Table of Contents
Introduction
Identity fraud and identity theft are expressions used when referring to any kind of crime where an individual wrongfully gains access to, and uses another individual’s personal data in a manner depicting deception or fraud, usually for economic gain (Harrell and Langton, 2013). The loss of money for victims of identity theft comes following a sequence of events with identity theft being at the forefront. What is of concern to many victims of identity theft is not only the theft of their identities, but more importantly the financial losses that the act enables. Identity thieves use the personal information of their victims to employ falsified financial transactions that make them money.
Whereas theft of mail, social engineering and other nontechnical tactics may sometimes be employed to gain access to personal data, the use of technology to duplicate data from debit and credit cards when used in legal financial transactions is what is most worrying. Such data is often then employed to generate duplicate debit and credit cards, which the criminals use to fleece bank accounts or accumulate large credit card balances. These criminals normally possess high technical knowledge levels in order to develop these skimming devices. More so, they are able to install these gadgets in ATM’s (Automated Teller Machines) or POS (Point-of-Sale) terminals in order to gain access to the PIN’s (Personal Identification Numbers) and card data of their victims.
Lai et al. (2012) contend that investigative opportunity that is available exists in the form of seized ATM overlays or altered POS terminals. It is surprising how much information can be gathered from examining electronic devices that have apparently been seized or recovered. Gadgets such as cellular telephones, computers and similar devices fall in this category. Over the years, forensic experts have examined such devices and been able to recover valuable evidence. However, what many people do not know is that devices like hidden cameras, altered POS terminals, ATM skimmers and many other similar gadgets, once seized are able to produce valuable forensic clues for examiners and investigators, provided the technical details of their structure are keenly evaluated.
Analysis
Since identity theft is concentrated on impersonation, numerous attempts have been made to find solutions based on the methods used by criminals to claim another individual’s identity. In this regard, authentication, which refers to the process of approving someone or something is genuine is used. In order to authenticate a personal identity, several authentication factors are used, which are generally categorized into something you are, something you know and something you have. In light of this, documents such as credit cards and identification documents are something one has, PIN’s (Personal Identification Numbers) and passwords are something one knows whereas biometrics that includes faces, and fingerprints are something one is.
The fundamental mode of authentication used in online banking is a password and username. The username could be an individual’s bank card number, his or her bank account number or their given name. On the other hand, the password may normally comprise of a sequence of characters namely, numbers, letters and probably symbols and punctuations, which either the client may have chosen for themselves or have been allotted by the specific institution. Thus, online authentication utilizes a single authentication aspect based on something the individual knows. Conversely, according to Romanosky et al. (2011), ATM machine authentication consists of a credit card or bank card and a Personal Identification Number, which the client could either choose for themselves or have it assigned to them. Hence there exists a two-factor authentication process in ATM banking namely something the individual knows, in the form of a PIN as well as something he or she has in the form of a card.
The most common mode of identity theft that is especially associated with online banking nowadays is called phishing. In this mode of identity theft, an individual is tricked into disclosing their identification details, which are then used to make falsified transactions. With the current situation as it stands, a few measures can be employed to curb the identity theft problem present in especially the financial sector. By educating people on the likelihood of phishing attacks and the need for password secrecy, a great deal of fraud could be avoided. Additionally, improving methods of authentication, which include the use of multi-factor authentication would be a more advanced and secure form than the current simple systems.
However, to clearly have a hold on identification theft and perhaps completely obliterate its presence, it is imperative that it be examined in a broader context of liability and economics. Lai et al. asserts that quite recently, identity theft’s investigative processes have had several identification ways used for authentication. The majority of these techniques have been necessitated by new requirements from the FFIEC (Federal Financial Institute’s Examination Council) in the US, who indicated that the use of single-factor authentication was no longer suitable for internet banking. Consequently, the majority of US banks have employed various means to improve customer authentication. For instance, various banks are issuing their customers with unique cards that look like bingo cards.
When customers are being authenticated, they are prompted with row and column numbers whereby they are obliged to give the secret number in the corresponding cell. In this way, authentication is seen as being done twice, for security purposes, of course alongside the traditional password and username. In this way, any imposter will be unable to illegally access the customer’s bank account since he or she will not be having the security card. Consequently, the fraudster will be unable to look-up the right information contained in specific cells.
According to Romanosky et al. (2011), another acceptable authentication example in the identity theft investigative process would be to request the client to provide more secret information, besides the password and username.
Thus, a bank site might demand a sequence of answers and questions from the client in the form of his or her preferences or personal history such as the client’s favorite food or his or her mother’s maiden name. Anybody accessing the bank site thereafter should give the correct answers to these questions, which would otherwise prove quite challenging for an imposter. Additionally, some banks are conjoining these questions with ways of keeping track of specific infiltration of client accounts using different computers. A computer that is seeking to log into the account and has no evidence of being used before will have to answer some of these extra personal questions to discern whether it is the work of an identity thief or if it is the real account holder.
Identity is an exclusive piece of information linked to an entity. It is thus an assemblage of traits that are assigned by another or are inherent. The color of a person’s skin or their hair and whether such an individual considers himself or herself attractive constitutes that person’s identity. Thus, physical characteristics may be deemed as transactions. For instance, it would be easy for a bookstore keeper to recall a customer’s build or face even if that customer has visited the bookstore on only one occasion.
The provision of extra information however, particularly in digital circles exposes an individual to the likelihood of identity theft. In a system, that has set compulsory traceability laws, the government can, under special circumstances acquire a person’s real world identity. This means that the government can even demand the key to decrypt any encrypted personal information under such circumstances (Ohm, 2012). This infiltration of private information is considered legal in cases where an individual is suspected of espionage or is involved in covert undertakings that the government considers a threat to national security. In such instances, the individual’s rights with regard to the First and Fourth amendments are considered inapplicable.
We can do it today.
Conclusion
Since there is nothing that can stop the transmission of false information about someone, or the duplication of details concerning another person’s identity, there should be extra need for institutions and especially financial institutions to concentrate more on the verification of clients than revelation of the individuals’ data. However, even though the Fourth amendment in the constitution of the United States clearly provides that individuals should be secure in their papers, houses, and persons against any unreasonable seizures and searches, situations that entail probable cause for the same make the ‘reasonableness’ factor necessitate warrants by the authority. In this regard, the authorities may infiltrate personal information of an individual who is inclined to or is suspected of indulgence in identity fraud or theft.3
- Harrell, E., & Langton, L. (2013). Victims of identity theft, 2012. Washington DC: Bureau of Justice Statistics, 26.
- Lai, F., Li, D., & Hsieh, C. T. (2012). Fighting identity theft: The coping perspective. Decision Support Systems, 52(2), 353-363.
- Ohm, P. (2012). The Fourth Amendment in a World Without Privacy.
- Romanosky, S., Telang, R., & Acquisti, A. (2011). Do data breach disclosure laws reduce identity theft?. Journal of Policy Analysis and Management, 30(2), 256-286.