduring features of our unique selves that constitute who webelieve ourselves to be’ (Williams, 2001: 7). It is not a static self-perception but one which evolves as a result of an individual’s interaction with others and their participation in the social world. Irrespective of this evolution, personal identity is characterised by a sense of continuity, an ability to remember that we were once different to how we are now and a realisation that we will change as our life progresses held with the sure knowledge that, despite this constant metamorphosis, we remain the same person (Locke, 1690: xxvii). This internalised sense of self is inherently irremovable from the individual so it cannot be the subject of identity theft.

Perspective analysis of telecommunication fraud detection using data stream analytics and neural network classification based data mining

Abstract: With the growing advancements in technology, the lives of the people have become easier and convenient, but at the same time it also mushrooms sophisticated practices through which the fraudsters can infiltrate an organization. Telecommunication industry, being one of the major sectors in the world, is also infiltrated by frauds. Telecommunication fraud is a combination of variety of illegal activities like unauthorized and illegitimate access, subscription identity theft and international revenue share fraud etc. Frauds have proven to be detrimental to the prosperity of a company and impacts customer relations and shareholders. This paper presents the implementation details for detecting telecommunication fraud using Data Stream Analytics and Neural Network classification based Data Mining. For detection using Data Stream Analytics, Event Hub and Stream Analytics components of Microsoft Azure have been used whereas for detection using Data Mining Neural Network Pattern Recognition tool as well as a self-coded algorithm in Matlab has been used. Based on the results, the accuracy of both the techniques have been compared and the situations for selection of a suitable technique based on the user requirements and the flow of data has been narrowed down. The findings can elucidate upon other cloud analytics systems and provide a basis for big data analytics and mining.