Identity Theft Issue - Essay Example

The term computer security is used regularly, but the content of a computer is susceptible to few risks unless the computer is linked to other computers on a network. As the use of computer networks, particularly the Internet, has become widespread, the concept of computer security has expanded to signify issues concerning the networked use of computers and their resources. Computer security is closely connected to such disciplines as ethics and risk analysis, and is considered with topics such as computer crime; the prevention, revealing, and remediation of attacks; and identity and anonymity in cyberspace. In the given paper we will consider the Identity Theft as one of topic related to the ethics in computing, will examine the nature of the given problem, methods of its investigation and prevention. Identity Theft Introduction Information explosion, supported by this period of easy credit, has resulted in the expansion of a crime that is fed by the inability of consumers to trace who has access to their private information and how it is protected. This crime is called identity theft and it refers to the act of stealing victims’ personal information such as name, birth date, Social Security number, credit card number, passport, address, with the aim of impersonating them typically for one’s own financial gain by gaining access to their finances or with an aim of framing the clients’ for a crime. (United States Department of Justice, 2006). It can also be used to facilitate illegal immigration, unauthorized phone or utility services’ use, terrorism, espionage or a permanent change of identity, to obtain medical treatment, or for evading criminal prosecution. Identity theft is sometimes also referred to as “identity fraud” since the criminal personates rather than deletes the victim’s identity. It is usually used to refer to credit card fraud, mortgage fraud and other kinds of financial frauds. How Does Identity Theft Occur? Identity theft occurs in different ways, ranging from negligent sharing of personal information, to deliberate theft of wallets, mail, purses or digital information. For instance, in public places brigands engage in "shoulder surfing" observing you from a close location as you punch in your phone card or credit card number or listen in on your dialogue with somebody if you dictate your credit card number over the telephone. Inside your home, thieves may get information from your personal computer while you are on-line and they are secretly sitting in their own houses. Outside your home, thieves filch your mail, recycling, or garbage. Outside medical facilities or businesses, brigands engage in "dumpster diving" going through trash cans, large dumpsters, or recycling bins to get identity data which includes medical records like prescription labels, debit or credit card receipts, bank statements, or other records that can reveal your name, home, address, or phone number. (Linnhoff, S., & Langenderfer, J. 2004) In the case in the District of Oregon, a group of thieves got identity information by pilfering mail, waste, and recycling material, by breaking into cars, and by hacking into web sites and personal computers. The robbers changed the stolen information for cellular telephones, or other things. Previously to their arrest, they had gained way in to approximately 400 credit card accounts and had made a sum of $400,000 in purchases on those deceitfully obtained accounts. One part of the case included the theft of preapproved credit card solicitations, cards activating, and sending of them to drop boxes or third-party addresses. Another scam included taking names, dates of birth, and SSNs from discarded medical, insurance, or tax information and getting credit cards at different sites on the Internet. The thieves found most credit card companies to be unaware. One of the thieves told about productively persuading a bank to grant a higher credit limit on a fraudulently obtained credit card account. (Perl, 2003) Another aspect of the case included the use of a software application to penetrate commercial web sites or personal computers and mirror keystrokes to get credit card account information. Two of the criminals were prosecuted federally for plan to commit computer fraud and mail theft under 18 U.S.C. §§1030(a)(4), 371and 1708, and consented to the forfeiture of computer equipment got as a consequence of the fraud-related activity pursuant to 18 U.S.C. § 982(a)(2)(B). One defendant was condemned to serve a forty-one month term of imprisonment and pay $70,025.98 in restitution. United States v. Steven Collis Massey, CR 99-60116-01-AA. The other defendant was condemned to serve a fifteen month term of imprisonment and pay $52,379.03 in restitution. United States v. Kari Bahati Melton, CR 99-60118-01-AA (Perl, 2003) Identity theft statistics The spread and effect of identity theft as implied by surveys in the USA for the period between 2003 and 2006 show a decrease in the number of victims but an augment in the total sum of identity fraud to US$56.6 billion in 2006. The average fraud per person rose from $5,249 in 2003 to $6,383 in 2006 (Privacy Clearing House, 2006) A survey from the Identity Theft Resource Centre (ITRC) in 2003 found that only 15% of victims find out about the theft due to a practical action taken by a business with the average time spent by victims resolving the problem being approximately 600 hours. It also implied that 73% of respondents indicated that the crime involved the thief acquiring a credit card. Identity theft is a rapidly growing crime in America with the people spending on average about 175 hours and some $1000.00 repairing the damages. In Australia identity theft was evaluated to be worth between AUS$1billion and AUS$4 billion per annum in 2001. (Australasian Centre for Policing Research, 2006) In the United Kingdom the Home Office declared that identity fraud costs the UK economy £1.7 billion (Home Office, 2006) Identity theft statistics are in part collected from police reports but a large percentage of cases are still not reported to law enforcement agencies. This makes it not possible to determine the exact numbers. Figure showing the Identity Theft Statistics - Cases per year. (Adapted from; the Identity Theft Prevention and Victim Assistance Center.) The identity theft effects The general effects of identity thefts include the loss of large sums of money to both individuals and to businesses. Worse still further losses are incurred in the rising costs for services and goods in an attempt to make up for losses to businesses. Further, ending up a victim of identity theft will cost approximately 30-60 hours and maybe weeks or several months of time in between to clean up the mess resulting from an identity fraud (Zitz, 2006). Credit card fraud accounts for the better percentage of the identity thefts with victims reporting that a credit card was opened in their name or that unauthorized charges were being placed on their existing credit card, new bank accounts being opened in the victims’ name, fraudulent checks being written and unauthorized withdrawals being made from their accounts. Also cases of the thief obtaining either personal, auto, real estate or business loans using their victims’ information and details have been reported. Identity thieves can also establish new telephone, cellular and other utility service or access existing accounts at the expense of their victims. Other effects include the wrong use of the victims’ personal information to gain employment, obtain tax refunds, acquire medical services, evade legal sanctions and criminal records, declare bankruptcy, lease residences, and purchase or trade in securities and investments. (FTC, 2002) Measures directed on the identity theft prevention A study of the California Public Interest Research Group and the Privacy Rights Clearinghouse found out that the average time needed for identity theft victim to realize something has occurred is about fourteen months within which the thief can leave a trail of unpaid debts with toughest part of these happenings being that the person must prove that they didnt commit the fraud. (Jean, 2001) The US Federal Trade Commission has recommended several precautions to curb identity theft including: Shredding any documents and all paperwork that may have any personal information before disposing them, including bank statements, credit reports, shopping catalogs that you have an account with, insurance papers etc, Using anti-spy ware, firewalls and anti-virus software to protect computers, Being very keen for any discrepancies in statements and any financial bills and following them up to identify their cause, Avoiding the use of common and obvious passwords, like the surnames etc that may be cheap to crack, Never unleash your personal information until you are sure of who you are dealing with, Prefer to type in web addresses which you know other than clicking on links in unsolicited emails, It is advised that personal documents should be kept securely at home, preferably in a fireproof, lockable safe for these important papers, When using an ATM be careful and be certain to close the view when you enter your pin number. If available in your state of residence freeze your credit, so that no one can open any form of credit in your name, When making an order through the phone ensure that no one in the room can hear you or is eavesdropping on you while you are giving the credit card number, Request your own credit report each year and check the reports for inaccuracies and new lines of credit issued that you did not request, Be sure to report any fraud as soon as it is detected to facilitate early investigations and avoid later regrets, It is vital to protect your Social Security number. Do not carry your Social Security card in the wallet or write your Social Security number on a check giving it out only if absolutely necessary and if possible, you can ask for another identifier. By routinely monitoring your financial accounts and billing statements be alert and quick to respond to signs that point to trouble and these may include; Late arrival of bills especially if this is uncommon, Reception of irregular/unexpected account statements or credit cards, The denials of credit for no clear reason, Receiving calls or mails about some purchases you did not make etc. It is recommended that you collect delivered postal mail and if you are going away, make sure that you contact your post office to have all your mail held until your return or have someone you trust collect it for you. It is also advocated that you use ATMs at reputable sites only, while being ardent to note any suspicious attachments to an ATM, and if in doubt, do not use the machine and make sure you report the abnormally. Keep the keypad conceived from the other ATM users to safeguard your password. When shopping online, ensure that the company you are dealing with is reputable. Most of the reputable firms display an approved security symbol and keep the limits of the amount of individual information you publish on the web at a minimum. The cashier or the shop attendant should never handle your credit card out of your sight, do not allow them to! The Pennsylvania Higher Education Assistance Agency (PHEAA), which helps to create access to education for Pennsylvania students, gives some suggestions of urgent actions that must be taken if one becomes a victim of identity theft as: Close the accounts that you know or think have been spoiled with or opened fraudulently, Contact each credit grantor who has opened a deceitful account to let them know that you are not the person responsible for opening the account and have them close these accounts. If you open new accounts, make sure to consign passwords on them. File a report with your local police department and make sure to retain a copy. Contacting the fraud department of each of the main credit bureaus and request that a "fraud alert" be put on your credit file which will serve to ask creditors to be especially cautious in authenticating the identity of anyone claiming to be you. This means that you cannot obtain instant credit, a minor inconvenience in light of the damage identity theft can do. Call the Identity Theft Toll-free Hotline at 1-877-438-4338, the point of contact within the federal government for reporting cases of identity theft. Givens (2006) argues that there is little individuals can do to really prevent identity theft and so true prevention resides within two regimes; Adoption of more helpful application-screening procedures by the credit industry, and The implementation of responsible information-handling practices by employers. An increasing number of identity theft cases are connected with the dishonest employees in the workplace who get the sensitive personal information of employees and customers and disclose it to the identity thieves for a fee. One of the ways to identity theft prevention, therefore, is to defend personal information. Some workplace information-handling practices that can help include (Givens, 2006); The adoption of a privacy policy that includes responsible information-handling practices. This can be reached by appointing an individual and/or department responsible for the privacy policy, someone who can be contacted by employees and customers with questions and complaints. Safely store sensitive personal data in safe computer systems. Encrypt! And protect your wireless network with the appropriate security settings. Physical documents should be stored in safe spaces such as locked file cabinets and these data should only be available to qualified persons. Properly dispose documents, for example by shredding paper, “wiping” electronic files, spoiling computer drives and CD-ROMs, and so on. Avail a document destruction network within the office infrastructure by placing shredders around the office, especially near printers and fax machines, and near waste baskets. Cross-cut (confetti) shredders are preferred to strip-shredders and make sure dumpsters are locked and inaccessible to others. Conduct regular staff training by giving security awareness classes to new employees, temporary employees, and contractors to keep them up to date on any new advances in the field. Random privacy “walk-throughs” can be conducted to make spot checks on appropriate information handling. Employees and departments can be motivated through rewards for maintaining “best practices.” Limit data collection to the minimum data needed. For example, is the serial number really required? And is the complete date of birth needed, or would year and month be sufficient? Limits on data display and disclosure of Social Security number. Do not print full Social Security number on paychecks, parking permits, staff badges, time sheets, training program rosters, lists of who got promoted, on monthly account statements, on customer reports, and so on. Monitor data access. Data access should be restricted to staff with legitimate need to know through the implementation of policies and procedures for securing data of electronic audit trail procedures. This can be supported by enforcing strict penalties for unlawful browsing and access. Conduct employee background checks, particularly for individuals who have access to sensitive personal information. Screen cleaning services, temp services, and contractors. Consider banning or restricting the use of portable storage devices with corporate PCs and safeguard mobile devices that contain personal data, such as laptops, Blackberries, and mobile phones which are a favorite target of thieves. Build up a crisis management plan to be utilized if private employee or customer’s data is lost, stolen, or acquired electronically which should contain instructions to avoid identity theft if social security numbers and/or financial account numbers are acquired illegitimately. Regularly audit compliance with all information-handling practices and privacy policies. Conclusion Identity theft was unmistakably identified as a serious crime two years ago when the Identity Theft Act was passed. Since that time great strides have been made to combat the issue, but much work is still necessary to be done. Law enforcement agencies at all levels, federal and non-federal, must work together to create strategies for the investigation and prosecution of offenders. At the same time, the law enforcement community must work closely with private industry to create effective education and prevention programs. In conclusion, everyone must make it their business to dependably handle personal information in the place of work from the mail clerk to the chief executive officers and always remember; Criminals dont always need sawed-off shotguns and ski masks to make a big haul your social security number, or a pre-approved credit card application from your garbage, could be all they really need. References Australasian Centre for Policing Research (2006), “Identity Crime Research and Coordination”, available at, http://www.acpr.gov.au/research_idcrime.asp accessed on 6th August 2006. Givens, B. (2006): “Prevent Identity Theft with Responsible Information-Handling Practices in the Workplace” Privacy Rights Clearinghouse, available at http://www.privacyrights.org/ar/PreventITWorkplace.htm accessed on 5th August 2006. Federal Trade Commission (2006): “Fighting back against identity theft”, 600 Pennsylvania Ave., NW, H-130 Washington, DC 20580 http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt01.htm, accessed on 5th August 2006. Federal Trade Commission (FTC)s 2002: “Identity Theft Statistics” available at http://www.creditinfocenter.com/identity/IDTheftStats.shtml, accessed on 5th August 2006. Identity Theft Resource Centre (2006): “Facts & statistics” available at http://www.idtheftcenter.org/facts.shtml San Diego, California ©1999-2006 Identity Theft Resource Center Identity Theft, Repair and Recovery (2006): "Credit Card Fraud Business Employee" available at, http://identity-theft-repair.com accessed on 4th August 2006. Jean Dunaway (2001): “The Effects of Identity Theft” available at http://www.bankersonline.com/vendor_guru/btcc/btcc-idpt3.html#jean, accessed on 4th August 2006. Zitz, M. (2006): “Identity Theft Statistics, Who is at Risk and How to Protect yourself”, available at http://www.pheaa.org/tools/theft.shtml, accessed on 4th August 2006. Zitz, M. (2006): “Protect Yourself from Phishing Scams” available at http://familyinternet.about.com/od/emailsafety/a/phishing.htm, accessed on 5th August 2006. Swartz, N. (2006): Information Management Journal. Lenexa: Jul/Aug 2006. Vol. 40, Iss. 4; pg. 20, 5 pgs http://proquest.umi.com/pqdweb?did=1081550081&sid=1&Fmt=3&clientId=23440&RQT=309&VName=PQD Privacy Clearing House (2006): “How Many Identity Theft Victims Are There? What is the Impact on Victims?” available at http://www.privacyrights.org/ar/idtheftsurveys.htm, accessed on 5th August 2006. The Pennsylvania Higher Education Assistance Agency (PHEAA) (2003): “Avoiding Identity Theft”, available at; http://www.ed.gov/about/offices/list/oig/misused/index.htm, accessed on 5th August 2006. United States Department of Justice, (2006): “What Are Identity Theft and Identity Fraud?”, Available at http://www.en.wikipedia.org/wiki/Identity_theft, accessed on 5th August 2006. Linnhoff, S., & Langenderfer, J. (2004). Identity Theft Legislation: The Fair and Accurate Credit Transactions Act of 2003 and the Road Not Taken. Journal of Consumer Affairs, 38(2), 204+ Perl, M. W. (2003). Its Not Always about the Money: Why the State Identity Theft Laws Fail to Adequately Address Criminal Record Identity Theft. Journal of Criminal Law and Criminology, 94(1), 169+. Read More