Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- D5.1: A survey on legislation on ID theft in the EU and….
- D5.2: ID Fraud Workshop.
- D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research.
- D5.2c: Identity related crime in the world of films.
- D5.3: A Multidisciplinary Article on Identity-related Crime.
- D5.4: Anonymity in electronic government: a case-study analysis of governments? identity knowledge.
- D6.1: Forensic Implications of Identity Management Systems.
- D6.5/D6.6: Second thematic Workshop forensic implications.
- D6.7b: Workshop on Forensic Profiling.
- D6.7c: Forensic Profiling.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
 |
Identity-related crime in films IDENTITY-RELATED CRIME: REALITY CHECK |
 |
Identity-related crime: reality check
Dominant types of identity-related crime
Though each type of identity-linkage rearrangement (identity collision/change/deletion and restoration) can have legal relevance, unlawful identity change, or ID fraud, is the most prevalent and most widespread. Within that category, according to some sources, the most damage is caused by abusing identity creation. According to ID Analytics, crime committed with fictitious identities – what they call synthetic identity fraud – accounts for 88.38% of identity fraud, and 73.8% of financial damage caused in the US. In contrast, identity “theft”, or true-name fraud, only accounts for 11.7% of identity fraud, and less than 25% of the damage caused. Other statistics suggest a different picture, with major losses being caused by identity “theft”, although these statistics may tend to neglect illegal identity creation because of the focus of the US legislation on identity “theft”. None of these statistics suggest that unlawful identity delegation and exchange are a substantial issue in real-life.
The role of ICT in identity “theft”
If we take a closer look at the role of ICT in identity “theft”, we can see that it is becoming more and more crucial.
We know of cases when illegal identity takeover is done without any technological support, for example, when celebrity look-alikes try taking advantage of their similar appearance and thus gain financial benefits. Though these cases get much publicity, they are rare and cannot be considered as typical identity “theft” activities.
The role of technology and principally information and communication technologies in identity “theft” is becoming more and more dominant, as more and more aspects of everyday life and activities obtain an electronic or online dimension, where technology performs the processes of identification and authentication.
The two most widespread methods of identity “theft” targeting user PCs and enabling mass data “theft” are phishing, using a flood of e-mail and website scams, and spyware, including keylogger programmes.
Target groups
Identity “theft” activity has got two major target groups. The first is organisations (like payment processors), where hundreds of thousands of users’ PII is stored in large databases in one place. The other target group is the user itself, in which case PII is dispersed and therefore, this requires different methods to obtain illegal access to it.
In their methods, attacks targeting corporations differ from those aimed at users, since in the first case data “thieves” are not after quantity but launch attacks requiring a higher level of preparedness against well-guarded data bases storing large amounts of data. With the development of data brokerage, the number of databases with a mass storage of PII of users and clients has grown. Yet, the largest-scale security breaches in 2005 occurred at companies processing financial transactions (payment processor, card transaction processor).
In spite of some user concerns about identity “theft”, it seems that the active co-operation of users in reducing damage can be relied upon only to a small extent. Even though currently available data-security solutions (antivirus software, antispyware, firewall) and basic data-protection practices could provide a fairly high level of protection, most users opt to do without sufficient protection. According to research carried out among American users at the end of 2005, at least one of the three basic data-security tools (antivirus software, antispyware, firewall) was missing from the PC of 81% of the users, and 56% of them had not even heard of phishing. The research pointed out a perception gap, since 83% of American internet users “falsely believe they are “very” or “somewhat” safe from online theft of information and identity”.
Aim of identity “theft”
More than half of the attacks against computer systems in 2004 were launched with the intention of obtaining financial gain. It was reported in 2004 that global yields from cybercrime first exceeded those from drug trafficking, which then amounted to 105 billion dollars. Naturally, identity “theft” represents only a certain percentage of damage caused by cybercrime.
According to estimates by the American Federal Trade Commission, in the period between 1999 and 2003, 27.3 million Americans, i.e., approximately 10% of the population, was a victim of identity “theft”. The number of victims has almost doubled in each year. In 2003, identity “theft” caused a damage of 48 billion dollars in business enterprises and banks, while the same figure was 5 billion dollars in the case of private individuals, totalling 53 billion dollars. Opening new bank accounts was one form of identity “theft” misuse, targeting 3.23 million people out of the overall 10 million victims. In addition to this, renting flats, claiming healthcare benefits and applying for jobs under a false identity occurred frequently.
The study entitled National Data Breach Analysis published by ID Analytics in December 2005 points out that the number of data breaches hit a record in 2005: in total there were 70 occurrences, affecting the data of 50 million American citizens. However, actual damage was suffered by only 0.098%, that is 50,000 people. In the light of these findings, previous estimates – such as those by the Identity Resource Center (IDRC), claiming that in 2004 ID theft caused a damage of 372 billion (!) dollars for American business enterprises – may have to be revised. Nevertheless, it is clear that, at least in the US and European countries like the UK, financial identity “theft” is a significant societal problem which tends to be growing worse.
Summary – characteristics of identity-related crime
The aim of identity-related crime is predominantly securing financial gain. Illegal identity creation or synthetic identity fraud and identity “theft” or true-name fraud impose the biggest threat in terms of financial damage. Though ICT’s role is increasing in this sort of criminal activity, and there is a race between the technologies of criminals and those of the parties trying to counter it, much damage is done by people who do not necessarily have technological mastery, but by people with legitimate access to large-scale databases, or by people deceiving the latter through social engineering to these databases. Therefore, the human factor and data-protection policies of organizations may be the weakest link in combating identity-related crime.
The majority of users consider data security and protection as the responsibility of their service providers. They want their service providers of any kind to secure their information systems while they do transactions with their clients and customers, but the users themselves are far less aware or willing to apply data security tools designed to protect them.
| |
   |
|
| 5 / 7 |
