1 / 43

Identity Theft and Solutions: Research for the Future

Identity Theft and Solutions: Research for the Future. Dr. Milena Head Associate Professor Director, McMaster eBusiness Research Centre (MeRC) McMaster University. What is Identity Theft?. Any impersonation or misappropriation of an individual's identity.

johnbwalker
Download Presentation

Identity Theft and Solutions: Research for the Future

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Theft and Solutions:Research for the Future Dr. Milena Head Associate Professor Director, McMaster eBusiness Research Centre (MeRC) McMaster University

  2. What is Identity Theft? Any impersonation or misappropriation of an individual's identity

  3. Misusing personal information to … Lease an apartment Open new credit cards Fill out legal documents Obtain passports Open a telephone account Take out loans

  4. What are the implications for victims? • Possible loss of money … and more importantly … reputation • False credit reports that can be difficult to correct • Average cost per victim is $740 US • The average time spent by victims is about 600 hours • Lost opportunities • False arrests • Emotional impact of identity theft has been found to parallel that of victims of violent crime

  5. How big is the problem? • 7 million Americans (3.4% of consumers) were victims of IDT during the 12 months ending June 2003 • 79% increase from previous year! • FTC states IDT is America’s fasting growing crime • Annual cost in the US is $53B (2003) • In Canada, over 600,000 victims during 2003 (3% of consumers) • Annual cost in Canada is $21.5M (2003)

  6. How are identities stolen? • 34% : obtained or forged credit card • 12% : obtained improperly a paper or computer record with personal information. • 11% : stole wallet or purse. • 10% : opened charge accounts in stores. • 7% : opened a bank account or forged cheques. • 7% : got to mail or mailbox. • 5% : lost wallet or purse. • 4% : went to a public record. • 3% : created false IDs.

  7. How is this happening? • Dumpster diving • Shoulder surfing • Bribing • Spyware • Hacking • Online searching of publicly available data • Phishing and spoofing • Designed to fool recipients into divulging personal information • Example: password verification request sent by a victim’s “bank” • Example: fake listings on Monster.com

  8. Who are the thieves? A true story … • Michelle Thibodeau of Worcester, Mass. took her 16-year old son to get his learner’s permit • He already had a driver’s license! • Photo on the license was his father … in jail • Teen started getting notices that he was delinquent in his child support • DoR seized part of his grocery store bagger paycheques • After a year of frustration, had to apply for a new SSN (implications for getting college loans)

  9. Who are the thieves? • Should we just be concerned about hackers? NO! • Most identities stolen from trusted insiders who already have easy access to private information … 70%! • Acquaintances, friends … even family … 16%!

  10. Theory of Human Identification • “Knowledge-based” identification • In possession of information which only that person would be expected to know • “Token-based” identification • Recognized by possession of some item • “Biometric” identification • Variety of identification techniques which are based on some physical and difficult-to-alienate characteristics

  11. Are we careless about our private information? YES In a word … Careless protection of private information Careless disposal of private information

  12. Careless protection of private information • Passwords are a very weak form of protection • Let’s have an HONEST show of hands • 80% select a common password where possible • 67% rarely or never change their passwords • 49% of heavy computer users (more than 10 passwords) write them down • Willing to compromise for a “bribe”! • Not isolated to passwords

  13. Careless disposal of private information • People increasingly are learning to destroy paper-based information that can lead to privacy and security breaches • But still a major issue • Often don’t think to “shred” the data stored at various locations within the computer

  14. Yes, we can be more careful. Is it all our fault? NO In a word … Organizations are careless Procedures and processes are careless

  15. Careless business & government practices • Sloppy security practices • Easy credit • Greater access to personal information • Widespread use of SIN as unique customer identifier • Increasing commercial trade in personal consumer information And a good policy is not enough!

  16. Theory of Human Identification • “Knowledge-based” identification • In possession of information which only that person would be expected to know • “Token-based” identification • Recognized by possession of some item • “Biometric” identification • Variety of identification techniques which are based on some physical and difficult-to-alienate characteristics

  17. The clever identity thief … • Knows personal information AND • has physical items • Tokens can be stolen and altered OR • manufactured

  18. Theory of Human Identification • “knowledge-based” identification • In possession of information which only that person would be expected to know • “Token-based” identification • Recognized by possession of some item • “Biometric” identification • Variety of identification techniques which are based on some physical and difficult-to-alienate characteristics

  19. The promise … … to unequivocally identify individuals The hurdles … … technology, infrastructure, privacy

  20. Stakeholders Identity Protector Identity Checker Identity Issuer Identity Owner Identity Thief From Wang, Yuan and Archer (2004)

  21. Stakeholders • Role • Legally own and use ID • Responsibilities • Safeguard ID • Fast victim recovery to reduce loss • Legally use ID Identity Protector Identity Checker Identity Issuer Identity Owner Identity Thief

  22. Stakeholders • Role • Authenticate and issue ID • Responsibilities • Issue secured certificates • Protect ID certificate & information • Protect ID owner and checker Identity Protector Identity Checker Identity Issuer Identity Owner Identity Thief

  23. Stakeholders • Role • Authenticate ID and provide services • Responsibilities • ID authentication • Provide services to real ID owner • Protect ID information • Protect ID owner Identity Protector Identity Checker Identity Issuer Identity Owner Identity Thief

  24. Stakeholders • Role • Protect and prosecute • Responsibilities • Legislate • Enforce laws • Protect ID owners • Educate and guide • Provide technical solutions • Record and track complaints and detect trends Identity Protector Identity Checker Identity Issuer Identity Owner Identity Thief

  25. IDT Prevention Activities Education Identity Protector Guidance Guidance Identity Checker Identity Issuer Prevention Policies & Tech Prevention Policies & Tech. IDT Alert IDT Alert Identity Owner Identity Thief Self Protection

  26. What research is needed? But first a bit about ….

  27. Established in 2000 Part of the Ontario Research Network in e-Commerce (ORNEC) How we define eBusiness We believe that the “e” will disappear. We are focused on business innovation in the networked economy Our mission: focus on research, education and outreach McMaster eBusiness Research Centre (MeRC)

  28. Research • Interdisciplinary research • Research groups have developed expertise in areas of: • Identity Theft • Privacy • Security • Trust • Consumer Behaviour • Mobile Commerce • eHealth • Portals • Online Negotiation • Supply Chain Management • Interface Design • eLearning • Change Management • Knowledge Management • among others …

  29. Education • Providing graduates with the managerial and technical knowledge demanded and necessary in the electronic marketplace • Undergraduate eBusiness courses • eBusiness MBA specialization • PhD (currently 12 candidates engaged in eBusiness research) • Co-op, internship, full time placements • Opportunities for course projects

  30. Outreach • Providing an interface to facilitate dialogue between academics and business leaders • Distributing research papers and reports • eBusiness Seminar series • Industry speakers in the classroom • On-site executive training programs • On-line courses for SMEs • Supply Chain Symposium • World Congress Conference • eCase Competition

  31. Ontario Research Network for Electronic Commerce (ORNEC)

  32. Initial Researchers

  33. Ontario Research and Development Fund (ORDCF) • 1/3 private sector, 1/3 institutions, 1/3 ORDCF

  34. ID Theft as a Flagship Project Funds assigned by the ORNEC Board of IDT …. $1.9 Million! 3 Expressions of Interest developed

  35. Project 1: Defining and Measuring IDT • Scattered and incomplete Canadian data • Research questions: • What types of stats should be gathered? How? • How can businesses be encouraged to report IDT? • How can technology help to gather stats? • What are the various jurisdictions doing? • What is the magnitude and nature of IDT? • What are the real costs of IDT to consumers, businesses, governments, and the economy?

  36. Project 2: Management Approaches to Combating IDT • Research questions: • How does IDT affect trust? • What are the direct and indirect costs? • What are the risks? • What is the “business case” for stakeholders? • Are current policies & practices effective? • What are the “leak-points”? • What are the costs/benefits of countermeasures? • What is the effectiveness of various multi-party approaches? • How can employee attitudes be improved?

  37. Project 3: Technical Tools to Address IDT • Some available technical solutions: digital signatures, PKI, smartcards, biometrics • Research questions: • How effective are alternative tech solutions? • What is the impact on privacy and other social values? • How can security systems be designed to give consumers informed choice in the level of security they are provided? • Who will manage biometric information? • How can reputation management systems build trustworthiness? • How can user profiling effectively detect IDT?

  38. Is there anything positive we can say about identity theft? It’s a fruitful area for research!

  39. And the last word by William Shakespeare … Who steals my purse steals trash… But he that fliches from me my good name .... makes me poor indeed - from Othello

  40. Thank you Milena Head headm@mcmaster.ca

More Related