Lentis/Identity Theft

Identity Theft is the attainment of a person's private identifying information, and is often used for personal gain through identity fraud. Identity theft has become a serious problem in recent years in the U.S. and other countries. According to a study done by Javelin Strategy & Research in 2013[1], on average, there was a new identity theft victim every two seconds. In addition, it is estimated that nearly two out of three ID theft victims never discover the source of the crime[2]. It is unknown where ID theft originated because, in its simplest form, it is only defined as impersonating someone else, with no mention of intent. Jacob's story, in chapter 25 of the Book of Genesis, highlights one of the earliest known versions of identity theft[3].

This chapter identifies different forms of ID theft, examines all active participants and analyzes their views at the social interface of technology.

Types of Identity Theft

edit

Financial Theft

edit
 
Example Social Security Card

Financial theft is defined as the stealing of economic resources or information. Information may include name, bank account number, credit card number, Social Security number, or other financial data. According to the Lieberman Research Group’s UNISYS Security Index study, “Most Americans are concerned with credit and debit card fraud and is the #1 area of worry," with about two-thirds (68%) of Americans being 'Extremely' or 'Very' concerned[4]. It is the most pervasive type of identity theft today and accounts for 28% of all identity fraud.

How Financial ID Theft Occurs[4]

  • Theft: stolen wallets or purses make up 43% of identity theft.
  • Trash: Known as “Dumpster Diving,” thieves rummage through personal and public trashcans looking for sensitive documentation.
  • Bribery: Thieves entice insiders in an organization to release private information.
  • Cons: Through phone calls, letters, or emails, many thieves use elaborate schemes designed to trick the victim into revealing personal or account information.
  • Skimming: Credit card information is swiped through a storage device during transactions.

Criminal Theft

edit

Criminal theft occurs when one assumes the identity of another using the victim's name, date of birth, SSN and/or law enforcement data. Criminal theft may not always be used for financial gain. The most famous case of criminal theft is that of Frank Abagnale, a con-man who impersonated dozens of people in a variety of professions, and stole an estimated 2.5 million dollars.

Medical Theft

edit

Medical theft occurs when one uses a another's medical information(i.e. an insurance policy) to obtain drugs or medical treatment, and often results in false medical records and incorrect diagnoses. In 2013, the health care industry made up 44% of all identity theft reported throughout the U.S.[5] In April 2014, the FBI informed health care providers of their public security flaws with a private industry notification entitled “Health Care Systems and Medical Devices at Risk for Increased Cyber Intrusions for Financial Gain."

Synthetic Theft

edit

Synthetic theft occurs when the criminal alters some aspect of the victims identifiable information(DOB, SSN, etc.). For example, one may take a real Social Security number and combine it with a fake name, address, and/or phone number[6]. Synthetic theft criminals may remain undetected for long periods of time if not noticed by institutions or the victim.[7]

Technology's Role

edit

Due to sociological and technological developments, forms and uses of identity theft are dynamic, making it difficult for government agencies to curb ID theft. The pattern of identity theft and fraud is often caused by a combination of factors, which includes but is not limited to[8]:

  • a lack of consumer knowledge about how to protect identity theft online
  • a developing trust/comfort in social platform providers
  • a need for these platforms to make money
  • a lack of policing

Phishing

edit

One common way that thieves acquire personal information is through Phishing, which utilizes bulk e-mail messages to entice recipients into revealing personal information. In 2005, a Gartner Phishing Study showed that 73 million Americans who used the Internet had received, on average, 50 phishing e-mails in the last year[9]. The message often urges the recipient to "verify" personal information by clicking on a link embedded in the message, which brings the user to a website that appears to be secure(often with logos from government institutions i.e. the FTIC), and prompts the user to confirm account numbers or passwords[10].

Pharming

edit

Pharming is a more technologically advanced form of phishing where a virus or malicious program is secretly installed on a computer. Computer users unintentionally download the malicious program without clicking on a link or opening an attachment. Opening a pharmer’s e-mail message is all that is required to install the stealth application redirecting the browser to a counterfeit web site. [9]

Snapcash

edit

Snapchat has recently released an additional feature to their app called "Snapcash",[11] which allows users to quickly send money to friends by placing a '$' in front of the amount of money they desire to send. The user must link the app to their debit card, and the money sent is taken directly from their bank account. Controversy surrounds this new feature because of recent security breaches where hackers captured photos and phone numbers from an estimated 4.6 million users[12].

Mobile Banking Applications

edit

Mobile banking is quickly becoming the new norm for making banking transactions. According to Javelin Strategy, mobile banking has increased an estimated 40 percent in 2013, with 74,000 new users a day. However, the same study shows that the lack of security is the number one fear among potential customers[1]. In reality, this technology may be a blessing in disguise- banks place a huge investment in security technology, and many banks, such as Bank of America, offer zero liability and cover 100 percent of mobile fraud losses if no protection rules were broken[13]. That being said, it may be safer for customers not to know that mobile banking is safer because that could cause them to be more careless with their data/account information when using it.

Participants

edit

Criminals

edit

The role of criminals is simple - cheat the system and gain access to personal information for personal gain.

Identity Theft Prevention Agencies

edit

Companies such as LifeLock and LegalShield exist to monitor and restore identities in the case of ID theft[14]. The Lifelock website states their mission: "to search for potential misue of your SSN, name, address or date of birth in applications for credit or services."[15] These agencies may not support identity theft, however, it is clear that they stand to profit from it- as ID theft grows, these companies naturally gain clients. After several Target stores suffered a security breach earlier in 2014, Todd Davis, the CEO of LifeLock, stated, "I don't get excited when a breach occurs, despite the fact LifeLock will experience a tailwind after a breach happens."[16]

 

Federal Institutions

edit

Federal institutions such as the U.S. Dept. of Justice, Securities and Exchange Commission and the Federal Trade Commission all have the ability to pass federal programs on a nationwide scale which could seriously combat identity theft. The problem is, that these criminals can be very hard to identify. Since ID theft can occur in many different ways across a variety of different industries, it is easy for a small time criminal to fly under the radar. Instead of finding small criminals, larger institutions have taken to fighting the larger cases where significant amounts of money or information are stolen.[17]

Social Media Institutions

edit

Internet services such as Amazon and Facebook generate revenue through targeted advertising using people's personal information and online trends[18]. For example, if a person is online shopping for a guitar, Facebook can place guitar ads on his or her Facebook page after they log in. One area of concern lies in the information given on people's Facebook pages, which of often contains possible answers to security questions prompted for logging into another accounts(i.e. pets names, hometown, etc.)[8]. Facebook also has no method of verifying the identity of a user, which can allow criminals to become "friends" with others and access information on their pages.

Control/Prevention

edit

Personal Protection

edit

For most types of identity fraud, the best defense for preventing financial ID theft is awareness. Common sense and deliberate actions can go a long way when it comes to protecting one's identity, but additional actions can always be taken to minimize risk. A few common ways to do this are:

  • Keeping a record of account numbers and contact information for each piece of identity in the event they’re stolen. This record should be stored separately and in a safe place.
  • Retrieving mail promptly. A full mailbox provides thieves access to account numbers and other personal data.
  • Being wary of any promotional offers asking for personal information.
  • Regularly reviewing credit reports and requesting them for free annually.
  • Avoiding simple or common passwords such as date of birth, phone number, or children’s names or birthdays[4].

Laws Regarding Identity Theft

edit

Identity theft became an official federal crime in the United States in 1998 when Congress passed the Identity Theft Assumption Deterrence Act. This act helped deal with the rapid increase in identity theft and the expansion of the use of the Internet and technology as a method to defraud innocent victims[17]. Identity theft legally became a crime and provided penalties for individuals who either committed or attempted to commit identity theft.

Since then there have been several important laws established by federal institutions in order to combat ID theft nationwide. The Right to Financial Privacy Act (RFPA) and the Electronic Communications Privacy Act (ECPA) are two of the most common policies which are often cited in connection with data protection and identity theft issues. However, these statutes are getting outdated and are not particularly helpful to identity theft victims. [17] It is clear the federal government acknowledges the growing presence of identity theft, yet it is unclear if the actions taken will be enough to quell this crime's rising popularity.

Conclusion

edit

Identity theft is a matter of risk vs. reward.

One should balance the risk of having his or her personal identity stolen with the reward of being able to instantaneously access his or her personal information. One should not necessarily fear new technologies, but be wary of them. If a product requires personal information and has prompts only one security question for a forgotten password, it may not be trustworthy.

References

edit
  1. a b Javelin Strategy and Research (2014), A New Identity Fraud Victim Every Two Seconds in 2013 According to Latest Javelin Strategy & Research Study. javelinstrategy.com
  2. ITAC (2012). ITAC Research and Statistics. identitytheftassistance.org/
  3. Book of Genesis, Chapter 25 from lds.org/scriptures
  4. a b c AllClear ID (2004). Financial Identity Theft. https://www.allclearid.com
  5. McNeal, M (2014). Hacking Health Care. Marketing Health Services, Vol. 34 Issue 3, p16-21. 6p. 3 Color Photographs. VIRGO
  6. Britnell, L. (2008) The Changing Face of Identity Theft. From Identity Theft America. http://www.ftc.gov/
  7. Experian (2014).Get the facts to protect yourself.http://www.protectmyid.com/
  8. a b Lewis, K. (2014) How Social Media Networks Facilitate Identity Theft and Fraud. from http://www.eonetwork.org/octane-magazine/special-features/social-media-networks-facilitate-identity-theft-fraud
  9. a b Brody. Richard. Mulig. Elizabeth Kimball. Valerie (2007). Phishing, Pharming and Identity Theft. Academy of Accounting and Financial Studies Journal. Sept, 2007, Vol. 11 Issue 3, p43, 14 p. VIRGO
  10. FDIC (2014) Phishing Scams. https://www.fdic.gov/consumers/consumer/alerts/phishing.html
  11. SnapChat (2014) Introducing Snapcash. from http://blog.snapchat.com/post/102895720555/introducing-snapcash
  12. Touch Reviews (2014) Snapchat Secuirty Breach Affects 4.6 Million Users http://touchreviews.net/snapchat-security-breach-affects-46-million-users/
  13. Howard, N. (2014) Is mobile banking safe? from http://www.bankrate.com/finance/personal-finance/is-mobile-banking-safe-1.aspx
  14. LegalShield (2014) Identity protection for you and your family. from http://www.legalshield.com/legalshield-plans/identity-theft/
  15. LifeLock (2014) How it works. from http://www.lifelock.com/how-it-works/scanning/
  16. Lowery, I. (2014) LifeLock CEO shares more than SSN in first 'Reporter's Notebook' event. from http://www.bizjournals.com/phoenix/news/2014/02/20/lifelock-ceo-shares-more-than-ssn-in.html?page=all
  17. a b c Mathews, C. (2013). INTERNATIONAL IDENTITY THEFT: HOW THE INTERNET REVOLUTIONIZED IDENTITY THEFT AND THE APPROACHES THE WORLD'S NATIONS ARE TAKING TO COMBAT IT. Florida Journal of International Law. Aug2013, Vol. 25 Issue 2, p311-329. 19p. VIRGO
  18. Facebook. (2014) Making Ads Better and Giving People More Control Over the Ads They See. From http://newsroom.fb.com/news/2014/06/making-ads-better-and-giving-people-more-control-over-the-ads-they-see/