Identity Theft: Exaggerated Risk or Real Threat? Essay

IntroductionYou shoot $92.13c left in your Chase bank account, contact us immediately with your detail to switch from telephone banking to online banking I was in the country scarcely 72 hours and I was already subject to almostone attempting to steal my individualism I am referring to the past summer that I spent in America working beneath a student visa. After registering my alert phone and opening my first American bank account, I started acquiring texts like the one above. This my was my first own(prenominal) exposure to the difficulty of individuality stealth, and after a diligent Google seek to enquire what I was traffic with, I prime that it was a very common occurrence in America More than 57 jillion American adults receive phishing flak catcher emails & texts every year from trimers or cyber thieves who pretend to be trusted aid providers to steal consumer account information, and much than half of those who moveed become victims of personal indisti nguishability stealth (Gartner Research, Phishing round down Victims equally Victims for indistinguishability element Theft). Lucky I didnt respond to that text then, arent I? That was just my olive-sized run in with what has become a global problem over the farthermost decade.And, the more I delved into the reading for this topic, the more I became aware of the vast amounts of literary works available to me. I felt none of the other topics for this assignment had much(prenominal)(prenominal) in depth reading, which was mostly available online to me. T here was online e-books, some of which I purchased identity Theft Secrets Exposing The Tricks of The Trade By Dale Penn, and Double Trouble by Neal OFarrell. Research websites were also patronful, like the Gartner Research website. I found some very interesting websites online, one of which Ill give a mention Publications USA an American government run website, it had a part to provide American consumers with information on Identity Theft. Sites like these helped me assure the bear on of Identity Theft on the consumer, how the consumer battles it and ultimately this showed me how melodic phrase must(prenominal) deal with it, in their every day transactions with consumers.There was a vast amount of Scholar articles I found online, through Google scholar of course, they took very interesting views on the problem, and posed some very skillful questions. These articles include Did Privacy issues become identity theft? to articles such as Identity theft Myths, Methods and the New Law. Also, plainly with a quick demeanor at the papers every Sunday for the past hardly a(prenominal) weeks, I found plenty of material in them Papers such as the Sunday line of descent Post, The Financial Times, The Guardian & The Irish Times.They unceasingly provided me with something to read that was related to identity theft. After reading all this material, I saw two sides of the argument. Most do believe Id entity theft is a Real Threat to occupancy and consumers alike. I provide pronto look at how much of a problem this has become, and I provideing then train to some of the study contents, and the impact of these fibers on backing. However, in that location are the those that believe Identity theft is over exaggerated, I will look closely at how look intoers collect their data for inquiry, and I will also look at the impact of this over-exaggeration at heart military control, how it has sparked some companies inwardly the protection railway line to come under scrutiny for over-exaggerating the gamble of Identity Theft.Why and how do Identity Thieves do it?Cybercrime has surpassed illegal drug trafficking as a crime enterprise Symantec Corporation, 2009 Identity thieves use the Internet as a weapon against individual consumers by taking personal and monetary information, such as recognise card numbers and social credentials numbers, and then using that informati on to, purchase reapings or launder currency (Identity thieves have been contendn to purchase cars and homes or even create guilty records under a nonher individuals identity) Overseas Digest, When regretful Things Happen To your grievous Name.Such a scheme can be devastating for an identity theft victim and can create financial costs for credit card companies and other commercial entities. According to Columbus state university look into, calculating machine fraud in general, in spite of appearance the U.S. alone, exceeds $3 billion each year, and in the U.K. exceeds 2.5 billion each year Columbus State University, 2011. These statistics alone show the massive impact of computer fraud and identity theft on the rescue and billetes in the world we live in today. It shows what a lucrative trading Identity Theft has become today.Cases of Identity Theft Causing a Real Threat in Business Arguably the most illustrious miscue of Identity Theft is that of Frank Abagnale, who was depicted in the 2002 Hollywood blockbuster movie Catch Me if You Can DreamWorks (film), 2002. In the 1960s, Abagnale eluded authorities by posing as characters such as an airline pilot, doctor, assistant lawyer General, and history professor, all the while racking up $4 million in unhealthful cheques Posing Facts, 10 bizarre cases of Identity Theft. This bizarre case of Identity theft is portrayed in a comical sand in the film, with Tom Hanks left chasing shadows. But for businesses in todays society it is far from comical, as the protection of consumers information poses major issues within business today. The best way to see the affects of Identity Theft on business is to actually backpack a look at some of the major cases within the last hardly a(prenominal) days. This will show the business issues and the implications it is having on business on a daily basis.The headlines within the last few years have highlighted the threat that Identity Theft poses. In what was dub bed at the time the largest ever case of identity theft to be prosecuted by the American Department of Justice CBS News, twenty-third Feb 2010, the Miami Hack hatch (dubbed that by Miami New Times, May 20th 2010) stole over coulomb million credit Card details over the course of 4 years. The credit card details, which they hacked, were stored by a number of companies one of which was T.J. Maxx, a British retailer (they would be known here in Ireland for their mountain chain of stores called T.K. Maxx).The hackers gained access to the attach to systems of T.J. Maxx and stole personal information of over 45 million credit card and debit cards in July 2005. These cards belonged to the companys customers who purchased items from January 2003 to November 23, 2003, even the company did non discover the theft until much later in 2007 Identity Theft Awareness, 2011. Deepak Taneja, chief executive of Aveska, a inviolable that advised the company on information security commented at th e time Its not clear when information was deleted, its not clear who had access to what, and its not clear whether the data unplowed in all these files was encrypted, so its very hard to know how big this was, St. Petersberg Times, thirtieth March 2007 This quote shows the issues TJ Maxx faced at the time.They simply didnt know how large this was, added to this was the event that it took nearly 2 years to find the fail. A combination of the above led to huge consumer breach at the way T.J. Maxx handled their customers information, and left consumers baffled as to why T.J. Maxx held onto the details for 2 years after the transactions had taken place. Many experts speculated that TJ Maxx would suffer dearly for the incident. Customers would abandon the marker for fear their personal information would be exposed, and investors would avoid the brand be instance of crippling fines and costs faced by the company. However, in the 12 months that followed the announcement of the breach , TJ Maxx never looked better.Revenues increased Profits increased, and share equipment casualty increased Neal OFarrell, Double Trouble 12 Reasons why were Losing the fight against Identity Theft. But what does this mean? Could this have been contrived as a clear message to TJ Maxx and other businesses that not only is a data breach no big deal any more, except it may just be another acceptable cost of doing business? Perhaps. But there is still no doubting the probable impact of a companys consumer information being breached.And, in the case of TJ Maxx, if the right procedures were followed, this kind of occurrence may have been preventable. Despite the fact their nock and profits didnt suffer, TJ Maxx realised this was a major incite up call. And it was still a learning curve for any business looking in. Lessons must be learnt 1) Collect only the minimum personal customer information needed to complete a business transaction. 2) remain the collected personal information fo r only as long as needed per business and legal requirements. 3) Monitor systems to detect unauthorized package and suspicious network traffic such as unusual data download in terms of size and time. Identity Theft Awareness, 2011.Businesses must ceaselessly consider their risks and assess their internal controls to prevent costly incidents and their unintended consequences. As far as TJ Maxx, the company spent over $130 million to deal with the consequences of this international identity theft case. Even though their Brand didnt await to suffer, and profits rose and investment wasnt hindered, TJ Maxx couldnt afford to take this risk again. Neal OFarrell, Double troubleThe second case Ill look at is that of Sonys PlayStation Network hack originally this year. The details of 77 million of Sonys online PlayStation Network customers were breached. This most modern major intrusion has shown that Identity Theft is still a major issue for large corporations. This case again raised ma jor questions close online transactions The Guardian, April 2011. Confidence in E-Commerce has always been a major problem for business OECD Reinforcing consumer sureness- Key to Boosting e-commerce, it has been for years, after all, its the reason that most presuppose twice forrader making an online purchase, its that lingering feeling that overshadows an online purchase.It is an hindrance that is being slowly removed, but set backs like this do not help, as Steve Curran, creative director at the Brighton- base studio Zoe Mode, told Develop cartridge clip From my perspective, the bigger issue is not about the PlayStation Network, but confidence in digital distribution generally. For every story like this that breaks in the mainstream press, consumer confidence about their details being safe is eroded. Confidence in online transactions has been building up, and I think will continue to, but this is a blip. It could be a little step back Develop magazine, Digital distrust coul d follow, 2011. This hack was a major set back for the companys on going battle for control of the gaming market with Microsofts Xbox. And it was up to Sony to rebuild confidence in their brand after the major breach The Guardian, April, 2011.Is it an Exaggerated Risk?One thing I did notice when I was doing my research was that, most of the information we have on cyber crime losses is derived from surveys. But can one form an accurate estimate by survey alone? J. Ryan & T. Jefferson claim in their book The Use, Misuse, and Abuse of Statistics in Information Technology, that losses are extremely concentrated, so that articulation sampling of the population does not give representative sampling of the losses as a whole. They also argue that losses are based on unverified self-reported numbers. Not only is it possible for a virtuoso outlier to distort the result, we find bear witness that most surveys are dominated by a minority of responses in the upper tail J. Ryan and T. I. Jef ferson The Use, Misuse, and Abuse of Statistics in Information tribute Research. In the 1983 Federal Reserve Survey of Consumer pecuniary resource an incorrectly recorded answer from a single individual mistakenly in inflated the estimate of US household wealth by $1 trillion.This single error added 10% to the total estimate of US household wealth Dinei Florencio & Cormac Herley, Microsoft research Sex, Lies and Cyber- offensive activity Surveys. In the 2006 Federal Trade heraldic bearing (FTC) survey of Identity Theft the answers of two respondents were discarded as not being identity theft and inconsistent with the record. Inclusion of both answers would have increased the estimate by $37.3 billion, in other course it would have changed the estimate 3 fold Federal Trade fit, 2007. In surveys of intimate behaviour men consistently report having had more female sex partners than women report having had male sex partners (which is impossible). The difference ranges from a facto r of 3 to 9. It is pointed out that a tiny portion of men who claim, e.g., 100 or 200 lifetime partners account for most of the difference.Removing the outliers all but eliminates the dissimilarity Florencio & Herley, Microsoft Research. These seem like simple mistakes, which could be avoided, however safeguards against producing these erroneous results seem largely ignored when it comes to Cyber-Crime surveys Florencio & Herley. So, what does this potential over exaggeration mean for business? This over exaggeration and bad estimates can have huge consequences on both resource allocation and in constitution issues within business and government alike. Imagine this, in a simple scenario a research company comes out with s differentiategering new figures about the rise in Identity theft, online fraud, and the number of companies being sued by customers who were affected by their bad data protection protocols. This type of scenario has happened before take for example the research c onducted by the ITRC (Identity Theft Resource Center) in 2008.They reported that info Breaches soared by 47% over 2007 ITRC, 2008 Data Breach Totals Soars. These kind of estimates can cause alarm bells to ring for some businesses, they in turn may manage more funds into the data protection systems in their own firm to prevent what they believed were Real Threats. Yet, as highlighted above there could be major issues with these statistics, and Florencio & Herley even mention the discrepancies of the ITRC yearly surveys in their book.Again, imagine the implications of such research on policy issues, especially government policy issues. If the government take the results of a certain survey on Identity Theft as a perceived Real Threat, and adopt major measures to take in charge it, it could have major implications on business. For starters, it could damage consumer confidence in E-Commerce. Like I mentioned before, its the reason we all think twice before making a purchase online an d isnt it the reason for the introduction of prepaid Credit Cards? People who have never experienced Identity Theft take measures to avoid it. And this could be all down to policy measures.Exaggerated Risk on business in the industryOn twenty-ninth March 2011, CPP congregation PLC, a British based company selling life assistance products, announced that the Financial Services potency (FSA) would be launching an investigation into the sale of one of its products to U.K. customers. The product included serve such as credit-score monitoring, an Internet search facility sharp-sightedness the user of inappropriate use of their data and a caseworker to help the person reinstate their identity The York offer, 30th March 2011. The financial services Authoritys investigation centres around allegations that CPP overstated the risk of identity theft when selling insurance for that purpose. As a result in the investigation, CPP had to suspend all sales of its identity theft protection prod uct with immediate effect. The product includes services such as credit-score monitoring, an Internet search facility alerting the user of inappropriate use of their data and a caseworker to help the person reinstate their identity.And, after announcing the give-and-take to the capital of the United Kingdom stock exchange, shares in CPP fell a staggering 46% from 2.35 to 1.50, within one day of trading Financial Times, March 2011. The reason for this dramatic precipitation was, as Chief Executive Eric Woolley stated, Card and identity protection products in the U.K. accounted for more than 60 per cent of CPPs business Eric Woolley, March 2011. This shows how exaggerating the risk of Identity theft within this type of organisation can cause massive losses for a business. In one fowl glide CPP Croup PLC lost almost half its market capitalisation, just because they were under investigation for over stating (A.K.A Exaggerating) the risk of Identity theft through calls to potential cu stomers. This example shows that some can, and do, overstate the risk of Identity theft, and they reap the rewards as a result, as they can sell the technology to tackle it. certaintyIn the introduction I provided an overview of some of the literature and then within the assignment I took a look at both sides of the argument. through with(predicate) the major cases above I have shown how Identity Theft is a Real Threat to business. However it is also a threat to small businesses, small businesses must follow the same guidelines as highlighted in the TJ Maxx instance. disaster to could possibly lead to the damaging effects of major fines, lawsuits and the damaging of the brand image of a company, as well as deterring investors. Dont forget the wider implications for business, with the growing trend towards e-commerce, many companies want to take good of this, however major data breaches as seen above can strangulate the consumer confidence and set back this industry. Again this i s a threat to business in this area.Is Identity theft over-exaggerated? You may think I strayed from the point a little here, but I felt it was important to look at this side of the argument, and what drives it. What mainly drives it is that backing of the argument that the surveys conducted are unreliable. I am personally not over awed by this argument, however the mint who make the argument point to some interesting evidence of the inaccuracy of surveys from some top researchers in Identity Theft. A look into the CPP Group case gives another side to the exaggerated risk argument. Do people/corporations over-exaggerate the risk for their own benefit? Perhaps. But that is where regulation steps in, and in the case of CPP they had to change their marketing strategy within a few weeks once the FSA began an investigation. Overall, this was a very interesting topic to research, and it opened my look to some new areas of IT within business and some of the problems it must tackle.Biblio graphy1.Gartner Research, Phishing Attack Victims Likely Targets for Identity Theft, 4th May 2004 (http//www.social-engineer.org/wiki/archives/IdTheif/IdTheif-phishing_attack.pdf)2.Symantec Corporation Cyber Crime has Surpassed Illegal Drug Trafficking as a Criminal Money-maker 1 in 5 will become a Victim Sept tenth 2009 (http//www.symantec.com/about/news/release/article.jsp?prid=20090910_01)3.Overseas Digest Identity Theft When Bad things Happen to your Good Name. February 2001 (http//www.overseasdigest.com/odarticles/idtheives.htm)4.Columbus State UniversityIs There a credentials Problem in Computing? -17 February 2011 (http//csc.columbusstate.edu/summers/notes/security.htm)5.DreamWorks (film) Catch me if you Can December twenty-fifth 2002 (http//www.angelfire.com/biz7/netmeeting/catchme.html)6.Stefan Nagtegaal Data Theft 100 million Records stolen 13th August 2008 (http//whereismydata.wordpress.com/tag/tjx/)7.CBS News 11 Indicted in Largest ID Theft Case Ever Feb 23rd 2010 (http//www.cbsnews.com/stories/2008/08/05/tech/main4323211.shtml)8.Miami New Times The Biggest Identity case ever. Right here in Miami May 20th 2010 (http//www.miaminewtimes.com/content/printVersion/2270696/)9.Identity Theft Awareness TJ Maxx Identity Theft 2011 (http//www.identity-theft-awareness.com/tj-maxx.html)10.St. Petersberg Times TJX Hacker Theft May be Largest Security Breach. Data from 45.7-million Cards illegally Obtained March 30th 2007 (http//www.sptimes.com/2007/03/30/Business/TJX_hacker_theft_may_.shtml)11.Neal OFarrell E-BOOK Double Trouble 12 Reasons why were Losing the Battle against Identity Theft 2011 (http//www.identityguard.com/downloads/ebook-double-trouble.pdf)12.The Guardian PlayStation Network Hack Industry Reactions and Theories 29th April 2011 (http//www.guardian.co.uk/technology/gamesblog/2011/apr/29/psn-hack-industry-reactions?INTCMP=ILCNETTXT3487)13.OECD Reinforcing consumer confidence- Key to Boosting e-commerce 16TH November 2009 (http//www.oec d.org/document/20/0,3746,en_21571361_43348316_44078356_1_1_1_1,00.html)14.Develop Magazine Dvs on PSN hack digital distrust could follow 27th April 2011 (http//www.develop-online.net/news/37568/Devs-on-PSN-hack-Digital-distrust-could-follow)15.J. Ryan and T. I. Jefferson The Use, Misuse, and Abuse of Statistics in Information Security Research 2003. (http//www.belt.es/expertos/HOME2_experto.asp?id=5752)16.Dinei Florencio & Cormac Herley, (Microsoft Research) Sex, Lies and Cyber-Crime Surveys. (http//www.belt.es/expertos/HOME2_experto.asp?id=5752)17.Federal Trade Commission 2006 Identity Theft Survey Report November 2007. http//www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf18.ITRC 2008 Data Breach Total Soars June 15th 2009 (http//www.idtheftcenter.org/artman2/publish/m_press/2008_Data_Breach_Totals_Soar.shtml)19.The Financial Times CPP in free fall amid FSA worries March 29th 2011 (http//www.ft.com/intl/cms/s/0/89a516dc-5a38-11e0-86d3-00144feab49a.htmlaxzz1eB8FvcKU)2 0.The York Press FSAs concerns contested as CPP Claims highest level of integrity - March 30th 2011 (http//www.yorkpress.co.uk/news/business/news/8941469.Watchdog___s_concerns_contested_as_CPP_claims____highest_levels_of_integrity___/)