Identity Theft and Society: What's in it for me?

Identity Theft and Society: How does it affect me?

IDENTITY THEFT AND SOCIETY:
HOW DOES IT AFFECT ME?

TABLE OF CONTENTS
INTRODUCTION – WHAT IS IDENTITY THEFT?..................................................1
IDENTITY MANAGEMENT: WHAT IS IT TO ME?.................................................5
COSTS OF IDENTITY THEFT AND FRAUD..........................................................12
CONCULSION: PROTECTION.................................................................................14
AND SECURITY STRATEGIES................................................................................14
REFERENCE LIST......................................................................................................18

PAPER BACKGROUND
Identity theft and fraud against individuals, corporations and governments
across the industrialised world is measured in billions of dollars annually,
causing significant difficulties for those involved in monitoring and resolving
the effects. The development and expansion of electronic technologies have
allowed fraudsters to expedite such activities across multiple jurisdictions with
near anonymity whilst leaving those affected with months, perhaps years, of
hard toil to recover.

Additionally individuals, corporations and governments have been
institutionally lackadaisical with securing critical information and systems,
allowing a back entrance to be left effectively unguarded for exploitation by
identity thieves and fraudsters. The 2007 U.K. Revenue and Customs data
breach, data losses by U.S. government agencies and educational institutions,
and the Australian Tax File Number system with millions of excess entries
demonstrate that an attitudinal and cultural overhaul – throughout the
industrial world – is desperately required.

The aims of the paper are to:
1. Outline the history of identity theft and fraud;
2. Illustrate what identity management means for individuals and groups
within the industrial world;
3. Quantify and explain the costs and impacts on individuals,
corporations and governments; and
4. Outline possible strategies on how to balance online security and
privacy with effective interaction on commercial, social and
governmental matters.

Table of Contents and Paper Background

Introduction: What is Identity Theft?

INTRODUCTION – WHAT IS IDENTITY THEFT?

Identity theft – and the broader concept of identity crime – has become a
complex and challenging issue for individuals, corporations and government
agencies across the world during recent times. The advent of various online
technologies has facilitated the ability to gather personal identifying
information (PII) with minimal monetary outlay. In addition, lax standards
and security measures have indirectly assisted in providing PII to those who
wish to ghost or otherwise individuals or to commit some form of fraud.

A common definition of identity theft – and of identity crime – is by no means
established by authorities or the community at national or international forums
(OECD 2008, p. 3). Direct and indirect costs – financial and other – vary
according to how identity crime is defined (OECD 2008, p. 4) in each
jurisdiction. Statistics, where they are gathered, are collected differently
complicating effective cross-border comparisons (OECD 2008, p. 4)

To provide some scope of the concept of identity theft – one scenario occurs
when one person utilises personal identifiers of a second person to
fraudulently or otherwise illegally obtain or access goods, services or financial
benefits (Arata Jnr 2004, p. 5) or to otherwise impersonate that individual in a
legal context (Vacca 2003, p. 4). The OECD (OECD 2008, p. 2) defines
identity theft as when one party acquires, transfers, possesses or uses personal
information of a natural or legal person in an unauthorised manner with the
intent to commit, or in connection with, fraud or other crimes.

From an individual’s perspective, the advent of networking websites over the
past decade – whilst allowing increased social interaction globally has
facilitated the ability of swift collection and aggregation of personal
information, allowing an electronic ‘cloud’ of disparate information on
individuals to be collected with minimal input or reference from external
agencies.

Page 1


The consequence of the proliferation of information availability on
individuals, government agencies and corporations, particularly in an
electronic context, is to assist in the facilitation of the collection of PII by
identity criminals in a surreptitious manner, enabling the criminals to conduct
nefarious activities with minimal physical interaction with the target, their
associates or government agencies.

Identity concerning individuals can be classified into three distinct
components (Mills 2007, pp. 14-18):
1. Biometric: Unique physical features distinguishable to the individual
at birth;
2. Attributed: Identity components acquired at birth – including the
name of child and parents, location and date of birth; and
3. Biographical: Identity components acquired over an individual’s
lifetime.

The U.S.-based Identity Theft Resource Centre (ITRC) categorises identity
theft into four major categories:
1. Financial: The use of personal identifiers to improperly obtain goods
or services;
2. Criminal: Posing as another person when apprehended for an alleged
crime;
3. Cloning: Utilising personal identifiers for daily living; and
4. Business and Commercial: The utilisation of corporate identifiers to
impersonate or target a specific organisation.

The Australian-based Independent Commission Against Corruption (ICAC
2006, p. 15) has further defined the broader issue of identity fraud – of which
identity theft is one component – as being:
1. The dishonest misrepresentation of any major aspect of identity,
whether or not supported by documentation;
2. The fraudulent use of business or corporate identifiers;
3. The misuse or theft of an individual’s username or password to
assume the individual’s identity on a computer system to procure
information or benefits; and
4. Public officials misusing their position to:
(a) Steal, alter or otherwise misuse paper or electronic records
pertaining to a third person held by the agency;
(b) Fraudulently create identity documents; or
(c) Create or assume false identities.

Page 2


The growth of electronic networks, coupled with the availability of storage
facilities to corporate and government entities, places data integrity at risk of
being compromised or breached. A data breach event occurs when “an
organisation’s unauthorised or unintentional exposure, disclosure or loss of
sensitive personal information” (Peretti 2009, p. 377) to external entities.

Those wishing to illicitly gain access or to obtain PII, a number of
“traditional” methods can be utilised (OECD 2008, p. 3 Box 1; Vacca 2003,
pp. 8-9) to obtain such information:
1. Dumpster Diving;
2. Pre-texting;
3. Shoulder Surfing;
4. Record Theft;
5. Theft of mail, wallets, purses containing PII or bank cards;
6. Fraudulently obtain credit reports posing as a representative with
legitimate requirement for information;
7. Gather or purchase of personal information from “inside” sources; and
8. Completion of a change of address form to divert mail to another
destination.

Coupled with the strategies reviewed above, numerous online strategies for
gathering PII have been developed with the growth of the internet and
electronic networks worldwide. Such methods include (OECD 2008, p. 4):
1. Phishing: Where false identifiers of an organisation are utilised in an
attempt to lure clients into disclosing PII on the fraudulent website;
2. Pharming: The use of false identifiers (similar to those used in
phishing attacks) to redirect users from authentic to fraudulent sites;
3. SMiShing: Where text messaging is utilised to ‘alert’ customers to use
of services being charged at a certain dollar amount per day unless
service is cancelled; and
4. Spear Phishing: Originator impersonates other staff member to obtain
access codes with aim to access computer system under stolen codes.

The strategies outlined above allow identity criminals to collect PII and other
information in a surreptitious manner, usually without the organisation or
individual being aware of the intrusion until (sometimes well) after the event.
The ability to conduct a “successful” operation is to mimic the target site as
realistically as possible.

Page 3


Particular tactics associated with the strategies include (OECD 2008, p. 3 Box
2; Vacca 2003, pp. 8-9; Warren & Streeter 2005, p. 164):
1. Malware;
2. Spam;
3. Phishing (described above);
4. Hacking;
5. Gathering of information that users share on the internet;
6. Gain access to corporate or governmental databases that contain
personal information – whether by direct hacking or through inside
contacts;
7. Harvesting published data though online searches or “Who’s Who”-
type publications;
8. Utilise technology to raid or hack the target’s computer to obtain the
required information; and
9. Utilise deception by impersonating someone in authority to deceive the
target into voluntary disclosure of information.

The most high profile data breach event occurred in the United Kingdom
during November 2007 when two CD-ROMs utilising minimal security
measures and containing information on 7.25 million families claiming family
tax benefits (comprising half of the total population) were lost via internal
mail. The CD-ROMs have yet to be recovered, posing a current and ongoing
threat to those families affected.

A 2006 study highlights three underlying factors facilitating the success of
phishing attacks (Dhamija 2006, pp. 582-583):
1. Lack of knowledge: Covering both computer systems and security
indicators. Users are unaware of how various online technological
aspects operate and how to distinguish between valid and forged
aspects (email headers, website URL) or processes (SSL locks and
placement on webpage, security certificates).
2. Visual Deception: Various attempts to mislead users via deceptive
text; images masking underlying text; images mimicking or masking
content or windows manipulation; and deceptive look and feel
requiring users to carefully view the site to ensure validity.
3. Bounded Attention: Even if users are familiar with strategies outlined
in Steps One and Two above, they can still be duped if they fail to
notice the presence (or absence) of security indicators associated with a
valid site.

Page 4

Identity Management: What is it to me?

IDENTITY MANAGEMENT: WHAT IS IT TO ME?

The issue of identity management for individuals, government agencies and
corporations has become particularly significant since alternative methods of
cash payments have been available to participants (Schreft 2007, p. 5). The
occurrence of large scale data breaches has become feasible recently with the
advent of electronic payment mechanisms, particularly those associated with
non-bank merchants, coupled with the rise of corporate and governmental
databases containing information suppliers, customers and citizens.

Research conducted by Standards Australia during 2003 indicated that identity
theft is becoming the most important fraud-related theft within the Australian
economy and that Australian organisations are ill-prepared to detect and
prevent it (QPS Major Fraud Investigative Group, p. 28).

In addition, recent statistics published by various Australian security firms, the
United States, United Kingdom and Australia are the top three countries
susceptible to Phishing-related attacks (Bajkowski 2009, p. 34),

In 1997, David Shenk documented 13 Laws of Data Smog (p. 11) that
highlighted issues that concerned information overload – the “noxious muck
and druck of the information age” (Shenk 1997, p. 31). The 1997 laws are:
1. Information, once rare and cherished like caviar, is now plentiful and
taken for granted like potatoes;
2. Silicon chips evolve much more quickly than human genes;
3. Computers are neither human or humane;
4. Putting a computer in every classroom is like putting a power plant in
every home;
5. What they sell as information technology but information anxiety;
6. Too many experts spoil the clarity;
7. All high-stim roads lead to Times Square;
8. Birds of a feather flock virtually together;
9. The electronic Town Hall allows for speedy communication and bad
decision-making;
10. Equifax is watching;
11. Beware stories that dissolve all complexity;
12. On the information superhighway, most roads bypass journalists; and
13. Cyberspace breeds libertarianism.

Page 5


In 2009, a vox-pop survey conducted by a Queensland-based regional
newspaper highlights the overall ignorance concerning identity theft across the
demographic divide.

Comments like “I lock my doors” (elderly male); “I have never been in that
situation” (middle aged female); “It doesn’t worry me” (twenty-something
male); “I don’t give details out ever” (primary school aged male); “I don’t use
the internet much” (primary school aged male) and “I live in a quiet area”
(elderly male) (Bundaberg News-Mail 2009, p. 5) serve to emphasize the
reactive nature of some segments of the population to the non-electronic
mechanics of identity theft.

The 2007 ITRC study illustrates the battle that individuals have when dealing
with identity crime. Even though the majority of discoveries have occurred
during the first year post-incident, over ten percent of cases are discovered
three years plus after the event – allowing substantial time for identity
criminals to establish a ghost identity of the victim. Even the three month
discovery statistics is disturbing with a five percent slippage from 2003 to
2007. The ability for individuals and law enforcement agencies to detect and
track identity criminals is predicated on timely and effective proactive
mechanisms from organisations and individuals themselves.

Page 6


USA Identity Theft 2003 to 2007
Months elapsed between first incident and victim discovery
60%

50%

40%

30%

20%
Victim Percentage

10%

0%
2007 2006 2005 2004 2003
0 to 3 42.0% 33.0% 46.0% 37.5% 47.7%
4 to 6 11.0% 16.0% 11.0% 10.9% 12.0%
7 to 12 11.0% 13.0% 7.0% 13.5% 12.6%
13 to 18 13.0% 5.0% 12.0% 4.2% 8.7%
19 to 23 4.0% 8.0% 6.0% 7.8% 4.6%
24 to 36 9.0% 8.0% 5.0% 8.3% 5.2%
37 plus 11.0% 17.0% 13.0% 17.7% 9.2%
Calendar Year

Figure 1 - Time elapsed (months) between first incident and victim response 2003 to 2007 (ITRC
2008, p. 16 Table 8)

Congressional testimony in the United States during 2000 demonstrates how
debilitating and long lasting identity crime can be (Privacy Rights
Clearinghouse 2000). The ability to assume someone else’s identity to fulfil a
fantasy, to ‘disappear’ from society or even to conduct criminal behaviour
impacts on the individual, corporations and government agencies in
administrative, financial, resource and social terms.

From a corporate and government agency perspective, attitudes towards
information security are just as muddled. A recent independent audit
conducted by the Queensland Audit Office (Passmore 2009) of eight
government agencies highlighted that six had no or minimal measures to
monitor network resources for unauthorised intrusions, facilitating the
unauthorised access to network resources and to gather PII to go unreported.
Despite the minister Robert Schwarten’s assurance that “under no
circumstances under which people’s private records have been accessed”, the
audit revealed that measures are not in place to ensure that PII – or broader
network security – are not compromised or reported when such events occur.

Page 7


Several recent analyses have debunked the perception that identity crime is
principally – or solely – based online. A Pronemon Institute study indicates
that nine million Americans have their identity stolen annually; with some 200
million data breaches since 2005 – 85 million breaches during the first quarter
of 2008 alone (Prosch 2009, p. 58). In Australia, data breaches cost some $6.3
million during 2007, averaging $197 per record compromised (Prosch 2009, p.
58)

In addition, the multi-year Javelin Study on identity theft seems to supports
the Pronemon Institute study, though with differing methodology. The 2007
study highlights that the majority of identity fraud being conducted through
traditional mechanisms (Attorney General Department 2008, p. 10). The
Identity Theft Resource Centre’s Identity Theft: The Aftermath 2007 survey
(2008, p. 3) reports that the average time to resolve damage at 116 hours for
existing account theft and 157.87 hours for new account theft.

The Australian Bureau of Statistics published the first ever Personal Fraud
analysis during June 2008. It highlighted the direct personal impact of identity
theft. During the 12 months prior to the survey period (July to December
2007), the following was recorded:
• 124,400 persons were identified as victims of identity theft, with males
comprising 56% and females comprising 44% of victims;
• The 25 to 34 age group was the highest percentage victim group
(34,400 or 28%);
• 16% (20,100) persons reported a financial loss associated with most
recent incident
• 57% reported the incident to law enforcement, financial institution or
other formal entity and 43% reported the incident to some other
agency.

Recent media reports (Walker 2006, Anon 2005) have estimated the costs of
identity crime in Australia between AUD$1 billion and AUD$4 billion
annually. The United Kingdom suffers similar costs and the USA suffered a
record $56.6 billion against consumers (Anonymous 2009). Worldwide, the
costs are estimated at approximately US$2 trillion annually and are rising.

Page 8


Despite the quantity of studies and analyses available, no common legal
definition of identity crime (and its components identity theft and fraud) have
been agreed upon for national – or international – purposes. Consequently,
effectively measuring the financial cost (both direct and indirect) to
consumers, governments and corporations from an independent perspective is
challenging, resulting in the confusion by the community as highlighted by the
Bundaberg News-Mail May 2009 Vox-Pop survey.

From a general corporate perspective, human resource departments are a high
value target for the misappropriation of PII for use in identity theft (Calvasina,
Calvasina & Calvasina 2006, p. 25).

Recent examples of high profile data breaches highlight the complex nature of
this – in the United States, companies suffering inadvertent or deliberate
breaches include Time Warner, Eastman Kodak, Bank of America, Boeing,
Ford and Equifax. The Time Warner breach involved approximately 600,000
PII of current and former employees being disclosed in an unauthorised
manner (Calvasina, Calvasina & Calvasina 2006, p. 25).

A burglary in May 2006 involving the theft of a laptop and external hard drive
at a US Department of Veterans Affairs employee residence netted PII of up to
6½ million veterans. Despite agency rules prohibiting such situations, the
computer equipment was at the employee’s residence (Calvasina, Calvasina &
Calvasina 2006, p. 25).

The current identity framework poses a risk not just to individuals, but to
organisations and the broader payment system as identity theft undermines the
agreed framework between participants (Schreft 2007, pp. 5-6), resulting in a
migration to less efficient payment mechanisms (Schreft 2007, p. 6) or the
abandonment of any form of payment mechanism.

Page 9


Various countries have, over the past decade, enacted identity-crime related
statutes (sometimes at state, other times at national levels) in an attempt to
combat this type of crime. In Australia, the New South Wales Attorney
General John Hatzistergos proposed introducing identity fraud laws during
July 2009 (ZDNet 2009). In addition, an offence relating to identity crime has
been on the federal statute book since the mid-1990’s.

In the United States of America, the passage of the Identity Theft and
Assumption Deterrence Act (ITADA) of 1998 (Schreft 2007, p. 7) was one
element in an attempt, at the federal level, to combat identity theft. The scope
of identity theft under this act is defined as the “knowingly transfer,
possession or usage of any name or number that identifies another person with
the intent of committing or aiding and abetting a crime” (Schreft 2007: 7).

Advocates argue that the above definition is broad enough to encompass a
person’s unique identifiers including voice and finger prints. In addition,
other federal statutes that combat identity theft include (Roberson 2008,
pp.16-21):
• Drivers Privacy Protection Act of 1994;
• Customer Identification Program Rules;
• Gramm-Leach-Bliley Act (Title V, 15 U.S. Code sections
6801-6809);
• Fair Credit Billing Act; and
• Fair and Accurate Credit Transaction Act.

Despite various legislative efforts since the mid-1990s, the complexity of the
USA’s government-sponsored document issuance systems is immense. As of
2003, a total of 240 different driver licence formats were in circulation and
approximagtely 10,000 agencies were authorised to issue birth certificates
(Sullivan 2004, p. 129). The complexity of these systems is highlighted by the
United States Postal Inspection Service – between October 2002 and June
2003, a total of 2,264 arrests were made deriving from mail theft
investigations (Sullivan 2004, p. 162).

Page 10


Other industrialised countries deal with the criminality aspect of identity
crime, particularly against individuals, in various manners – however, the
measures mentioned above are probably the vanguard of efforts (at national or
international levels) in dealing with identity crime.

One recent effort undertaken by three countries – the USA, United Kingdom
and Australia – has been the promotion and development of some form of
electronic-based identity or access card system ostensibly to combat identity
crime and fraud against the public purse. Ignoring the rushed nature and
under-funding associated with each of the systems, the continual shifting
technical requirements and other technological issues involved in systems
rollout and maintenance, each system (if fully implemented) would provide a
“honey pot tree” for identity crime thieves to collect and collate PII from a
single source, rather than from multiple sources as currently occurs.

Page 11

Costs of Identity Theft and Fraud

COSTS OF IDENTITY THEFT AND FRAUD

Calculating accurate figures relating to identity theft and fraud is challenging.
A lack of accurate data, coupled with differing definitions of what constitutes
an identity crime, impairs effective independent analysis of identity theft
(OECD 2008, p. 3; Newman & McNally 2005, p.30; Schreft 2007, p. 13;
Attorney General Department 2008, p. 9). In addition, incidents of
organisational and government data breaches are occurring on an almost a
daily basis (Schreft 2007, p. 14).

The impact of identity crime impact in various ways on victims, including
(Attorney General’s Department 2008, pp. 4-5):
1. Financial: both direct (loss of funds, costs associated with
investigation and prevention of future events) and indirect (reputational
loss, restoration of credit history, opportunity cost from benefit-
generating activity);
2. Psychological: Trauma, stress and reduced societal interaction;
3. National Security: Crime groups utilising identity crime for people
smuggling or other illicit activities; and
4. Other: Obtaining products and services not entitled to.

A review of available sources indicates estimates that conservative annual
costs associated with identity crime are in the tens billions of dollars (Newman
& McNally 2005, p. 30). Such estimates are made additionally difficult by the
differing statistical and definitional measures utilised by national (and sub
national) jurisdictions in calculating the figures used (OECD 2008).

Examples of individual nation-state costs include:
• A 2002 UK study calculated that identity theft cost the UK economy
£1.3 billion (HM Cabinet Office 2002, p. 13, Box 2.1) during
2001-2002, out of a total fraud related loss of £18.3 billion;
• In Australia, it is estimated that identity fraud costs between AUD$1
billion and AUD $3 billion annually (Walker 2006, p. 88);

Page 12

Costs of Identity Theft and Fraud

The United Kingdom’s Credit Industry Fraud Avoidance System (CIFAS)
attributes that identity theft and fraud amounts to £10 million per day, whilst
the Association for Payment Clearing Services calculates that credit card
crime has grown from £95 million (1998) to £504 million (2005) and benefits
fraud costs approximately £3 billion yearly (Mills 2007, pp. 8-9).

Impacts of identity crime are not just measured in financial or economic terms.
Confidence in the payments system that underpins economic activity, trust in
the payment instruments that facilitate online transactions coupled with
downstream costs in dealing with fraudulent activity all influence how
individuals and organisations interact in the marketplace – whether in the
electronic or physical environments.

Page 13

Possible Protection and Security Strategies

CONCULSION: PROTECTION
AND SECURITY STRATEGIES

Individuals, corporations and government agencies all have a vested interest in
ensuring identity crime is eliminated. Lost profitability, decreased taxation
revenue, increased costs for consumers and amplified distrust for electronic
commerce and payments platforms result from the upsurge of identity crime
related incidents. Substantive proactive measures are required from all three
groups to combat this issue before such distrust becomes endemic.

Shenk’s 13 Laws of Data Smog (mentioned earlier in this paper) do have an
influence in this environment. A Ten-Point Laws of Identity Smog can be
derived to assist in the awareness of identity management for individuals,
corporations and government agencies:
1. Personal information, once rare and cherished like diamonds, is now
plentiful and taken for granted like sand;
2. Silicon chips evolve and adapt much more quickly than public service
guidelines;
3. Placing a credit (or debit) card in every wallet is like putting a tracking
device on every person;
4. What politicians sell as information security but information anxiety;
5. All high-stim roads leave lasting digital footpints;
6. The Electronic Town Hall allows for speedy communication and a wealth
of data points;
7. The Prime Minister’s (or President’s) office is watching;
8. On the identity information superhighway, most roads pass through
corporate databases;
9. Databases, like elephants, never forget anything; and
10. Security is as powerful as the weakest link.

A range of strategies have been identified by a number of authors (Abagnale
Jnr 2007, pp. 102-132; Vacca 2003, pp. 19-21; Hastings & Marcus 2006, pp.
319-323; Mitnick & Simon 2002, 2006) that would enable some form of
protection for individuals in both electronic and physical attacks, including:

Page 14


1. Check credit reports regularly;
2. Keep track of billing cycles;
3. Closely examine financial statements;
4. Protect computer – physically and electronically;
5. Guard physical mail from theft;
6. Practice safe shopping – physical and electronic;
7. Invest in a shredder;
8. Be vigilant at Automated Tellers;
9. Monitor access to online banking;
10. Secure home and office environments.

Many of the strategies are low cost and all are proactive, yet require constant
maintenance to avoid potential slippage or misappropriation of personal
information to undesirable entities or individuals.

For corporations and government agencies, the challenge to safeguard PII in a
highly electronic and networked environment is a more complex and intensive
task from technological and personnel perspectives. Policy development
covering data security; social engineering penetrations; network (both wireless
and cable) security; personnel and finance form a core element of any
effective deployment combating identity crime.

Two of the core elements that underpin business and governmental
(particularly involving the payments system) interaction with the community
are trust and confidence – without these elements economic activity and
interaction is impaired and becomes withdrawn, profitability slides and
distrust climbs.

Specific strategies for corporations and government agencies to combat
identity crime are based on those for individuals, with additional focus on
physical and data security, personnel selection, access rights and document
security to ensure protection against possible intrusions or other inappropriate
activity. One aspect of gaining intrusion in a traditional context, social
engineering, has been described as “information security’s greatest weakness”
(Mitnick & Simon 2006, p. 244).

Page 15


Despite the funds allocated to physical infrastructure aimed at preventing
intrusions, minimal effort has been directed towards the preventing the human
element of intrusions (Mitnick & Simon 2006, p. 244).

The UK Customs and Revenue data loss in November 2007 of two minimally
encrypted compact discs containing personal identifiers of half the population
brought substantive ridicule and embarrassment for the relevant minister and
the agency concerned. As demonstrated in Figure 1, a small yet significant
percentage of identity theft is discovered after the three year, making vigilance
all the more importance.

From a personnel management perspective, corporations and government
agencies need to examine in detail what information is required and how it is
collected and managed to discharge legal and other responsibilities to staff,
clients and regulatory agencies. In addition, systemic and regular reviews of
policy and practice to ensure that privacy, storage and access to sensitive
information is granted only those authorised to handle such information
(Calvasina, Calvasina & Calvasina 2006, p. 27).

Another consideration pertains to the development of a risk management
framework, particularly for organisations that operate in finance-type sector
and those organisations that handle substantive quantities of personal
information. The potential for reputational loss resulting from a sustained
wave of identity crime could undermine confidence in the organisation and the
broader payment system (Bielski 2005, p. 55).

From the broader societal perspective requires a proactive, coordinated and
sustained effort between government agencies, corporations, advocacy groups
and individuals is needed to ensure that identity crime is contained and
(ideally) eliminated. This involves a range of proactive measures from all
three sectors to safeguard PII against misappropriation and inappropriate
access.

Page 16


Some efforts are occurring at multilateral forums – particularly at the OECD
and the United Nations – in combating identity crime across international
borders. Without some form of common understanding of what constitutes
identity crime (in legal and common understanding contexts), the ability for
the community to effectively and proactively participate in protecting their
identity in an interconnected, online environment is impaired.

One entity Australia currently lacks is an independent analysis and research
agency dedicated to monitoring developments and to serve as an independent
information clearinghouse and on identity theft. Currently there are a host of
federal and state agencies (mainly policing and fair trading) offering distinct
and sometimes apparent contradictory messages to the community.

Page 17

Reference List

REFERENCE LIST

Abagnale, FW 2007. Stealing your life: The ultimate identity theft prevention plan.
Transworld Publishing Milsons Point

Abagnale, FW 2001. The Art of the Steal: How to protect yourself and your business
from fraud. Bantam Books Milsons Point

Acoca, B 2008. “Online Identity Theft”. OECD Observer. Organisation for
Economic Cooperation and Development no. 268, July pp. 12-13.

Adams, C 2008. “No. certainty yet for identity assurance: The need for assuring
identity is clear, but the path to achieving it is not”. Signal. vol. 63 no. 1 September
pp. 83-86

Anonymous 2009. ‘Identity theft costs a record $56.6 billion’. Identity Theft Daily.
Published 24/Feb/2009, Accessed 16/Aug/2009.

Anonmyous 2005. ‘ID Theft costs Australia $2 billion a year’. The Age. Melbourne
Victoria Published 3/June, viewed 18/June/2009.
URL: http. ://www.theage.com.au/news/Breaking/ID-theft-costs-Australia-2b-a-year/
2005/06/03/1117568360968.html#

Arata Jnr, MJ 2004. Preventing Identity Theft for Dummies. Wiley Publishing
Indiana.

Attorney’s General Department March 2008. Final Report: Identity Crime.
Commonwealth of Australia, Canberra.

Australian Bureau of Statistics (ABS) 2007. Personal Fraud June 2007. Cat no.
4528.0 ABS Canberra

Australian Communications and Media Authority (ACMA) 2009. Australia in the
Digital Economy: Trust and Confidence. Commonwealth of Australia, Canberra.

Bajkokowski, J 2009. ‘Being awake to zombie armies’. The Australian Financial
Review. Published 11/Aug/2009 p. 34.

Bavis, C and Parent, M 2007. “Data theft or loss: ten things your lawyer must tell you
about handling information”. Ivey Business Journal Online. June/July

Bielski, L 2005. “Will you spend to thwart ID Theft?” ABA Banking Journal. vol.
97 no. 4 pp. 54-62.

Burkhalter, C and Crittenden, J. “Professional Identity Theft: What is it? Are we
contributing to it? What can we do to stop it?” Contemporary Issues in
Communication Science and Disorders. vol. 35, Spring pp. 89-94

Page 18

Reference List

Calvasina, GE; Calvasina, EJ and Calvasina, RV 2006. “Preventing employee
identity fraud”. Proceedings of the Academy of Legal, Ethical and Regulatory Issues.
vol. 10 no. 2 pp. 25-29.

Clarke, E 2009. “How secure is your client data? 5 questions you should ask your IT
professionals”. Journal of Financial Planning. Jan/Feb pp. 24-25.

Dhamija, R; Tygar, JD and Hearst, M April 2006. “Why Phishing Works”. CHI
Proceedings: Security. pp. 581-590.

Government Accountability Office 2006. Electronic Government: Agencies face
challenges in implementing the federal employee identification standard. Washington
D.C.

Hamadi, R. Identity Theft: What it is; How to prevent it and what to do if it happens
to you. Vision.

Hastings, G and Marcus, R 2006. Identity Theft Inc: A wild ride with the world’s
number one identity thief. Disinformation Company New York.

House of Representatives Standing Committee on Economics, Finance and Public
Administration 2000. Numbers on the Run: Review of the ANAO Report no. 36
1998-99 on the management of Tax File Numbers. Parliament House, Canberra.

HM Cabinet Office July 2002. Identity Fraud: A study. London

Identity Theft Resource Centre.
• Identity Theft: The Aftermath 2007. Published May 2008.
• Identity Theft: The Aftermath 2006. Published October 2007
• Identity Theft: The Aftermath 2004. Published September 2005
• Identity Theft: The Aftermath 2003. Published September 2003

Independent Commission Against Corruption (ICAC) 2006. Protecting Identity
Information and Documents: Guidelines for public service managers. Sydney New
South Wales.

Jakobsson, M and Myers, S (editors) 2007. Phishing and Countermeasures:
Understanding the increasing problems of electronic identity theft. John Wiley &
Sons New Jersey.

Kendall-Raynor, P. 2008. “Identity fraud case prompts call for tougher recruitment
checks”. Nursing Standard. vol. 22 no. 36 May 14-20 p. 7.

Laudise, TM 2008. “Ten practical things to know about ‘sensitive’ data collection
and protection”. The Computer and Internet Lawyer. vol. 25 no. 7 July pp. 26-33.

Leon, JF 2008. “Top Ten Tips to combat Cybercrime”. The CPA Journal. vol. 78
no. 5 pp. 6-11

Page 19

Reference List

Linninger, R and Dines, RD 2005. Phishing: Cutting the identity theft line.

Listerman, RA and Romesberg, J 2009. ‘Creating a culture of security is key to
stopping a data breach. Are we safe yet?’ Strategic Finance. July pp. 27-33.

May, DA 2005. Identity Theft.

Mills, G 2007. Identity Theft: Everything you need to know to protect yourself.
Summersdale Publishers.

Mitnick, KD & Simon WL 2006. The Art of the Intrusion: Real stories behind the
exploits of hackers, intruders and deceivers. Wiley Publishing Inc.

Mitnick, KD & Simon WL 2002. The Art of the Deception. Wiley Publishing Inc.

Newman, GR and McNally, MM 2005. Identity Theft Literature Review. United
States Department of Justice Washington D.C.

Organisation for Economic Cooperation and Developement (OECD) June 2008.
Policy Guidance on Online Identity Theft. OECD Ministerial Meeting on the future
of the Internet Economy Seoul.

Passmore, D 2009. “Sunshine State is a hackers’ paradise”. The Sunday Mail
Brisbane Queensland. Published 5/Jul/2009, viewed 5/Jul/2009.
URL: http://www.news.com.au/couriermail/story/0,23739,25732782-3102,00.html

Peretti, KK 2009. “Data breaches: What the underground work of ‘carding’ reveals”.
Sanat Clara Computer and High-Technology Law Journal. vol. 25 no. 2 pp. 375-413.

Prosch, M 2009. “Preventing Identity Theft throughout the Data Life Cycle”.
Journal of Accountancy. vol. 207 no. 1 pp. 58-62

Privacy Rights Clearinghouse 2000. “Identity Theft Victim Stories: Written
testimony of Michelle Brown”. Viewed 26-Mar-2007.
URL: http://www.privacyrights.org/cases/victim8.htm

QPS Major Fraud Investigative Group. ‘Theft by Fraud’. Queensland Police Service
Police Bulletin pp. 27-30.

State of Queensland (Attorney General’s Department) 2009. ‘New security paper for
registry certificates’. Brisbane. Viewed 21/July/2009.
URL: http://www.justice.qld.gov.au/5629.htm

Roberson, C 2008. Identity Theft Investigations. Kaplan Publishing.

Saunders, KM and Zucker, B August 1999. “Counteracting Identity Fraud in the
Information Age: The Identity Theft and Assump. tion Deterrence Act”.
International Review of Law. vol. 13 no. 2 pp. 183-192.

Page 20

Reference List

Schreft, SL 2007. “Risks of Identity Theft: Can the market protect the payment
system?” Economic Review – Federal Reserve Bank of Kansas City. vol. 92 no. 4
Fourth Quarter pp 5-40.

Shenk, D 1997. Data Smog: Surviving the information glut. HarperCollins
Publishers.

Sokolov, AP. (editor) 2005. Identity Theft on the Rise. Nova Science Publishers Inc

Stickley, J 2009. The Truth About Identity Theft. Why be me when I can be you?
Pearson Education New Jersey.

Sullivan, B 2004. Your Evil Twin: Behind the identity theft epidemic. Wiley
Publishing USA.

Swartz, N 2008. “Officials crack largest ID theft ring ever”. Information
Management Journal. vol. 42 no 6 p. 18.

Vacca, J.R. 2003. Identity Theft. Prentice Hall PTR USA.

Walliker, A 2006. “Identity Theft soars and now costs $3 billion a year”. Sunday
Hearld-Sun. Melbourne Victoria. Published 11/Jun/2006 p. 88.

Warren, P. and Streeter, M 2005. Cyber Alert: How the world is under attack from a
new form of crime. Vision Paperback London.

Wells. JT 2009. “Mortgage Fraud: A scourge of the 21st century?” The CPA Journal.
vol. 79 no. 2 February pp. 6-11.

ZDNet Australia 2009. “NSW Govt seeks new ID fraud laws”. Published
13/July/2009, Viewed 14/July/2009.
URL: http://www.zdnet.com.au/news/security/soa/NSW-Govt-seeks-new-ID-
fraudlaws/0,130061744,339297362,00.htm

Page 21

Identity Theft and Society: What's in it for me?

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (19)

Semelhante a Identity Theft and Society: What's in it for me?

Semelhante a Identity Theft and Society: What's in it for me? (20)

Último

Último (20)

Identity Theft and Society: What's in it for me?