Identity Theft and Retail Shopping - Research Paper Example

Identity Theft Introduction Identity theft and related offenses such as credit card fraud, spamming, phishing, hacking and viruses are problems that affects everyone who uses a computer or relies on an organization that does so. Because more people are becoming dependent on computers in their day to day activities and virtually all businesses in the modern world must resort to computers as a means of remaining competitive in today’s marketplace, all forms of internet crime should be a concern for everyone. A proactive approach must be taken toward identity theft and these other problems. This begins with understanding the various reasons why this problem remains relatively under-appreciated and what drives some people to engage in this sort of activity. At the same time that internet criminals are becoming ever more sophisticated in their means of making money from their activities, the general consumer public remains relatively unaware of the dangers. Everyone has heard of the identity theft and many have been victims of it, but few are willing to take the steps necessary to protect themselves against it. Retail Shopping Relatively Safe is Not Necessarily Safe Despite the increasing numbers of online shoppers and the relative ease shoppers encounter as they enter an online retailer site, there are several negative factors not directly related to the consumer that nevertheless affect consumer behavior when determining whether to make an online purchase. One of the primary dangers being confronted is the issue of identity theft and information mining being conducted on reputable as well as questionable sites (Wolfinbarger & Gilly, 2003). Until these issues had received some attention, buyers were recommended to make online purchases using more traditional modes of payment rather than through credit cards or online bank transfers. In more recent years, however, numerous security sites and software has been developed designed to assist retail clients build consumer confidence in making the more convenient credit card purchases over the internet, displaying small padlocks as a sign of trust or requiring specific security codes prior to accepting a payment through shopping cart technology (Wolfinbarger & Gilly, 2003). While it has become infinitely safer to make purchases online, shoppers are still cautioned to use care when entering personal information and in choosing retailers. Buyer Beware Despite the relative ease shoppers encounter as they enter an online retailer site, there are several negative factors that must be weighed before an actual purchase is made. As is reported by Steven Chucala (2004), there remain several online buyers who find themselves unpleasantly surprised with their experience on a variety of fronts. One of the primary dangers being confronted is the issue of identity theft and information mining being conducted on reputable as well as questionable sites. Until these issues had received some attention, buyers were recommended to make online purchases using more traditional modes of payment rather than through credit cards or online bank transfers. In more recent years, however, numerous security sites and software has been developed designed to assist retail clients build consumer confidence in making the more convenient credit card purchases over the internet, displaying small padlocks as a sign of trust or requiring specific security codes prior to accepting a payment through shopping cart technology. While it has become infinity safer to make purchases online, shoppers are still cautioned to use care when entering personal information and in choosing retailers. Serious Concerns, Serious Consequences Although significant work has been done on the part of retailers to boost consumer confidence in the safety of making online purchases, there remains serious concern regarding the possibility of credit card theft and identity theft. While numerous systems have been put in place in an attempt to protect consumers from the ever-increasing sophistication of credit card fraud online, Matthew Richards (2006) reported that credit card not present (CNP) fraud combined with similar procedures by phone and mail cost consumers approximately $180 million in the first half of 2006, up from the figures available from the first half of 2004 in which this type of fraud amounted to approximately $150 million. This indicates that while safeguards are in place, they are not yet effective enough to completely prevent this type of crime. “But to keep things in perspective, bear in mind that the value of online transactions is increasing at a faster rate than the amount stolen through CNP fraud – which suggests that internet retailers and shoppers are managing to keep an increasing proportion of their transactions out of the fraudsters’ hands” (Richards, 2006). Part of the reason this type of crime remains prevalent is due to the increased security systems available for vehicles make auto theft less attractive and falling prices on consumer goods such as electronics coupled with the rapidly growing market for online purchasing and the ease of setting up fraudulent ‘alternative’ sites for purchasing. Business Specific Problems Financial Just like many other aspects of business on the internet, the system is still not perfect. Although many advances have been made to protect the identity of online bankers and traders as well as to secure their accounts and investments, online fraud continues to be a problem that places consumers’ money and investments at significant risk. “Online banking customers lost $40.5 million in online banking scams in the first half of this year, up 55 per cent from the same period of 2005” (Francis & Gilmore, 2006). These figures are equally disastrous for consumers on the other side of the Atlantic. “In September 2003, the Federal Trade Commission reported that 9.9 million U.S. residents have been victims of identify theft during the past year, costing businesses and financial institutions $48 billion and consumers $5 billion in out-of-pocket expenses” (Kay, 2004). A great deal of these scams are perpetrated through what is commonly labeled ‘phishing’ rather than technical glitches in the banking security systems, highlighting the need for online consumers to educate themselves in how best to protect their finances when conducting business online. Phishing ‘Phishing’ is not necessarily a new approach to fraud, but it has a new method of delivery, particularly in an online user’s email inbox. These messages are designed to give the impression that they come from legitimate businesses that the user is likely to have official business with. These businesses could be banks, such as Citibank, online organizations, such as eBay or PayPal, internet service providers or any number of online retailers. To complete this impression, the messages typically incorporate corporate logos and business-type formats that lend an extra measure of authenticity to the message. To gain the information criminals need to steal an identity or to gain access to online accounts, these letters usually indicate that the company featured is doing some sort of auditing or account checking procedure and requests the recipient of the letter to verify certain facts about their accounts, including account numbers, passwords, credit card numbers, social security numbers, date of birth or mother’s maiden names – in short, all of the information one would need to make a purchase without actually having a credit card in hand. Phishing Fix For many of these scams, an internet link is provided going to a similarly official-looking site that provides appropriate forms to be filled out by the consumer, thereby directly informing criminals of the information they have requested. “Because these e-mails look so official, up to 20 percent of unsuspecting recipients may respond to them, resulting in financial losses, identity theft and other fraudulent activity against them” (Kay, 2004). To avoid these types of problems, most companies, even before ‘phishing’ became widely known among the general populace, had already adopted policies in which this information was not requested via email links to their websites. When identifying information is required, most companies will make the request that customers visit their web sites independently so as to assure secure connections. Attacks on Commercial Sites Corporations that provide news and stock trading information and/or run multibillion dollar businesses via the internet are seriously affected every time a computer hacker decides to temporarily block access to Web sites like Yahoo, eBay, Amazon, CNN.com and Buy.com. However, it is not just large corporations that need to safeguard against hacking. Several small online retailers have discovered to their dismay that they are just as vulnerable, if not more so, to hacking than the larger e-tailers. Smaller businesses typically rely upon off-the-shelf software programs as a means of developing their sites while still working to economize. However, several of these off-the-shelf programs have known vulnerabilities that need to be upgraded or leave the merchant vulnerable (Blackwell, 2005). Hackers know that most smaller online merchants are unaware of these vulnerabilities and are likely, in the bustle of other business concerns, to remain ignorant of them until they are confronted by angry customers. In these cases, the primary motivation for hacking appears to be simple credit card theft. By hacking into the shopping cart software used on small business websites, they are able to phish credit card numbers and identifying information enabling them to commit credit card fraud. In a few small cases, revenge or over-extravagant competition may emerge as factors while protests, particularly against larger corporations, are another viable motive for hacking. Attacks on Individuals While it seems that the predominant reason why hackers attack individual computers is for money, the way in which they earn this money may not be quite so obvious. As should be clear by now, the easiest way for hackers to earn money through their practice is by stealing personal information from an individual’s computer and using that information to purchase goods and services or to sell to others for a profit. In fact, the FBI has reported an increase in hacking individuals for money as underground markets for stolen credit card numbers has been on the rise in recent years (Evers, 2005). However, just because a computer user doesn’t have access to credit cards or any credit with which to enable hackers to take advantage of them doesn’t mean they are immune to hacking practices. Another way in which hackers have begun to make money off of their hobby is by discovering unprotected individual networks and turning these computers into what they call ‘zombies’, computers that have been hacked into without their owners’ knowledge and are now available for use by the hacker or the individual to whom the hacker sold the ‘rights’. These zombies are then conveniently networked together to create ‘botnets’ which can be used to host malicious websites, to send out denial-of-service attacks or to power a spamming campaign (Evers, 2005). In engaging in these activities, the botnets are enabling hackers to then further extort money from larger groups such as governments or organizations under threat, and ability to carry through on the threat, of interruption of service or total shut-down. In the meantime, they cannot be easily discovered because of the circuitous route they took through obviously innocent computer users, to bring their threats to fruition. Banking While banks have little to no control over the rates at which online bankers use or update security features for their own personal computers or whether or not they respond to phishing messages arriving in their email boxes, it has been established that much can be done by these institutions to reduce the ability of criminals to create overlay sites for collecting the information they seek. The internet security firm Heise illustrated to several banks the relative ease with which someone with some knowledge and skill could overlay the websites of their institutions with rogue frames served from websites controlled and operated by the fraudsters. Banks that were at risk at the time of the report were NatWest, Cahoot, Bank of Scotland, Bank of Ireland, First Direct, Link, Dedicated Cheque and Plastic Crime Unit, a bank-sponsored police unit (Leyden, 2006). “Frame spoofing attacks can be thwarted providing users are using up to date browser software, but the cross-site scripting attacks it demonstrated can’t be addressed by client-side security updates, according to Heise. Both types of attacks require a modicum of skill to carry out, but are far from difficult (Leyden, 2006). Several of the banks did not have these same security risks, using a specific JavaScript code to ensure the frameset was valid regardless of the user’s browser generation, encouraging many of the at-risk banks to make changes quickly to ensure similar security for their customers. The eagerness with which many of these banks undertook the task of updating their security testifies to the interests of the banking community to ensure consumer confidence, yet the risks also highlight the importance of keeping consumers educated regarding what they can do on their own systems to ensure their personal online safety. Prevention First Steps Careful consumers can avoid some of these pitfalls, however, by taking a few precautions, such as double-checking website addresses on pages where credit card information is collected to be sure they are encoded with the https security code or display the locked padlock (Richards, 2006). Experts also recommend consumers use credit cards for purchases rather than debit cards as errors are easier to catch and additional safeguards can be built in. For example, credit card companies have assisted the verification process by providing user-specific passwords that must be entered online to prevent fraudulent charges. In addition, all charges made to a credit card will appear on a credit card statement each month, allowing consumers to check for any purchases that had not been authorized. Cyber Solution Experts also recommend consumers who like to make purchases online should install and keep update a reputable anti-virus program as well as a firewall (Richards, 2006). Anti-virus programs prevent malicious software from infiltrating a machine and releasing encrypted identifying information, such as passwords, credit cards numbers and other valuable information to unknown third-parties all behind the scenes. Firewalls put up a virtual barrier wall designed to further protect this sensitive information from the internet. Many of these safeguards assist in the protection of online identity as well. With an increasing number of consumers obtaining always-on internet connections through cable, fiber optics, satellite or dedicated phone lines, it is reasonable to assume that they are becoming more and more susceptible to hacker attack. While dial-up connections are sometimes equally vulnerable as long as they are connected, they are unpredictable as to availability for hacking as well as for use as a zombie computer. Always-on networks, on the other hand, are always available, providing the hacker with plenty of time to explore vulnerabilities, install programming and to use these computers for their own gain (Kuypers, 2000). There have traditionally been two approaches to protecting the home computer from hacking, most of which are duplicated in more sophisticated format for businesses and governments. These include the use of anti-virus software and firewalls. Anti-virus software sound much like what it is. This software seeks out programs that have been identified as a virus or worm within an existing system and removes it as well as identifies suspicious programs being downloaded into the system as it arrives. Firewalls function to prevent hackers from identifying the computer through the ping vulnerability and thus prevent outside access to the computer itself Despite numerous attempts to develop less vulnerable software and systems programs, these two types of software remain the primary defense against hacking, with assistance from what is known as Intrusion Detection Systems, which work to identify abnormal behavior on the individual computer (Bradley, 2008). As this primary function suggests, IDS is not designed to prevent access to the computer as is the anti-virus program or the firewall, but is instead designed to alert the user to the presence of an outside agent. For every computer user on the planet for as long as their computer remains connected to the internet or they have business managed by a corporation that uses computers connected to the internet. As the world becomes increasingly connected through these types of networks, individuals become more and more susceptible regardless of their own personal use of the machine. The prevalence of hacking and difficulties of prevention are exacerbated by the various reasons why hackers choose to participate in the activity. As underground systems grow to accommodate the types of information and access that hacking has opened up, more and more hackers engage in the activity as a means of making money, but other primary functions of hacking include discovering state or corporate secrets, compromising security, creating civic chaos, revenge against individuals or organizations or as a means of protesting against the organization for some reason. At the same time that hackers are becoming ever more sophisticated in their means of making money from their activities, the consumer public remains relatively unaware of the dangers. Conclusion Contributing factors encouraging online shoppers are the ease of use, the availability of information and the perception of lower prices overall, yet these are balanced by concerns of identity theft, credit card fraud, delay in delivery and the lack of tactile interaction with products. It is undeniable, however, that the trend of internet purchasers is growing and retailers will increasingly need to know the major trends in consumer behavior online if they intend to remain within this highly competitive market. A rising trend in the 21st century is the tendency of more and more consumers to look to the internet to make new purchases. Because more people are becoming dependent on computers in their day to day activities and virtually all businesses in the modern world must resort to computers as a means of remaining competitive in today’s marketplace, internet crimes should be a concern for everyone. Internet crime is a problem that affects everyone who uses a computer or relies on an organization that does so. Experiencing it as a victim could ruin a person or company and fighting it is expensive and difficult. Works Cited Blackwell, G. “When Hackers Attack.” Ecommerce-guide. (February 22, 2005). August 10, 2009 Bradley, T. “Introduction to intrusion detection systems.” About.com. (2008). August 10, 2009 < http://netsecurity.about.com/cs/hackertools/a/aa030504.htm> Chucala, S. “Internet Buyer Beware.” Soldiers Magazine. (October, 2004). August 10, 2009 Evers, J. “Hacking for Dollars.” CNet News. (July 6, 2005). August 10, 2009 Francis, Clare & Gilmore, Grainne. “Online Banking Fraud on the Rise.” Times Online. (November 6, 2006). August 10, 2009 Kay, Russell “QuickStudy: Phishing” Computer World (January 19, 2004) August 10, 2009 Kuypers, F. Preventing the hack attack – industry trend or event. Telecommunications. (July 2000). August 10, 2009 Leyden, John. “UK Banking Websites’ Security Slammed.” The Register. (September 28, 2006). August 10, 2009 Richards, M. Online Shopping. The Financial Times. (December 8, 2006). Wolfinbarger, Mary & Gilly, Mary C. “Shopping Online for Freedom, Control, and Fun.” California Management Review. Vol. 43, N. 2, pp. 34-55. (2001). August 10, 2009 Read More