Identity Theft and Fraud

Identity Theft and Fraud: Evaluating and Managing Risk

Norm Archer
Susan Sproule
Yufei Yuan
Ken Guo
Junlian Xiang
Copyright Date: 2012
Pages: 368
https://www.jstor.org/stable/j.ctt5vkcdw
  • Cite this Item
  • Book Info
    Identity Theft and Fraud
    Book Description:

    Personal data is increasingly being exchanged and stored by electronic means, making businesses, organizations and individuals more vulnerable than ever to identity theft and fraud. This book provides a practical and accessible guide to identity theft and fraud using a risk management approach. It outlines various strategies that can be easily implemented to help prevent identity theft and fraud. It addresses technical issues in a clear and uncomplicated way to help decision-makers at all levels understand the steps their businesses and organizations can take to mitigate identity theft and fraud risks. And it highlights the risks individuals face in this digital age. This book can help anyone - businesses and organizations of all sizes, as well as individuals - develop an identity theft and fraud prevention strategy that will reduce their risk and protect their identity assets.To date, little has been written on identity theft and fraud with a Canadian audience in mind. This book fills that gap, helping Canadians minimize their identity theft and fraud risks.

    eISBN: 978-0-7766-1992-7
    Subjects: Business, Technology

Table of Contents

  1. Front Matter
    (pp. [i]-[iv])
  2. Table of Contents
    (pp. [v]-[vi])
  3. Chapter 1 Introduction
    (pp. 1-13)

    The information age has brought many benefits to consumers, organizations and government agencies. We have ready access over the Internet to a huge range of information that can satisfy just about anyone’s needs, we can communicate with people and organizations in ways unheard of even a decade ago, and consumers, businesses and governments can transact business over the Internet. But along with the speed and convenience of all these innovations has come an enormous increase in the incidence of related risks, such as identity theft, fraud and cyber-extortion by criminals. These criminals can work in anonymity from any country around...

  4. Chapter 2 Understanding Identity Theft and Fraud
    (pp. 14-42)

    This chapter begins the exploration of the concepts behind identity theft and fraud. The basic ideas are presented first, including certain problem domains. Then a comprehensive model of the identity theft and fraud process is introduced, including an explanation of the various components that make up this process model and potential crimes that may result from the criminal activities involved. The legal ramifications of identity theft and fraud are explored briefly from the perspective of criminal law and consumer protection. Finally, a model is introduced that explains the relationships among the stakeholders in identity theft and fraud: the ID issuer,...

  5. Chapter 3 Risk and Trust
    (pp. 43-57)

    Risk is an extremely important aspect of the process of protecting against identity theft, because the level of perceived risk from the threat of identity theft determines how much time, effort and money should be spent to reduce this risk. If the risk is perceived to be low, then the resources that should be expended to address the threat are less than if the risk is perceived to be high. This chapter explores different aspects of risk as they pertain to identity theft and fraud, including definitions, perceptions, impact and likelihood of risky events, risk mitigation and, finally, the implications...

  6. Chapter 4 Information Sources for Identity Theft and Fraud
    (pp. 58-75)

    Human identification is the basis of all studies involving identity theft and fraud. This chapter explores this feature in some detail, then applies it to the credit industry, where identification is managed by a variety of identifiers and verifiers. Personal credit and finance revolves around the credit reporting system, which is intimately associated with identity and its management. Related issues are explored, including current issues surrounding databases, brokers and data breaches. Finally, data collection and dissemination practices are discussed in some detail.

    Roger Clarke describes how human identification, in the context of information systems, is a process “used to link...

  7. Chapter 5 The Nature and Scope of Identity Theft and Fraud
    (pp. 76-101)

    This chapter is a detailed discussion of the characteristics of identity theft, including its definition, how it may occur, how identity thieves physically acquire identity information in various ways, and the nature of criminal social engineering activities like certain types of phishing. The electronic acquisition of identity information is also described, where profiles of identity thieves underscore how this type of criminal activity continues to grow like a cancer in society and the sensitivity and value of the personal information that can be stolen. Data breaches are a rapidly growing form of identity theft, and this is discussed in considerable...

  8. Chapter 6 Measuring Identity Theft and Fraud
    (pp. 102-121)

    Measuring identity theft and fraud is critically important if society is to make any progress in defending against it. This derives from the old axiom that you can’t manage something if you can’t measure it. However, there are many problems with determining how identity theft and fraud affects its victims in order to find a basis for measurement. These are discussed in detail, with a number of examples of statistics on reported incidence of fraud, and how this might relate to actual levels, which are often higher. More reliable measures of fraud are then reported from a variety of sources,...

  9. Chapter 7 Managing the Risks of Data Theft, Identity Theft and Fraud
    (pp. 122-153)

    The focus of this chapter is on the development of a general model for managing data, identity theft and fraud risks. The purpose of the model is to provide advice in how to contain and counter such risks in an organized manner. The model’s concept is similar for organizations and for consumers, although the details of the risks and how to manage them differ substantially between these two classifications. Small businesses also differ from large businesses in the approach they need to take to managing IDTF risks, because they typically cannot afford to employ security specialists to manage these risks,...

  10. Chapter 8 A Lifecycle Approach to Identity Asset Protection
    (pp. 154-186)

    In Chapter 7, a general three-phase model (Anticipatory, Reactionary and Remediation) was developed for managing data, identity theft and fraud risks, and it was applied in specific ways to manage these risks for larger organizations, small businesses and individual consumers. This model isentity orientedand focuses on how individual organizations or consumersalonecan better manage IDTF risks. The IDTF issues, however, involve multiple parties that must work together to combat theft and fraud as shown in Chapter 2 (Wang, Yuan and Archer 2006). In this chapter, we further examine IDTF risks by taking aprocess-orientedperspective. More specifically,...

  11. Chapter 9 Employee Responsibility for Risks to Identity Assets
    (pp. 187-203)

    Are employees responsible for identity theft risks? Organizations are the sites of identity information collection, use and storage, and employees are involved in all the stages of the identity management lifecycle. How they deal with information at hand will have a major impact on information security and ultimately identity theft. To answer the above question, we examine in this chapter the role of employees in identity theft problems. We identify and analyze those factors that could influence employee mishandling of information. Finally, we make some recommendations that organizations may implement to prevent employees from mishandling critical identity information.

    As discussed...

  12. Chapter 10 Consumer and Business Perspectives
    (pp. 204-225)

    Reducing the risk from identity theft is very much the responsibility of both individuals and organizations, who must also become aware of and take certain steps to protect themselves against identity theft and fraud threats. This chapter deals with several of the specific risks from IDTF that have not been covered elsewhere in this book. For consumers, we first examine perceived risks in shopping that influence customers in their choice of shopping venue. Then mortgage fraud and its ramifications to consumers is reviewed. This is an example of a high-impact but low-probability risk for consumers. Medical identity theft and fraud...

  13. Chapter 11 Technical Perspectives On Security
    (pp. 226-258)

    The most important network security issues are those that involve defending against the increasing degree of criminal activity on the Internet. In previous chapters we have discussed risk management (Chapters 7 and 8), employee behavioural issues (Chapter 9) and financial impacts (Chapter 10). In this chapter we address related technical issues. We discuss organizational security first, then identity and access management and the general concepts of network protection when handling external traffic. Finally we include a detailed review of authentication issues for both internal and external users. All of these topics are important to the technical management of risks in...

  14. Chapter 12 Evaluating and Managing Organizational Readiness for Security and IDTF Risks
    (pp. 259-274)

    Information security is in a constant state of change, and security methodologies have been unable to keep pace with the continuous appearance of new threats. With each advance in technology, new risks are exposed that could represent security exposures to the enterprise, both internally and externally. Newly developed applications may have exploitable flaws. Personal applications used by employees, like peer-to-peer file sharing applications (US-CERT 2007), may also expose enterprises to risks from inadvertent disclosure of sensitive business information over the Internet or risks of licensing or copyright violations. Employees may use removable media devices like laptops to introduce unwanted applications...

  15. Chapter 13 A Research Agenda for Identity Theft and Fraud Risks
    (pp. 275-298)

    There are many possible aspects of IDTF and associated risks that can be explored by researchers wishing to contribute their expertise in the continuing battle against this growing problem. For example, a recent article by Romanosky et al. (Romanosky, Telang et al. 2011) discusses their findings on whether data breach disclosure laws actually reduce identity theft (they do). Many papers on a variety of IDTF topics continue to appear from time to time, ranging from management, political, social, policy and legal aspects to the more technical aspects of IDTF. Although there are few if any journals that restrict their coverage...

  16. Chapter 14 Monitoring Trends: Indexes of Identity Theft and Fraud
    (pp. 299-313)

    Throughout this book, we have outlined findings from various surveys and other sources on IDTF. In this chapter, we focus on findings discovered by collecting relevant data through government-mandated policies and by surveys that probed the consumer, business and government sectors. Finally, we point out the benefits that would be derived from a regular process of monitoring IDTF incidents and by organizing the results into an annual index.

    What more can be done to combat the continuing threat of identity theft and fraud? One approach that would help involves the collection of data at regular intervals at the individual, organizational...

  17. Chapter 15 Overview of the Book and a Glimpse of the Future
    (pp. 314-329)

    The objective of this book is to highlight the risks of identity theft and fraud to consumers, businesses, governments and other institutions that are victims of the escalating level of these crimes, and to discuss methods that are being used to reduce the risks and to defend against related criminal activities. We also present statistics that show the extent of IDTF and data breach risks to society, and evaluate laws that can be used to prosecute related criminal activities. However, although the legal system is slowly adjusting to the realities of these threats, it is the responsibility of the various...

  18. Glossary
    (pp. 330-350)
  19. Index
    (pp. 351-362)