Combating Identify Theft: A Theoretical Framework - PowerPoint PPT Presentation

1 / 34
About This Presentation
Title:

Combating Identify Theft: A Theoretical Framework

Description:

Why should we study the identity theft problem? What are the parties involved in ... The serious problem of ID theft. ID theft is a rapid growing epidemic ... – PowerPoint PPT presentation

Number of Views:102
Avg rating:3.0/5.0
Slides: 35
Provided by: yufei
Category:

less

Transcript and Presenter's Notes

Title: Combating Identify Theft: A Theoretical Framework


1
Combating Identify TheftA Theoretical Framework
2
Agenda
  • Why should we study the identity theft problem?
  • What are the parties involved in combating
    identity theft?
  • What are the further research questions?

3
The serious problem of ID theft
  • ID theft is a rapid growing epidemic
  • For the criminal, ID theft is a low-risk,
    high-reward endeavor
  • For the victim, it is a sudden and long-term
    nightmare
  • But for some banks, they prefer writing it off as
    a cost of doing business rather than prosecuting
    the thieves
  • ID theft also threats the national security

4
Why should we study the identity theft problem?
  • Identity theft a serious and growing problem
  • We have heard a lot of stories
  • But we do not have an effective, systematic
    solution to the problem
  • To solve the problem, we should have better
    understanding of the problem

5
What is Identity
  • In our identity theft study, identity is
    considered as identity certificates and identity
    information that can uniquely identify the
    identity owner for granting services and thus is
    the main targets of identity theft.

6
What are the parties involved in the normal use
of identity?
  • the identity owner, who owns and legally uses
    various kinds of identity for different social
    and financial activities
  • the identity issuer, who authorizes and issues
    identity to provide the owner the proof of
    identity and the right to acquire related social
    and financial services
  • the identity checker, who verifies the identity
    of the identity owner and permits related
    services

7
Identity Owner
Issue ID
Authenticate service
Apply for ID
Submit ID
ID verification
Identity Issuer
Identity Checker
ID confirmation
A Normal Identity Management Process
8
Identity theft
  • Identity theft (ID theft or IDT) is a crime
    resulting from unauthorized and fraudulent use of
    someone elses personal identity and other
    relevant information.

9
Who are the identity thieves?
  • The identity thief steals and counterfeits
    identities for financial or other purposes, and
    fraudulently abuses the rights and interests of
    the identity owner and authorized service
    providers.

10
ID theft Activities
Identity Owner
Issue ID
Authenticate service
Apply for ID
Submit ID
ID verification
Identity Issuer
Identity Checker
ID confirmation
Steal ID
ID counterfeit
ID fraud
Identity Thief
11
Identity Theft Activities
  • Identity thieves commit fraud through two steps
  • The first step is to steal someones identity or
    create a fake identity.
  • The second step is illegally using a fake
    identity, to gain access to the victims
    financial services or to commit crimes under
    other ones name.
  • Understanding and analyzing identity theft is a
    very important and basic step in combating
    identity theft.

12
Who is the thief and who is the victim?
13
Picture of Embezzlers
  • We need to investigate the ID theft Who, When,
    Where, How, Why
  • Managers are 16 times more than Employees
  • Men are 4 times more than Women
  • 60 Years Old are 28 times more than 25 Under
  • Post Graduates are 5 times more than High School
    Graduates

Ref F. W. Abagnale, The Art of the Steal
14
References
  • US Federal Trade Commission (FTC), National and
    State Trends in Fraud and Identity Theft,
    January-December 2003, 22 January 2004
    http//www.consumer.gov/sentinel/pubs/Top10Fraud20
    03.pdf.
  • F.W. Abagnale, The Art of the StealHow to
    Protect Yourself and Your Business from Fraud,
    Americas 1 Crime, New York, Broadway Books,
    2001
  • B. McCarty, Automated Identity Theft, IEEE
    Security Privacy, Vol. 1, Iss. 5, Sept.-Oct.,
    2003, pp. 89-92

15
How to combat identity theft?
  • How can we minimize the risk of identity theft?
  • How to detect and prevent identity theft? Has
    government done enough to stop the criminals?
  • Can encryption technology prevent identity theft?
    Should we use more secure IC card?
  • Should we use more advanced biometrics and online
    authentication? Will customer like it or not?
  • Will fingerprint help to prevent terrorist?
  • Have we paid enough attention to helping the
    victims?

16
Who is responsible to combat identity theft?
  • The customer?
  • The bank?
  • The IT professional?
  • The government?
  • The police?
  • The e-commerce companies?
  • What are the roles they play in combating
    identity theft?

17
Who are responsible to combat identity theft?
  • The identity owner?
  • The identity issuer?
  • The identity checker?
  • and
  • The identity protector, whose major duty is to
    safeguard the rights and interests of other
    stakeholders through legislation, detecting and
    prosecuting identity thieves

18
Combating ID theft
Identity Owner
Issue ID
Authenticate service
Apply for ID
Submit ID
ID verification
Identity Issuer
Identity Checker
ID confirmation
ID theft Protection
Steal ID
Identity Protector
ID theft Protection
ID theft Protection
ID counterfeit
ID theft Detection Prosecution
ID fraud
Identity Thief
19
How to combat identity theft?
  • Prevention
  • Identity theft can be prevented by various
    measures and technologies, including education
    and guidance, prevention technologies, and
    prevention mechanisms and policies.
  • Build-in security feature, Digital certificate,
    Biometrics authentication, PKI encryption

20
How to combat identity theft?
  • Detection
  • Early detection of identity theft will clearly
    reduce potential loss, and early detection of
    identity theft provides better evidence that is
    essential to prosecute criminals.
  • Biometrics and online authentication
  • Monitoring and auditing

21
How to combat identity theft?
  • Protection and Prosecution
  • Certain laws have been enacted specifically to
    protect identity owners and their personal
    information, and to prosecute identity thieves
  • U.S. Identity Theft and Assumption Deterrence Act
    (1998)
  • Notification of Risk to Personal Data (2003)
  • The Identity Theft Penalty Enhancement Act (2004)
  • Canadian Personal Information Protection and
    Electronic Documents Act

22
The potential use of the framework
  • Understanding
  • Assessing identity theft risks and
    vulnerabilities
  • Identifying the roles and interactions of various
    stakeholders

23
The potential use of the framework
  • Development
  • Developing a systematic and effective security
    strategy
  • Context analysis for multiparty security solution
    development
  • Supporting multiparty collaboration in the
    identity management process

24
The potential use of the framework
  • Evaluation
  • Examining the efficiency and effectiveness of
    countermeasures from multiple perspectives
  • Studying the impact of changes in one activity on
    other activities and stakeholders
  • Evaluating the balance between the need for
    privacy protection and the need for identity
    information gathering to combat identity theft

25
References
  • R. Pinheiro, Preventing Identity Theft Using
    Trusted Authenticators, Journal of Economic Crime
    Management, Vol. 2, Iss. 1, Winter 2004
  • E. Damiani, S. De Capitani di Vimercati, and P.
    Samarati, Managing Multiple and Dependable
    Identities, IEEE Internet Computing, Vol. 7, Iss.
    6, Nov.-Dec., 2003, pp.29-37.
  • L. J. Camp, Digital Identity, IEEE Technology and
    Society Magazine, Vol. 23, Iss. 3, Fall 2004,
    pp.34-41
  • K. M. Saunders and B. Zucker, Counteracting
    Identity Fraud in the Information Age The
    Identity Theft and Assumption Deterrence Act,
    International Review of Law Computers
    Technology, vol. 13, No.2, 1999, pp. 183-192.

26
Some further Research Questions
  • Identity Theft Risk Management
  • Cost and Benefit Analysis of Countermeasures
  • Multi-party Coordination in Combating Identity
    Theft
  • Privacy issues

27
Identity Theft Risk Management
  • Identity theft is a risk that businesses must
    manage.
  • Risk management is the systematic application of
    management policies, processes, procedures, and
    technologies to the tasks of identifying,
    analyzing, assessing, treating, and monitoring
    risk.
  • The objective of risk management is to protect
    assets from all external and internal threats so
    that the losses resulting from the realization of
    such treats are minimized.

28
References
  • L. OGorman, Comparing Passwords, Tokens and
    Biometrics for User Authentication, Proceedings
    of the IEEE, Vol. 91, Iss. 12, December 2003, pp.
    2021-2040
  • R. Lepofsky, Preventing Identity Theft, Risk
    Management, Vol. 51, No. 10, October, 2004, pp.
    34-40.
  • A. R. Bowden, M. R. Lane, and J. H. Martin,
    Triple Bottom Line Risk Management, John Wiley
    Sons, Inc, Canada, 2001, pp.15.
  • Amanda Welsh, The Identity Theft Protection
    Guide, St Martins Griffin, New York 2004

29
Cost and Benefit Analysis of Countermeasures
  • It is imperative to analyze costs and benefits of
    all kinds of identity theft countermeasures in
    order to achieve a reasonable and effective level
    of security management.
  • Comparing Passwords, tokens, and biometrics for
    user authentication (OGorman, 2003)
  • Should study not only the effectiveness of
    against different attacks, but also cost/benefit
    analysis and user acceptance

30
Multi-party Coordination in Combating Identity
Theft
  • The success in combating identity theft relies on
    joint efforts and coordination among all
    stakeholders, including identity owner, identity
    issuer, identity checker, and identity protector,
    in every relevant activity, such as prevention,
    detection, and prosecution.
  • A chain is only as strong as its weakest link

31
Privacy Protection Issues
  • Authentication requires identity presentation and
    the collection of identity information.
  • However, excessive and inappropriate collection
    without the owners consent may result in privacy
    violations and damage to customer trust,
    effectively driving customers away from the
    business.

32
References
  • M. Head and Y. Yuan, Privacy Protection in
    Electronic Commerce --- A Theoretical Framework,
    Human System Management, Vol. 20, Iss. 2, 2001,
    pp.149-160.
  • G. R. Milne, A. J. Rohm, and S. Bahl, Consumers
    Protection of Online Privacy and Identity, The
    Journal of Consumer Affairs, Vol. 38, No. 2,
    Winter, 2004, pp. 217- 232
  • S. Prabhakar, S. Pankanti, and A.K. Jain,
    Biometric Recognition Security and Privacy
    Concerns, IEEE Security Privacy, Vol. 1, Iss.
    2, Mar.-Apr., 2003, pp.33-42.

33
Proposed ORNEC ID Theft Research Program
  • Project 1. Defining and Measuring ID Theft
    (McMaster, Queens)
  • Project 2. Management Approaches to Combating ID
    Theft (McMaster, Carleton)
  • Project 3. Technical Tools to Address the ID
    Theft Problem (U. of Ottawa)
  • Project 4. Legal and Policy Approaches to
    Identity Theft (U. of Ottawa)

34
Questions and Answers
  • Thanks
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Combating Identify Theft: A Theoretical Framework" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!