Cyber Identity Theft:A Conceptual Model and Implications For Public

Policy

Angeline G. Close, UGA/NGCSU

George M. Zinkhan, UGA

R. Zachary Finney, NGCSU

A 1957 Sylvester & Tweety Cartoon

Image source: davemackey.com

Identity Theft

• Most common classification of consumer complaints to FTC (42%)

• Victimization costs beyond $

• Growing problem attributed to the emergence of the e-marketplace

• Top online fraud (FBI 2003)

• Re-appraisals of research & public policy are needed

Cyber Stalkers Laughing Behind the Screen…For Now

Image Source: greenberg-art.com

Objectives

1) Introduce 3 classification schemes, which synthesize conceptualizations of ID theft and the Internet: a) methods, b) time-frame, c) victims’ behavioral responses

2) Recognize key issues & regulations related to public policy and consumer welfare

Cyber ID Theft Defined

• Online or electronic acquisition of personal information with the purpose of utilizing such information for deceitful activity either on the Internet or offline

• Using electronic (i.e., web-based) means to carry out any form of identity theft

Cyber Identity Theft: An E-Merging Public Policy Issue

Process

Schemes Time-Frame

Victim Response

Cyber ID Theft Process

       

Table 1 Methods of Cyber- ID Theft

Cyber- Identity

Theft

Figure 2 (lower)ID TheftRecurs

Figure 2(Upper)ID Theft

Does NotRecur

Table 2VictimReacts

Table 3Public PolicyIssues

       

Cyber ID Theft Schemes: Broad Scope

Method Example Hacking Wiring another’s

funds Employee Theft

Pilfering office files

Dictionary Programs

Checking all words, A to Z

Spyware Weather-bug; Gator Skimming Credit cards Tapping Restaurant computers Pre-approved

Mailed credit card offers

Mass Rebellion

peer-to-peer sites (e.g., Kazaa.com, Napster.com)

Cyber ID Theft Schemes: Narrow Scope

Careless-ness Saved Passwords, logoff may not go through

Disposal Abuse

Leaving personal information behind on old computer

Autofill Abuse

Type in a few letters until cleared

Phishing “Deltaa.com” Phony ATM Pre-text Bank; Credit card company

Cyber ID Theft Schemes: Narrow Scope

Posing

Bank rep.; computer exams

Pranking e-dating

Fraudulent Job posting

“Manager Wanted”

Shoulder Surfing

Passwords; account numbers

Intercepting

IMs; e-mail

Cyber ID Theft Time Frame

Identity-Theft Time Frames

One - time

Multi - time

Recurring

One-time Prank E-mail

Unauthorized use of another’s e-mail Consistent use of SSN to obtain new, fraudulent document(s)

Consistent use of Photo to impersonate

Using stolen credit card #, until reported

One-time use of stolen photo (e.g., for e-dating)

Cyber- ID TheftVictim Response

Behavioral Responses to Identity Theft

Victim’s behavior may change (via): Online Example Offline Example

Lessened (correct) disclosure of personal information

e-mail addresses Home or work addresses

Change in selection/use of exchange partners

e-tailers Retailers

Change in frequency/ extent of transactions

e-commerce; e-dating Shopping; credit card use

Change in general shopping and purchasing behavior

Security checks Requesting to check identification for credit card purchases

An Atypical Response

Image Source: glasbergen.com

A More Extreme Response:Serious Password Strategy

Image Source: glasbergen.com

Public Policy & Consumer Welfare

I. Dissemination of cyber identity theft methods

II. Employee access to data and associated potential for misuse

III. Credit-reporting bureaus

IV. The inherent difficulty associated with proving you did not commit acts

Public Policy & Consumer Welfare

V. Regulation of data exchanges

VI. Uses of marketing databases

VII. Use of data by financial institutions

VIII. Liability issues

IX. Assisting cyber identity theft victims

Public Policy & Consumer Welfare

X. Expanding public education/ awareness

XI. Educating the populace so that overall crime rates decline

XII. Effective criminal enforcement

XIII. Risk analysis & risk assessment

XIV. What are the specific costs for consumers?

Public Policy & Consumer Welfare

XV. What are the costs for business (at the firm level and the industry level)? What are the threats to our economic system?

XVI. What are the best ways to promote safety tips and improved technologies?

XVII. What are the best media for implementing education or remedial programs?

XVIII. What are the best ways to “reform” identify thieves?

Regulation

• The Identity Theft and Assumption Deterrence Act (governmental):

1) allows victims of identity theft to recover financial damages

2) imposes criminal penalties of <15 years imprisonment & fines of < $250,000

3) directs the FTC to enforce the act

Regulation

• The Coalition on Online Identity Theft (corporate-based):

1) expands public education campaigns, promoting technology and tips for preventing and dealing with online theft

2) documents and shares non-personal information about emerging online fraudulent activity to prevent future scams

3) works with the government to ensure effective enforcement of criminal penalties against cyber thieves

Information Paradox

Image Source: glasbergen.com

Cyber ID Theft and the Market

• A threat to economic systems, e-commerce- demanding scholarly, practitioner and regulatory attention/ action

• Citibank’s ID Theft Page

• TV Campaign 

Reclaim Cyberspace

• A broader change in human identity

• Another paradox of technology

• Researchers have an important role to play in suppressing cyber-identity theft in the future.

• Reclaiming cyberspace as a means of enhancing and enriching (our own) human experiences