Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Prevalence
Specific figures on the prevalence of identity-related crime are scarce. No comprehensive study on the situation in Germany is available, and the figures presented are not broken down into the FIDIS conceptual categories. Sources for assessing the extent of identity-fraud include rather small online surveys, the ‘Crime Statistics of the German Federal Criminal Police Office (BKA)’, as well as the German Federal Office for Information Security’s (BSI) report on ‘The IT Security Situation in Germany in 2007’, where figures on phishing incidents and Internet-related crime are presented.
The Internet is a commonly used tool for identity-related crime. However, the Crime Statistics contain no figures broken down to whether regulated criminal offences were committed in relation to creating a new or taking over an existing identity. The Crime Statistics 2006 present the following figures regarding crimes ‘committed by means of the Internet’.
Type of criminal offence | ||||||
Total number | 150.785 | 118.036 | 32.749 | 27,7 | 84,0 | 84,9 |
Offering and distributing child pornography | 5.351 | 5.624 | -273 | -4,9 | 78,5 | 76 |
Fraud | 124.501 | 93.816 | 30.685 | 32,7 | 86 | 86,1 |
Fraud to obtain a good on credit | 15.555 | 10.322 | 5.233 | 50,7 | 94,8 | 94,3 |
Fraud to obtain a good | 78.235 | 53.092 | 25.143 | 47,4 | 95,3 | 94,2 |
Fraud to obtain a public benefit | 3.153 | 800 | 2.353 | 294,1 | 88,3 | 84,4 |
Fraud to obtain a service on credit | 5.235 | 2.337 | 2.898 | 124,0 | 47,9 | 77,6 |
Computer-related fraud | 8.285 | 8.168 | 117 | 1,4 | 41,8 | 35,6 |
Other types of fraud | 8.694 | 13.207 | -4.513 | -34,2 | 69,9 | 88,2 |
Offences related to infringements of copyright | 10.286 | 10.432 | -146 | -1,4 | 85,5 | 92,6 |
Table 4.. Crime Statistics 2006: offences committed by means of the Internet
Further figures exist regarding ‘computer system related criminal offences’. These include information referring to identity-related crimes like fraud by means of illegally obtained debit cards and the corresponding PIN number, cases of spying out PIN numbers as well as cases of fraud regarding access rights to communication services.
Type of criminal offence | ||||||
Fraud by means of illegally obtained debit cards and the according PIN | 27.347 | 32.232 | -4.885 | -15,2 | 40,6 | 40,9 |
Spying out data (including PIN) | 2.990 | 2.366 | 624 | 26,4 | 43,8 | 42,2 |
Fraud regarding access rights to communication services | 5.822 | 5.788 | 34 | 0,6 | 57,7 | 64,4 |
Table 4.. Crime Statistics 2006: computer -related offences
Further criminal offences listed in the Crime Statistics 2006 which are relevant in the context of identity-related crime are presented in Table 4.3. It is however not known how many of these crimes were committed in relation to creating a new or taking over an existing identity. These figures do not differentiate between offences committed by means of the Internet and other offences.
Type of criminal offence | ||||||
Fraud by means of illegally obtained debit cards without PIN | 41.561 | 48.143 | -6.582 | -13,7 | 53,1 | 48,7 |
Fraud by means of illegally obtained debit cards with PIN | 27.347 | 32.232 | -4.885 | -15,2 | 40,6 | 40,9 |
Fraud by means of illegally obtained credit cards | 8.932 | 14.184 | -5.252 | -37,0 | 48,4 | 52,5 |
Forgery of debit cards, cheques and bills | 3.562 | 1.765 | 1.797 | 101,8 | 35,8 | 40,6 |
Fraud by means of illegally obtained data from debit cards | 3.646 | 3.610 | 36 | 1,0 | 39,6 | 51,0 |
Fraud on the occasion of opening a bank account / making a remittance | 13.297 | 11.130 | 2167 | 19,5 | 74,8 | 74,0 |
Table 4.. Criminal Statistics 2006: other criminal offences in relation to identity
In addition to these numbers concerning frequency, the Crime Statistics also offer figures on the amount of damage resulting from some of these offences. In almost all categories a declining amount of damage can be observed. This observation holds true also for the overall number of cases.
Type of criminal offence | ||||||
Fraud by means of illegally obtained debit cards without PIN | 41.561 | 48.143 | 67.591 | 10.760.504 | 12.948.112 | 20.110.122 |
Fraud by means of illegally obtained debit cards with PIN | 27.347 | 32.232 | 36.088 | 21.441.580 | 23.266.608 | 26.294.895 |
Fraud by means of illegally obtained credit cards | 8.932 | 14.184 | 17.057 | 6.628.849 | 8.151.324 | 8.060.263 |
Fraud regarding access rights to communication services | 5.822 | 5.788 | 7.357 | 15.161.869 | 17.027.727 | 134.473.720 |
Fraud by means of illegally obtained data from debit cards | 3.646 | 3.610 | 3.373 | 2.544.062 | 3.063.804 | 1.773.783 |
Fraud on the occasion of opening a bank account / making a remittance | 13.297 | 11.130 | 11.694 | 35.510.921 | 45.665.820 | 49.467.481 |
Table 4.. Criminal Statistics 2006: damages for criminal offences in relation to identity
With regard to forgery of passports, an official answer of the German government to a parliamentary request of the parliamentary group DIE LINKE presented the following figures. In April 2007 about 28,2 million German passports were issued. Checks upon entry to Germany and other occasions have revealed 6 forged and 344 altered passports from 2001 to 2006.
In March 2008 the BKA president Jörg Ziercke lead the German Federal Criminal Police Office’s annual press conference 2007. On this occasion he presented figures and recent developments regarding debit card related crime as well as information and communications technology related crime. On this event Ziercke explicitly mentioned ‘identity theft (Identitätsdiebstahl)’. The figures were presented not as part of the Crime Statistic 2007 but with regards to the BKA’s strategy concerning new challenges in crime prevention. According to the numbers reported, 1,349 attacks aimed at 459 ATMs were carried out in Germany in 2007. This equates to a rise of almost 50% compared to 2006. The amount of damages sums up to some 21 million EURO caused in 70.000 cases. The method mainly used for such an attack is skimming. The BKA states that taking into account the international figures regarding debit card related crimes gives rise to the expectation that this ‘phenomenon will gain further relevance’ in Germany, too. The figures presented with regards to information and communications technology related crime are presented to be preliminary. In 2007 overall 34,000 cases of information and communications technology related crime were reported which means a rise of 17% in comparison to 2006. A rise of 8% (180.000 cases overall) regarding offences committed by means of the Internet is mentioned. Specific figures concerning ‘phishing’ are accounted by the BKA regarding 2007: 4,200 cases (a rise of 20%) were reported. The average amount of damages caused by phishing attacks is described to range between 4,000 and 4,500 EURO in 2007. In 2006 the average amount of damages ran up to 2,000 to 3,000 EURO per case. With regards to ‘identity theft’ the BKA stated that no longer only online banking has been in the focus of criminals. In addition access data regarding all kind of citizens’ internet accounts is targeted by identity theft attacks.
While the German Crime Statistic 2006 painted a positive picture regarding the declining number and amount of damage resulting from criminal offences which under current German law mainly cover criminal actions relating to identity, this trend seems to have stopped in 2007. The overall number of phishing attacks is however rather small. Reports and figures presented by companies offering IT-security software and technology present an even more negative trend regarding especially the frequency of phishing attacks. Moore and Clayton define phishing as ‘the process of enticing people into visiting fraudulent websites and persuading them to enter identity information such as usernames, passwords, addresses, social security numbers, personal identification numbers (PINs) and any further information that can be made seen plausible. This information is then used to impersonate the victim so as to empty their bank account, run fraudulent auctions, launder money, apply for credit cards, take out loans in their name, and so on’.
Worldwide, according to the Anti-Phishing Working Group, an average of over 30,000 phishing websites are detected every month. In March of 2007, Symantec reported that 32% of all phishing websites were hosted in Germany, which made Germany Europe’s leading nation in this respect. Furthermore, Symantec stated that ‘identity theft and selling of data via the internet is growing steadily’ (March 2007) and ‘identity theft is becoming ever more sophisticated’ (September 2007). In this statement Symantec explains that ‘already 65% of the top-50 worldwide attack tools aim at identity theft’ and further: ‘23% of bot-infected computers are located in Germany’. Arrests have been reported with regard to phishing activities. The Federal Office for Information Security’s IT Security Report 2007 discusses identity theft in the form of phishing attacks and states: ‘According to the banks only around ten percent of the damage occurring in Germany in 2006 was caused by the classic E-mail method. Trojan horses were responsible for the remaining 90 percent’. While at the beginning of 2006 forged websites were still responsible for about 30% of phishing attacks, their share decreased to less than 10% at the end of 2006. The German Association for Information Technology, Telecommunications and New Media (BITKOM) estimates damages of 13 million Euro caused by 3,250 phishing attacks in 2006.
The Federal Office for Information Security’s IT Security Report 2007 describes that not only financial institutions, but also e-commerce applications and online shops are being targeted more often by phishers. According to this report the data obtained covers short-term access and transaction data as well as identity information such as birth dates, addresses, driver’s license numbers as well as account and credit card information.
18 / 34 |