Cyber Identity Theft: A Conceptual Model and Implications For Public Policy

Angeline G. Close, UGA/NGCSU George M. Zinkhan, UGA R. Zachary Finney, NGCSU

A 1957 Sylvester & Tweety Cartoon

Image source: davemackey.com

Identity Theft
Most common classification of consumer complaints to FTC (42%) Victimization costs beyond $ Growing problem attributed to the emergence of the e-marketplace Top online fraud (FBI 2003) Re-appraisals of research & public policy are needed

Cyber Stalkers Laughing Behind the ScreenFor Now

Image Source: greenberg-art.com

Objectives
1) Introduce 3 classification schemes, which synthesize conceptualizations of ID theft and the Internet: a) methods, b) time-frame, c) victims behavioral responses 2) Recognize key issues & regulations related to public policy and consumer welfare

Cyber ID Theft Defined

Online or electronic acquisition of personal information with the purpose of utilizing such information for deceitful activity either on the Internet or offline Using electronic (i.e., web-based) means to carry out any form of identity theft

Cyber Identity Theft: An E-Merging Public Policy Issue

Process Victim Response

Schemes

Time-Frame

Cyber ID Theft Process

CyberIdentity Theft Figure 2 (lower) ID Theft Recurs Table 2 Victim Reacts

Table 1 Methods of CyberID Theft

Figure 2 (Upper) ID Theft Does Not Recur

Table 3 Public Policy Issues

Cyber ID Theft Schemes: Broad Scope

Method Hacking Employee Theft Dictionary Programs Spyware Skimming Tapping Preapproved Mass Rebellion Example Wiring anothers funds Pilfering office files Checking all words, A to Z Weather-bug; Gator Credit cards Restaurant computers Mailed credit card offers peer-to-peer sites (e.g., Kazaa.com, Napster.com)

Cyber ID Theft Schemes: Narrow Scope

Careless-ness Disposal Abuse Autofill Abuse Phishing Phony Pre-text Saved Passwords, logoff may not go through Leaving personal information behind on old computer Type in a few letters until cleared Deltaa.com ATM Bank; Credit card company

Cyber ID Theft Schemes: Narrow Scope

Posing Bank rep.; computer exams e-dating Manager Wanted

Pranking Fraudulent Job posting

Shoulder Surfing Passwords; account numbers Intercepting IMs; e-mail

Cyber ID Theft Time Frame

One-time
One-time Prank E-mail One-time use of stolen photo (e.g., for e-dating)

Identity-Theft Time Frames

Multi-time

Using stolen credit card #, until reported

Unauthorized use of anothers e-mail Consistent use of SSN to obtain new, fraudulent document(s)

Recurring
Consistent use of Photo to impersonate

Cyber- ID Theft Victim Response

Behavioral Responses to Identity Theft Victims behavior may change (via): Online Example Lessened (correct) disclosure of personal information Change in selection/use of exchange partners Change in frequency/ extent of transactions Change in general shopping and purchasing behavior e-mail addresses Offline Example Home or work addresses

e-tailers

Retailers

e-commerce; e-dating

Shopping; credit card use Requesting to check identification for credit card purchases

Security checks

An Atypical Response

Image Source: glasbergen.com

A More Extreme Response: Serious Password Strategy

Image Source: glasbergen.com

Public Policy & Consumer Welfare

I. Dissemination of cyber identity theft methods II. Employee access to data and associated potential for misuse III. Credit-reporting bureaus IV. The inherent difficulty associated with proving you did not commit acts

Public Policy & Consumer Welfare

V. Regulation of data exchanges VI. Uses of marketing databases VII. Use of data by financial institutions VIII. Liability issues IX. Assisting cyber identity theft victims

Public Policy & Consumer Welfare

X. Expanding public education/ awareness XI. Educating the populace so that overall crime rates decline XII. Effective criminal enforcement XIII. Risk analysis & risk assessment XIV. What are the specific costs for consumers?

Public Policy & Consumer Welfare

XV. What are the costs for business (at the firm level and the industry level)? What are the threats to our economic system? XVI. What are the best ways to promote safety tips and improved technologies? XVII. What are the best media for implementing education or remedial programs? XVIII. What are the best ways to reform identify thieves?

Regulation
The Identity Theft and Assumption Deterrence Act (governmental): 1) allows victims of identity theft to recover financial damages 2) imposes criminal penalties of <15 years imprisonment & fines of < $250,000 3) directs the FTC to enforce the act

Regulation
The Coalition on Online Identity Theft (corporatebased): 1) expands public education campaigns, promoting technology and tips for preventing and dealing with online theft 2) documents and shares non-personal information about emerging online fraudulent activity to prevent future scams 3) works with the government to ensure effective enforcement of criminal penalties against cyber thieves

Information Paradox

Image Source: glasbergen.com

Cyber ID Theft and the Market

A threat to economic systems, e-commercedemanding scholarly, practitioner and regulatory attention/ action Citibanks ID Theft Page TV Campaign

Reclaim Cyberspace
A broader change in human identity Another paradox of technology Researchers have an important role to play in suppressing cyber-identity theft in the future. Reclaiming cyberspace as a means of enhancing and enriching (our own) human experiences