Every day we exchange personal information with colleagues, friends and unknown people with no idea how they are treated and for what use they will be managed. Telephone number, email address or driver’s license number are example of the data we provide ordinary using new media channels like internet and the social networks.
The use of this information is of great interest for the industry of crime because it is possible to commit a wide range frauds with high profits.
With the terms Identity Theft and identity fraud are referred all types of crime in which an ill-intentioned individual obtains and uses another person’s personal data, this kind of crimes are increasing according the data provided by law enforcement all over the world.
Many organizations have tried to provide a characterization of the phenomenon trying to classify the types of identity theft in categories.
SANS Institute proposed the following characterization:
How do identity thieves access personal information?
There are a lot of scenarios to access to personal information and identify them is necessary to recognize and prevent this type of crime. Most common case are:
But how widespread is the crime and what are the figures that show its growth?
A global precise estimates of phenomenon is impossible due to the different legal treatment reserved for this type of crime in different countries, however, to provide a valid indication I extrapolated some data from the “2012 Identity Fraud Report 2011” study conducted by Javelin Strategy & Research. The company collects data related to US citizens to measure the overall impact of identity fraud on consumers.
In the next graphics is presented the progress of the Incident Rate from 2003.
The situation is worrying, 4.9% of U.S. Adults Were Victims of Fraud in 2011. After a sensible reduction of identity fraud incidence from 2009 to 2010, we see an increase this year of more than 10%. ID fraud increased to 4.90% in 2011 from 4.35% in 2010, which represents a 12.6% increase. The total number of identity fraud victims increased to about 11.6 million U.S. adults in 2011, compared to 10.2 million victims in 2010.
Despite the growth of incidents for for ID fraud, the annual overall fraud amount was at its lowest point of $18 billion since 2003 attributable to the rapid increase of thefts characterized by lower profits.
Particularly alarming is the growth of such crimes in computers. Which are the information that compose our digital identity?
On the Internet, our identity composed by:
The data are continuously exposed to high risk of frauds, the propensity of Internet users to the usage social networks and the rapid spread of mobile platforms create the right conditions for criminals.
Unlike the classic identity theft, for digital theft victims don’t have to wait for a thief to physically steal their information that can be stolen by computer criminals from the databases of banks, retailers, ISPs and also from victim’s PC.
In internet researches have identified three main schemas to realize identity thieves
According a Gartner Study on Internet identity theft, based on a survey of 5000 U.S. adult Internet users, it has been estimated that:
It ‘clear that the figures mentioned are a great attraction for criminal organizations that are devoting substantial resources and investments in the sector. An increasing component of organized crime is specializing in this kind of activity characterized by high profits and low risks compared to traditional criminal activities. In the US The Federal Trade Commission is monitoring the phenomenon of Identity Theft with main national agencies promoting several activities to aware the population regarding the risks derived to the crime exposure.
Prevention, Detection and Resolution Model
According to the guidelines provided by the Federal Trade Commission the fight to the identity theft crime must be articulated in three phases, the prevention, the detection and the resolution.
The prevention actions are different mainly based on the awareness on cyber threat and a constant monitoring of real exposure of personal information. It’s essential that population, and in particular internet user must know the threats related the divulgation and the improper usage of their data.
Personal information must be protected and citizens must be aware of the real usage of their info once provided.
The protection must be completed with detection actions, operations that must be in place to discover the identity thefts and frauds. Constant alerts and bulletins must be provided by the law enforcement every time a new fraud is detected. Private sector and government institution must cooperate to realize program and project to contain this type of crime supported by an adequate legal framework providing for severe penalties for these offenses.
Let’s try together to apply the model to two of main worrying scenarios, mobile and social networking. To prevent fraud and identity theft in mobile device usage let’s follow simple best practices:
Regarding the user’s behavior to have during the frequentation of social networks:
Prevention is better than cure