You are here: Resources > FIDIS Deliverables > Forensic Implications > D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research > 

D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research

Spoofing  Title:
 Social and technical guidelines on preventing ID-related crimes



Identity fraud provokes a range of problems that affect individuals, banks, private companies, government agencies, crime investigation services, etc. The central question is how can identity be made more secure? How can data be protected and how can forgery be prevented? 

Basically, preventing identity theft is always based on trust that some entity keeps certain information secret, at least in the online world, so that only that entity can make use of this secret information. ID fraud may be the result of people not keeping their secrets, but also of machines ‘leaking’ these secrets. Hence, we have to have:

  • Trust in a user, that he keeps certain information (password etc.) secret. 

  • Trust in the authenticating party to keep the data obtained for and during authentication secret, and not disclose or leak the data to others that may use them for malicious purposes. 

  • Trust in a device (this means: trust in the producer/verifier of the device), that secret information kept in the device does not under any circumstances leave the device (tamper resistant hardware). 

  • Trust in protocols and software implementing these protocols (this means: trust in the producer/verifier of the software and protocol), that certain assumptions about resistance against attackers are true. 

ID-related crimes involve people (victims and culprits) and machines, and countermeasures can address both people (social aspects, the first bullet) as well as the machines and the interaction between the two (technical measures, the latter two bullets). Often, all three types of trust are needed in order to prevent identity theft as much as possible.  


Current initiatives  

In the fight against identity fraud, there are a number of initiatives from national governments (in particular law enforcement agencies) and European-wide initiatives. A prevention expert group representing all concerned parties, such as national authorities, banks, law enforcement agencies, consumer associations, is established (Tiné, 2004). Its main objectives are to discuss new fraud prevention issues and identify preventative measures. Law enforcement initiatives focus on the diffusion of information and training by means of forums, workshops, dissemination of guidelines, and other methods. 

From a commercial perspective, Visa and MasterCard have recommended the implementation of an architecture/set of protocols named 3D Secure. This protocol redirects financial transactions to the banks. The verification of the identity of the buyer is performed by the bank instead of the seller. This would transfer the responsibility from the seller to the bank and banks are therefore reluctant to accept this. Instead some banks have installed other systems of identification, e.g. ID-tronic in France.

Generally prevention programmes (Sood 2004) or associations (e.g., CIFAS) against identity theft and identity fraud aim at establishing a privacy task force and providing some recommendations concerning identity recovery plan.


Spoofing  fidis-wp5-del5.2b.ID-related_crime_03.sxw  Social and technical guidelines on preventing ID-related crimes
Denis Royer 33 / 44