Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- D5.1: A survey on legislation on ID theft in the EU and….
- D5.2: ID Fraud Workshop.
- D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research.
- D5.2c: Identity related crime in the world of films.
- D5.3: A Multidisciplinary Article on Identity-related Crime.
- D5.4: Anonymity in electronic government: a case-study analysis of governments? identity knowledge.
- D6.1: Forensic Implications of Identity Management Systems.
- D6.5/D6.6: Second thematic Workshop forensic implications.
- D6.7b: Workshop on Forensic Profiling.
- D6.7c: Forensic Profiling.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research
 |
Title: “IDENTITY FRAUD” |
 |
From this general sociological perspective, "identity fraud" can be defined as: to claim the fulfilment of someone else’s legitimate expectations concerning one’s own identity, role and behaviour within a specific communicational context, but to only simulate the others’ expectations towards them, and thus to evade these expectations deliberately. From a legal point of view, fraud requires deliberate action as described in chapter .
Therefore, there is no "identity fraud" to be expected in the area of identity collision but, above all, in the area of identity change (deliberate action!). In this respect, we understand "identity fraud" as a subcategory of identity change.
On the other hand, identity fraud is usually understood as a main category of "identity theft". In general, identity fraud is typically an illegal fake of a particular person’s identity towards another person or organisation. In this general sense of fake, this applies to identity theft, too. Therefore, identity fraud is the general term for the faking of an identity by use of identity change, e.g. with reference to a client-organisation relationship, and identity theft is the more specific term for the special case of an illegal capture or usurpation of an already existing identity.
The following figure will show the described relationship between the introduced terms.
Figure . Introduced terms and their relationship
Systematically, the four introduced types of identity change can be examined for the existence of a deceitful subcategory. Should that be the case, we suggest modified terms.
Identity change | "Identity fraud" | Comment/ common features |
Identity takeover | Identity theft | Feature: Missing agreement of original identity bearer. |
Identity delegation | Deceitful identity delegation | Example: Credit card misuse, where the card holder actively issues all necessary information to someone else and claims to be victim of identity theft to avoid payment; misuse of a delegated identity beyond the agreed purpose leads to identity theft Feature: The original identity bearer has agreed. |
Identity exchange | Deceitful identity exchange | Example: Identity exchange for the purpose of creating alibis Feature: Mutual agreements by those whose identities have been exchanged (i.e. by both original identity bearers). |
Identity creation | Deceitful identity creation Rarely used: "synthentic identity fraud" | Example: Creation of credit card data (number, name, certification number) Feature: No original identity bearer is expected to exist. |
Table 4: Types of "identity fraud" and their assignment to the types of identity change
The comparison between the currently used definition (see note ) of "identity fraud" and this overview (see table 4?) results in an extension of these terms. This applies to the illegal identity exchange and delegation, in which – in contrast to the cited common definition – two actors are involved. As far as the following criminal acts are concerned, the partner in the illegal identity exchange thus becomes an accomplice.
In all, this assignment allows a more detailed view on the origin of the identities that are deployed for purposes of fraud as well as the communicative environment in which they can be deployed. In the following, this is to be examined more closely from a sociological point of view.
“Identity fraud” in social systems
"Identity fraud" in social systems means a deception of the role assignment (e.g. by inspection), or of the subliminal examination of the existence of the common understanding of the social relationship. After all, even loving relationships require proofs of love every now and then. Therefore, an identity fraudster has to dress up as somebody else (identity theft) or, as a sort of special social trust advance, to pretend to be particularly trustworthy, typically by use of confessions, or to acquire particular trust by fulfilling expectations over a long period (deceitful identity creation). Due to the personal and social effects to be expected on the provider, deceitful identity exchange or delegation are probably of secondary importance. In these cases the original bearer of the identity will always be a starting point for incrimination in the following criminal investigation. This makes these types of identity fraud less attractive for them.
"Identity fraud" within an organisation means the assumption of organisational membership by a fraudster, which, in contrast to interactional systems, is not made possible by confidentiality and inspection but by the sovereign handling of resources, adopted to the common social manners within this system (e.g. "The Captain of Koepenick", a novel by Carl Zuckmayer, who describes this impressively). A classic regulator for closeness-distance relationships in organisations is joking or, even more promising, joking about weaknesses of workmates or the organisation, based on precise observations. In a shared joke, agreement is communicated in a non-binding way.
Trends indicate that the authentication procedures become more formal, depending on the extent to which the core operations of an organisation can be affected by access. Also in these situations, identity fraudsters will use their social competence ("social engineering") to obtain access instruments for resources (login, ID card, signature, key access). Depending on the extent to which identification and authorisation of people is required within organisations, identity theft is more likely to be observed than deceitful identity creation. For the same reasons as in interactional systems, deceitful identity exchange and delegation are probably of minor importance.
The internal relationships of members within an organisation are to be distinguished from the external relationships of organisations with each other or between organisations and their clients. The latter are typed by use of patterns such as seller/buyer, client/supplier, citizen/official or in the different incarnations of the layman patient/expert constellation. Due to the mutual expectations created by these social contexts, the processes are highly standardised. In the described relationships those involved perform in favour of each other. Therefore, the communicational processes are regulated by contracts, economically calculated and / or scientifically measured. An identity fraudster does not only evade the expectation that something in return will be offered (money, obedience, truth), as implied by the social conventions, but they also evade the sanctions, because their true identity cannot be established despite the fact that they appeared as a person which allowed them the opportunity to deceive. This makes the identity fraudster different from a thief or burglar who remains unrecognised and typically avoids appearing as a person and thus avoids authentication / authorisation in social systems completely.
Since the danger of personal sanctions to be feared is rather small, especially for a client, deceitful identity delegation and exchange can probably be observed in this constellation of extra-organisational relations, too. To a member of an organisation in interaction with clients, this probably applies to a much smaller extent; the conditions here rather correspond to those within an organisation.
Authentication and authorisation between an organisation and its clients is often lax or absent. Despite the fact that organisations can place restrictions on access, and that instructions are to be followed (registration, for instance), many actions, such as purchasing with cash money, casting political votes, and accessing scientific publications, can be done anonymously, or at least pseudonymously. Even in places in which conventional authentication by use of technological means is in place, this is often unreliable. ID cards can be falsified, particularly with the meagre biometrical quality of photographs, and controls are only unreliable. Orders can easily be placed under the pretence of false sender address, by letter and on account, also in the name of another person. Account, tax and social security numbers can be found relatively easy and be misused without any problems. From this point of view, the risk of "identity fraud" is accepted relatively willingly throughout society. Its acceptance is apparently economically cheaper than the improvement of the authentication measures would be. The question is how reliable an authentication and authorisation process has to be to void the claim that victims of "identity fraud" are to blame themselves.
"Identity fraud" in functional systems (economics, law, politics and science) happens, as described, through organisations. Organisations follow, as described above, a main emphasis, related to these functional systems. An example for this can be organised crime, which, as a rule, follows the economic primate (Lindlau 1987). The application of typical criminal motives (e.g. avarice, need for recognition, aspiration to power) certainly allows a detailed analysis of the social systems’ vulnerability to the different types of identity fraud.
General theses on the appearance of "identity fraud"
On the basis of the categories and examples introduced in the previous sections, we can now develop theses on "identity fraud":
Above all, "Identity fraud" is likely to consist of planned criminal actions (e.g. financially motivated in organisational systems), less often with actions that happened in the heat of the moment. Offenders are able, and required, to invest considerable resources (time, money, know-how) into the preparation of "identity fraud".
The predominant types of "identity fraud" are those which allow both an authentication/authorisation and a reliable concealment of the deceiver’s real identity (in the easiest way possible). These include mainly identity theft and deceitful identity creation.
"Identity fraud" mainly find its victims where weak authentication procedures combined with valuable or strong authorisations are deployed. Particularly vulnerable in this case are interactions in social systems in which authentication takes place for roles only. Identification of a person is always vulnerable when it is not, or only insufficiently, supported by technology in electronic communication.
These theses correspond to the data on "identity fraud" published in current US-American and British studies, which examine the topic mainly on the basis of criminal acts following "identity fraud", and the motives of the perpetrators. This approach is made clear e.g. in the executive summary of the study by the British Cabinet Office: "ID fraud is an important and growing problem linked to organised crime in a number of forms: illegal immigration (including human trafficking); money laundering and drug running; and financial fraud against government and the private sector."
The majority of the recommendations on the prevention of identity fraud or on proposed reactions to identity theft published in the mentioned studies, as well as for the citizen mainly in the USA, are not far-reaching enough from a sociological perspective. The general recommendations relate to handling particular identifiers, how to behave when detecting "identity fraud", and recommendations, proposed legislation and regulation on the massive collection and evaluation of data on identity usage (e.g. opening of an account (Gordon and Willox 2003), "identity fraudsters" and cases of deceit by use of these identifiers. Structural improvements in the interaction in social systems, such as a broader introduction or usage of effective and socially integrated authentication procedures, are only superficially examined (i.e. case-related, e.g. to particular types of document or the opening of bank accounts).
The transition from identity collision to
| |
   |
|
| Denis Royer | 21 / 44 |
