Survey of Research Literature – Identity Theft
Research Analysis Survey of Research Literature in Information Technology Management Infrastructure Abstract: Identity theft is one of the fastest growing crimes in the United States. There are many definitions of identity theft, however this type of crime typically involves illegally utilizing somebody else’s personal information for both personal and or financial gain. Thieves acquire personal information through different methods ranging from stealing physical documents all the way to hacking into corporate databases.
The field of Information Technology is one of the fastest growing fields in the world. Daily innovations and discoveries are flooding our lives. The continual strive for speed and efficiency make the world move faster into the new era of digital information.
In addition to advances in computing, many other fields are forced to innovate and comply with the demands of the new 21st century consumer. However with all the convenience and access to this digital information the world faces those who use the technology to destroy information and control others for their own benefit. The two most evident industries that face such challenges are the health industry and the financial industry. Both consists of billions of dollars in revenue each year and pose a lucrative target for the digital underground.
The finance industry is a more interesting topic when it comes to identity theft since it involves the financial system for businesses, financial institutions and consumers. By looking at this industry directly we can see how these affects influence each other and what can be done to protect the consumer and the business sector. This paper will be separated into consumer and business parts and then further divided into sub parts where the focus would be on specific sections on what is closely related to or can result in identity theft.
Once such threats and security issues are identified and thoroughly described, the paper will also cover some of the existing solutions that are currently being implemented by, businesses, financial institutions and even consumers themselves. Looking at all sides of the problem, identity theft touches upon a variety of issues such as tools that are used to identify ones credentials, information that is stored on computers of thousands or retailers, financial institutions as well as taking into account the technology that makes authentication and financial transactions possible.
The spectrum of this is so large that only a small part of it can be analyzed and covered in this paper. What is Identity Theft? According to numerous sources, identity theft is a way to take someone else’s identity and utilize it for either financial or gains of being accountable for certain actions or consequences. The term identity theft has actually came from the word impersonation or cloning which describes a process of making an exact copy of something or in this case assuming an identity of another person.
In this paper there is only one side to the identity theft and it is the financial loss or gain that occurs during the process. Looking at the identity theft from several prospective and analyzing how it affects the consumer, business, or financial institution is what this analysis is attempting to identify. “Each year, millions of consumers are victimized by identity theft—the practice of using the identity of another to obtain credit. After the identity thief defaults, lenders and credit bureaus attribute the default to the impersonated consumer. Sovern 2004)” According to Sovern 2004, the default that occurs between the lender and the pretend consumer, in the end falls upon the innocent consumer whose information has been stolen in one way or another and misused for financial gain. Typically there are numerous parts to what results in identity theft. First of all identity thieves typically obtain personal information that is used to identify an individual, as well as credentials that can be used to authenticate themselves.
Then, they would utilize the credentials to impersonate other individuals and proceed to gain access to financial documents and finally actual monetary assets. “Identity theft—the appropriation of someone else’s identity to commit fraud or theft (Milne 2003)—is a serious consumer problem (Sovern 2004)”. Identity theft is a commission of fraud that not only poses a serious threat to consumers but is a very serious crime that has unlimited consequences for everyone involved in the process.
Although it is a serious crime and a wide spread problem there are many different ways that thieves can approach this type of method. The initial process of acquiring personal information that is needed to impersonate another individual can consist anywhere from finding the information in public records at the library, all the way to stealing financial documents like credit cards, checks, and digital information by hacking computer networks. The spectrum of this problem is endless and continues to grow on the daily basis, while financial information becomes ore widespread with the innovation of technology. Before looking at the specific areas of theft and their origins, identifying the meaning behind identity as being part of identity theft would be beneficial to the true understanding behind impersonating someone else. “Identity is a means of denoting an entity in a particular namespace and is the basis of security and privacy -regardless if the context is digital identification or non-digital identification ( Katzan 2010 )”.
Unlike theft, identity is much harder to describe especially when looking at how it can be stolen and utilized for personal and financial gain. Katzan 2010 illustrates how an identity can also be referred to as a subject, which have several identities and belong to more than just one namespace. Identity is part of the management system which can establish a process to another system and therefore result in a trust that is facilitated by a third party and acknowledges the basis for the digital identity in the computer-based information systems.
Another side is the information that’s provided by a third party that claims the identity of a person but can be biased based on how that information came about, and therefore might require additional information to provide clear evidence and confirmation. ” Identity is primarily used to establish a relationship between an attribute or set of attributes and a person, object, event, concept, or theory. The relationship can be direct, based on physical evidence, and in other cases, the relationship is indirect and based on a reference to other entities ( Katzan 2010)”.
Thieves acquire such attributes of the identity through resource such as customer service representatives, Trojan horse computer programs, dumpster diving, corporate databases, and physically stealing computers. To prevent such occurrences the author suggests implementing reponsibilized and individualized forms of risk management where individuals are encouraged to incorporate informational security practices into their daily lives and care for their virtual self in the digital world. Phishing Attacks Moving forward beyond what both identity and theft really mean, identifying he most popular ways of gaining access to individual identity data is the first step to preventing consumers from being the victims of such thefts. The first most common approach to gathering the necessary information to impersonate an individual is a Phishing Attack. A Phishing Attack is a way to deceive a consumer into revealing personal information to the attacker through digital communication. “Phishing has been a major problem for information systems managers and users for several years now. In 2008, it was estimated that phishing resulted in close to $50 billion in damages to U. S. onsumers and businesses (Wright, Marett, 2010). This obfuscation method of both email and Web sites is how thieves are able to convince users into fulfilling requests for personal information. Once that information is obtained it can be used to stage theft of either company or personal intellectual property. “In the most common phishing scam, the “phisher” sends an e-mail disguised to look like it is from a financial institution or e-commerce site. To appear credible and to attract the recipient’s attention, the e-mail uses the company’s logos and trademarks and employs “scare tactics” such as threats of account closure (Lynch 2005)”
This method of obtaining identity information carries a relatively low risk in both legality and cost. The phisher who is carrying out the crime usually resides in an international location to avoid authorities which makes the apprehension and prosecuting of the fraud that is committed to be far more difficult. One of the studies that utilized analytical approach to find the reasoning behind the success of such a technique concluded that there are four phases in studying behavioral factors, which influence the replies coming from the consumer in regard to answering emails that request them to provide sensitive information.
The study covered 299 subjects and analyzed the percentage of those who responded to different methods within the study of phishing. The final factor to the study is the awareness level that the communicator posses in regard to the security threats that are currently present in the digital world. Security awareness training is important in teaching Web users how to appropriately utilize both network and system resources. Complete review of security policies and their congruency with current threats is crucial in identifying noncompliance of both users and systems.
Once systems are updated and users are aware of the different tactics that can be used against them and the different ways they can protect themselves from becoming victims the world can move closer to eliminating phishing as an urgent threat. Driver’s License Moving past the phishing technique on the consumer side, taking an in-depth look at how identification has become an essential part of identity theft and what are the different tools that we use as consumers to present that trust between our identity and the business entity from which we want to acquire services.
The first and probably the most widespread tool of identification in United States of America is a driver’s license. A driver’s license is an identification document that corresponds to a Department of Motor Vehicles database record, therefore is considered to be a legitimate identification document. It is very valuable and the most circulated picture credential that gives one the ability to operate a vehicle as well. One of the reasons behind counterfeiting driver’s licenses is due to the broad spectrum of different types of licenses that exist in the USA.
These counterfeits vary from simple laminates that are created on matrix printers, all the way to sophisticated and authentic, 45 degree hologram based laminates utilizing the same materials and even printing equipment that is used by the DMV. “ The typical criminal would use fungible credentials as an instrument to defraud because it offers reduced risk, minimal effort, and increased effectiveness. Financial frauds, money laundering, and identity theft are three common exploits that typically rely on fungible credentials.
Fungible credentials are useful precisely because they simultaneously obscure the criminal’s real identity and facilitate any authentication that may be required. (Berghel 2006) This type of credentials is a way to shield the thief’s real identity while still utilizing the facial identification with different credentials. Typically financial transactions are the most common way to utilize fungible credentials to gain access to the victim’s assets. Since the process involves getting several versions of identification based on the verification process, in the end the original counterfeit documents are disposable.
This means that the final identifiers that are obtained, such as the drivers license are legitimate due to its issuance from the government agency. This type of a scheme makes the detection of the final credentials impossible to detect since it was acquired from a legitimate source. The only way to really prevent this from happening is by having all government agencies and law enforcement to authenticate all documents no matter where they came from. However currently due to the extreme overhead for such process, this is currently not possible to achieve. A threat analysis of RFID Passports
The second and most widespread tool in the world is the passport. A passport is a document that is issued by a national government for the sole purpose of traveling between countries and having the ability to identify the nationality of the traveler as well as the identity of the holder. Since 2007 all passports that have been issued in USA, contain an imbedded RFID chip, which is valid for a time period of ten years. The reason behind such change in passport policy is to provide a safer way to store critical identification data on the chip as well as encrypt such data and keep it safe.
However in the last few years there have been approaches that defy the design and the security of the chip and permit the identification information to be stolen. “this individual used a small antenna connected to a computer in his backpack to eavesdrop on the radio communication between the security agent’s reader, which has the capacity to decrypt the highly sensitive and secured data on the passport, and the RFID-enabled passport itself(RAMOS, A. , SCOTT, W. , SCOTT, W. , LLOYD, D. , O’LEARY, K. , ; WALDO, J. 2009)”
The process that is described above creates a way to find and obtain the information that is contained on the RFID chip, however in order to do so the proximity of the listening device and the timing of the transition are critical to its success. In addition to acquiring the data, the ability to decrypt the information before it can be utilized is a process in itself. “Six pieces of information can be stolen from the RFID chip on a U. S. passport: your name, nationality, gender, date of birth, place of birth, and a digitized photograph. Numerous problems of identity theft could arise from someone taking that information, but this article focuses on the financial risk. (RAMOS, A. , SCOTT, W. , SCOTT, W. , LLOYD, D. , O’LEARY, K. , & WALDO, J. 2009)” The information that is acquired during the intercept process is sufficient enough to create a duplicate passport and utilize it for financial gain. However due to the difficulty of this attack, cost of the equipment involved and the limited financial return as opposed to the high cost of blank passports, this type of scenario is not very likely.
As a solution to this possible downside of RFID chips, integrating basic access-control and encryption using the secret key that is integrated right into the passport help mitigate the risk of data interception. Another approach would be to control the RF signals that occur between the reader and the passport during the verification process. This would help minimize the chances for eavesdropping on the RF signals and interception of all identity information. Identity Cards
In order to go beyond the complications of the passport and the specialization of the driver’s license there is another way to identify a person and verify their credentials. This tool is called an Identity Card and is utilized on the government basis in several different countries. The idea behind the identity card is very similar to what a driver’s license does, however it only focuses on proving that the person who presents the card matches the credentials that the identity cards holds, without granting driving privileges as does the driver’s license.
This new concept of identity card consists of two components, one is the database identity and the other is token identity. Database identity is the gathering of all information about a certain individual and recorded into databases, which is then accessible by the government. Token identity on the other hand only comprises of very specific information about the individual. This information consists of name, gender, date and place of birth, date of death, signature, photograph and biometrics.
In addition biometrics consists of a face scan, two iris scans and ten fingerprints. In the context of identity theft, token identity is considered to be more than just information about an individual. “Unlike the individual pieces of information that comprise it, token identity has the essential characteristics of intangible property. Its misuse by another person not only infringes the individual’s personal right to identity, it infringes the individual’s proprietary rights in his/her registered identity, particularly in token identity. Sullivan 2009)” Utilization of token identity for transactional purposes constitutes an individuals’ identity which is all the information that the token holds. This is the information that is most useful for an identity thief since it is all that is required to enable a transaction. Not all of the information in the token is used for every transaction and therefore depends on the nature of the transaction, therefore the required information is automatically chosen from the token to match the transactional requirements. The phrase ‘identity theft’ is a misnomer, as identity theft does not actually deprive a person of their identity. The offence of theft or larceny traditionally involves an appropriation of the personal property of another with the intention to deprive him or her of that property permanently. Wrongfully accessing and using a person’s personal information or forging proof of identity documents, without taking any physical document or thing, would not deprive the person of the ability to use that information. (Sullivan 2009)
Although wrongfully accessing or forging of the documents does not deprive the person of access to such information, it does however fundamentally damage the integrity of the individual token identity by denying exclusive use of the identity. Personally Identifiable Information Utilizing tools that identify oneself are needed to acquire, obtain and steal financial information, however in addition to that and the rapid innovation of the digital world, all the information that identifies us is freely available on the internet.
In the last several years the internet progressed so rapidly that it is being used for social interaction, product purchases and financial transactions. In addition to that many companies are continuously collect personal information utilizing social networks, service providers, and retail sites. These companies claim that under the customer license agreements information provided will be safe guarded and released in a non identifiable form. This means that the information will be de-identified by changing the fixed set of attributes that it currently resides in.
Once it is de-identified it will become safe enough to release to the public and will prevent others from using it for marketing or advertising purposes. “The emergence of powerful re-identification algorithms demonstrates not just a flaw in a specific anonymization technique(s), but the fundamental inadequacy of the entire privacy protection paradigm based on “de-identifying” the data. De-identification provides only a weak form of privacy. (Narayanan, A. , & Shmatikov, V. 2010)”
This type of technique is only part of the solution when it comes to privacy protection. The ability to develop effective technologies to protect private information is being developed on continuous basis and there is still no definite answer as to what the best approach really is. Utilizing the de-identifying approach is a step in the right direction but it only patches the problem instead of solving it. Currently there are limitation to the way privacy is preserved and protected, therefore a better method of protection needs to be build and implemented.
Security through Technology Now that we covered the outstanding issues with the identity tools and even ways of how to protect the personal identifiable information, next step is to identify technology flaws that jeopardize the security of the process. The technology plays a crucial role in how secure the data is both inside and outside the primary location. When it comes to computer systems and security, the weakest components are the end users, especially when they are accessing corporate information from their home location.
With progression of wireless based network technology, the adaptation rate has been enormous and is justified by the convenience that wireless technology provides for both basic and business consumer. Numerous applications have been developed to utilize the convenience of working from home for employee and to have them access databases of their organization using just the Internet browser. This scenario also works for those who are continuously traveling and therefore use wireless services at the hotels or other lodge places.
Many of such systems only rely on passwords to authenticate users and pose a real threat when it comes to accessing corporate information. In such a case a hacker can intercept such credential information and utilize it to access the corporate databases and therefore conduct an intrusion which will go undetected since it relies on real user account information. “Hackers do not require specific hacking tools, as operating systems can find nearby routers and connect to them almost automatically.
Hackers can then perform illegal operations such as hacking other computers, spreading viruses, organizing terrorist activities, and so on. (Loo 2008)” As the technology progresses and innovation takes place it would still be close to impossible to solve all security problems no matter what technology is in place. Security depends on several different factors including coordination between employers, end user and manufactures of the technology that is being used.
It is up to the employees to be aware of security risks and protect the technology they are using no matter where they are. Investing time into learning about countermeasures is a worthy investment which can eventually prevent unrecoverable events such as an intrusion. Employers and providers of technology should focus on the usability and simplicity of the technology as well as establishing the necessary guidelines for usability and finding the right tools to address it. Protect Government Information
Identity theft has an enormous impact on both time and finance of a consumer who becomes the target of it; however it’s not only consumers that see the consequences of such thefts. Businesses are being impacted by this occurrence as well. Organizations need to protect their assets from cyber crime, web attacks, data breaches and fraud. Criminals utilize such attacks to harvest data through these means for financial, political and personal gain. Such actions are becoming firm motivators for adaptation of information system security approach to protect assets of companies.
The ISS approach utilizes an accreditation process that mandates that all government agencies are complying with such standard. A unified security approach would have been ideal in the case of government agencies however even with proper accreditation and mandated requirements, more than half the agencies demonstrated resistance by their management to implement such rules. One of the reasons for such resistance was the norms and culture with the organizations which could not be unified by one system covering all the agencies.
Secondly the management of the government branches that lacked the accreditation pointed out that it was due to the lack of resources that was being committed by Treasury to pay for the needed changes that were part of the compliance process. “The key lesson learned from this study was that a large-scale IS/IT project conducted across multiple government agencies and sites of varying sizes requires that the implementation be staggered and suited to agency size, thus breaking down the complexity of the tasks enabling resources (people and budgets) to be put in place and allocated to future project phases. Smith, S. , Winchester, D. , Bunker, D. , & Jamieson, R. 2010)” The authors point out that the failure of implementation was mostly due to the long term financial backing of the project and that adequate resources and senior management commitment is crucial to the success of ISS. Data Breaches and Identity Theft Data security is an ongoing process and affects both consumers and businesses, however retailers and financial institutions are responsible for storing and processing consumer financial data, and they are solely responsible for the security of it.
One of the leading causes of identity theft is data breaches which are a process of loosing data due to a security or network flaw. This is why a proportionate combination of security vs. amount of data collected needs to be found. If there is too much data and not enough security than the potential cost of a data breach is very high. “Dollar estimates of the cost of identity theft do not by themselves indicate that too much identity theft is occurring.
However, press accounts of data breaches suggest that personal identifying data (PID) is being stolen too frequently, and that the data thefts are unduly facilitating various kinds of identity theft. 2 (Roberds, W. , & Schreft, S. 2008)” Establishing policies that can ensure that the balance between data collection and security is properly maintained will be crucial in preventing data breaches. Data network can help prevent theft by securing its databases better as well as increasing the amount of PID compiled in order to identify possible fraudulent attempts on the network.
The downside of over collecting is the spillover effect where the data can be stolen and used on another network, therefore breaching the other network. “…the approach here allows for explicit calculation of the efficient levels of data accumulation and data security, and for straightforward evaluation of policies meant to attain efficiency. More generally, it offers an illustration of how any such calculation should balance the costs associated with data misuse against the substantial gains afforded by the relaxation of anonymity. (Roberds, W. , & Schreft, S. 2008)”
There are specific variables that need to be adjusted in order to achieve the highest possible degree of security and consider the costs that are associated with implementing this specific formula. Formal Identity Theft Prevention Programs As was already discussed previously, identity theft is a serious problem, and can take a very long time to even notice that it is taking place in our lives. Due to the amount of damage that is caused to the consumer’s life and financial situation, the government has taken steps to combat identity theft at federal, state and local levels therefore attempting to assist victims of this crime.
There are several steps that have been taken in legislation, however there are still no laws in place that can regulate the general use of personally identifiable information in regard to government branches and both public and private sector. The key piece of information that is considered to be most valuable to the identity thieves is the Social Security Number (SSN), therefore one of the prevention initiatives is in regard to displaying and using Social Security Numbers in easily accessible laces. Other initiatives include securing the availability of personal information though information resellers, security weaknesses in the federal agency information systems, and breaches in data security. “.. federal systems and sensitive information are at increased risk of unauthorized access and disclosure, modification, or destruction, as well as inadvertent or deliberate disruption of system operations and services. ( Bertoni, D. 2009)”.
According to the GAO study it has been reported that federal agencies still experience a large number of security related incidents and that provides access to large amounts of personally identifiable information that reside in the federal records that could be utilized for identity theft purposes. Protecting personally identifiable information that is stored in the federal system is critical since its loss and unauthorized disclosure could result in devastating consequences for the individuals.
The consequences could range from fraud, theft, embarrassment and even inconvenience in the cases of identity and financial related transactions. Results of identity theft have direct impact on the credit records of individuals and can also carry substantial costs related to this activity; in addition denial of loans and even convictions for crimes that an individual did not commit is a possible outcome of identity theft on the federal level. Solutions:
Identifying all the sub categories of identity theft is outside the scope of this paper, however with a general understanding of how it affects consumers and business, as well as the severity of the issue; the next step is to see what can really be done to minimize the damage. One approach to combating identity theft is the implementation of smart cards into the financial system. These cards are designed to incorporate embedded computer chips that rely on encryption algorithms to safe guard the information and aid in authorization of transactions and identity verifications.
If the technology is properly implemented it can really aid consumers, merchants, banks and others in securing transaction and combating identity theft. In addition it will help lower the costs of fraud prevention and provide benefits in the form of creating a more efficient payment system. Such technology has already seen implementation internationally and have proven to be a much more secure and efficient method of payments. “Payment smart cards hold the promise to improve the security of payment authorization and help reduce the costs of identity theft and payments fraud.
Smart cards allow a range of security options and some issuers have implemented the strongest upgrades, while others have not. (Sullivan 2008) The reduced infrastructure costs are yet another benefit that financial institutions can use in favor of implementing the system in United States. However there are some significant challenges moving forward with this system in regard to adaptation of smart cards by issuers, as well as having the whole industry agree on specific security protocols that will be used in the new smart cards.
Identifying the true cost and both hardware and software limitation of the new product is also crucial in preventing adoption limitations. There is also the problem of having criminals shift efforts towards areas of weakness in the security of payments, however due to the lack of competitive advantage in the security standard there is a lack of willingness from the provider’s side in investing time and money. The complex network structure that is required to support the new standards is also a roadblock for implementation and development.
Smart cards have the potential to become the new payment authorization standard but at this time they are facing a number of adaptation and development challenges that are discouraging financial institutions from moving towards them. Enforcement of physical identification cards to improve security is viable way; however a bigger issue of security and lack of it still takes places in many businesses. In the case of ID cards the outcome of implementing such a system would result in large databases of information that will utilize the technology for identification purposes.
The problem here is what goes on behind the closed doors of the organization that houses such large amount of personal data. Part of it has to do with proper disposal of sensitive documents which most consumers don’t shred and even businesses that don’t properly take care of them. Once the information is housed in a database and is protected by firewalls and encryption routines, there is no clear process of how to prevent it from leaving the organization through unauthorized parties, computer theft, loss of physical media or records. …there is a significant need to widely implement measures for tracking and tracing identity thieves and fraudsters once a breach has occurred. There are various means of doing so, whether electronic or physical (Gregory, A. 2008). These undercover tracking and tracing agents can log all the activity that is taking place by phone or email and then can be used for verification purposes and zero out any anomalies or breach attacks. This type of tracking can help companies stay on top of the activities that are taking place and even intervene in the process in order to minimize the outcome of the breach or fraudulent transactions.
It will also help prevent the amount of complains, loss of reputation and damage to the company and its brand. The database of personal data can become quite large and is continuously exposed to security threats and data corruption, that’s why companies hire consultants to investigate risk and exposures of the database information. Consultants check for compliance with Data Protection Act as well as other required transactional practices. In some cases the database can be subjected to quality assessment and data hygiene as to keep the information up to date and as accurate as possible.
The results of the analysis can then be used to create an actionable strategy to manage the databases and maintain integrity and efficiency for both short and long term. An increasing amount of identity theft incidents have also provoked major changes in the financial industry, especially with banking applications and the way that they protect data and ensure legitimate transactions. To insure such security and integrity, financial institutions have integrated biometric technologies such as fingerprint and facial recognition that are mandatory for customers and ensure higher level of security. Biometric methods are based on physiological or behavioral characteristics. Since they take advantage of mostly unchangeable characteristics, they are more reliable than traditional methods of authorization (Koltzsch, G. 2006)” The usage of such technology that can be so closely bound to a physical attribute of a person is very promising, especially in the financial sector and has been looked at it for the last 10 years. However due to the cost and the complexity on the implementation part as well as inconvenience to the consumer, it has not been as widespread as originally planned.
Today this technology is mostly used for standalone applications, such as guarding vaults, high security areas and employee authentication. Customer oriented solutions are still in early development stages and are not fully implemented due to the fear of alienating customers and pushing them away from what they are used to. Another reason for the lack of implementation is the difficulty in standardizing this technology on the international scale. The fear of investing in technology that will not be supported by others is what is slowing the adaptation process down.
However due to the rise in identity theft and phishing cases there has been a new movement towards the development of this technology to prevent loss of information and financial resources. Protecting the payment system depends on the adoption of industry standards for data security and implementation of the new digitally aware way to personally identify an individual. Currently the identification process depends on the Social Security Number as we discussed previously, which is one of the main reasons that identity theft still occurs.
To be affective in protecting the payment system there needs to be a way to properly monitor the compliance of the system and enforce proper penalties in the case of its absence. Payment system participants can also hold each other accountable for the damage in the incompliance of contractual agreements in place. Due to high litigation costs in the event of identity theft, merchants are now implementing new policies that allow them to discard transactional information much faster in order to prevent its exposure to theft. Another fairly recent step taken by the private sector is the development of insurance products to cover losses from identity theft. Coverage for consumers is available from several sources, at a cost of approximately $120 per year, and appears to provide minimal coverage against lost wages, legal fees for defending against lawsuits brought by creditors or collection agencies, and select out-of-pocket expenses (Schreft, S. 2007)”. The down fall of this type of coverage is its limitations. Neither type of uch insurances or proposed coverage will really protect against identity theft risk because the financial sector cannot ensure against systematic risk. This results in the loss of confidence in the system all together therefore creating the possibility of users accessing such services less frequently. Imperfections in the ability to protect the consumer against crime, results in having the government oversee the failures and driving it towards protecting the integrity and efficiency of the financial system. Shortcomings of the System
To combat identity theft is an enormous task that even the government is struggling to achieve. The reason for this is time, money and consistency between financial providers and government levels. Several different attempts have been made to provide tools for consumers to identify theft and report it to the institutions. However even though such systems are in place, many consumers complain that even when such theft occurs and notices are placed on accounts, thieves are still able to steal money under fraudulent identities. They are even able to successfully apply for loans when there are errors in the information provided.
In addition to that the Credit Bureaus have made it close to impossible for an everyday consumer to reach an actual human customer support representative due to the automated telephone systems that have been implemented. Another reason why the system just does not work the way it was proposed, is the cost that the credit bureaus are enduring with the escalation of identity theft cases. The actual costs of thefts are not reflected on the bureaus since they only provide credit reports and credit monitoring services which consumers buy in most cases even if they have been a victim of theft.
The bureaus have no real incentive in helping consumers prevent identity fraud, which is in this case is a conflict of interest for one of the parties involved. This conflict of interests entails in the amount of early revenues that are generates from products such as credit reports and credit monitoring services. The latest offering from the bureaus is an email notification service that notifies the consumers if any changes in the credit records occur and charges a fee for it. One observer has estimated that credit bureaus received $600 million in 2003 from sales of credit reports, credit scores, and credit monitoring services (Hendricks 2003). In such a case the credit bureaus are profiting from the sales of preventive service that prevent the client from the theft that the bureau makes possible. Overestimation of losses is also a shortcoming of the system that is geared toward protecting the consumer in the business of financial transaction and identity information. A claim that identity theft is the fastest growing crime in U. S. is what the consumers are being told on the continuous basis.
Lately the press coverage of this topic has grown significantly and provided a number of related events that claims an affected population of 4. 6% and losses of more than $60 billion dollars a year. What consumers need to take into account is the $50 maximum liability that is provided by the financial institutions, as well as the fact the media is taking into account information theft that did not result in financial losses to the institutions. Such overestimation are leading many consumers away from doing business on the internet and providing erroneous information, while forcing them to implement monitoring services that cost them money.
As was covered before, smart cards is viable solution to the new identifiable information problem, however its shortcoming is the same problem as it exists with current financial tools. The exchange of personal information between the consumer and merchant can still result in letting an impersonator utilize the information to initiate a payment therefore making the smart card inefficient at securing the customer. Conclusion Identity theft is one of the fastest growing crimes in United States, and the real reason behind that is the fact technology innovated at a much greater speed than businesses and consumers have been able to adapt to it.
Because of that the tools that we use to identify ourselves are no longer safe and need to be updated. On the consumer side a variety of tools are available to protect oneself from identity theft. However the cost of such tools can be a draw back in their implementation. On the business sides tools such as high level encryption, RFID chips and transition standards are in development stages and are planned to be implemented in the near future. Identity cards and centralized databases can be the key to solving security epidemic but are not versatile enough and carry overhead cost during the implementation process.
There are many viable solutions to protect both the consumer and the business; the path really depends on cost and time available to either one. Awareness is the best approach to keeping you data safe and secure.