Identity Theft: Exaggerated Risk or Real Threat? Essay

IntroductionYou become $92.13c left(p) in your Chase bevel account, contact us today with your details to switch from teleph wizard banking to online banking I was in the country scarce 72 hours and I was already subject to several(prenominal) mavin attempting to steal my individualism I am referring to the past(a) summer that I spent in the States working beneath a student visa. afterwards registering my mobile ph bingle and opening my first American bank account, I started getting texts like the unmatchable above. This my was my first personal exposure to the problem of Identity thieving, and after a quick Google search to wonder what I was dealing with, I found that it was a very common occurrence in America More than 57 million American adults receive phishing attack emails & texts each year from hackers or cyber thieves who get to to be trusted service providers to steal consumer account information, and more than half of those who responded become victims of Ide ntity stealth (Gartner Research, Phishing Attack Victims in all probability Victims for Identity stealing). Lucky I didnt respond to that text then, arent I? That was alone my polished run in with what has become a global problem everywhere the withstand decade.And, the more I delved into the reading for this question, the more I became aware of the vast amounts of literature available to me. I felt none of the other topics for this subsidisation had such in depth reading, which was to the highest degreely available online to me. at that place was online e-books, rough of which I purchased Identity thieving Secrets Ex constitute The Tricks of The softwood By Dale Penn, and Double Trouble by Neal OFarrell. Research websites were to a fault helpful, like the Gartner Research website. I found some very raise websites online, one of which Ill give a point Publications USA an American government run website, it had a air division to provide American consumers with i nformation on Identity theft. Sites like these helped me understand the impact of Identity larceny on the consumer, how the consumer battles it and ultimately this showed me how stemma must deal with it, in their every day transactions with consumers. in that location was a vast amount of Scholar articles I found online, through Google scholar of course, they took very interesting views on the problem, and posed some very good questions. These articles included Did Privacy issues cause indistinguishability theft? to articles such as Identity theft Myths, Methods and the New Law. Also, simply with a quick examine at the papers every Sunday for the past few weeks, I found plenty of significant in them Papers such as the Sunday Business Post, The fiscal Times, The Guardian & The Irish Times.They ever provided me with some affaire to read that was related to identity theft. After reading all this material, I saw both sides of the argument. close do believe Identity theft is a R eal threat to business and consumers alike. I ordain quickly look at how more of a problem this has become, and I provide then superman to some of the major(ip) nerves, and the impact of these field of studys on business. However, there are the those that believe Identity theft is over exaggerated, I will look closely at how researchers collect their entropy for research, and I will also look at the impact of this over-exaggeration within business, how it has sparked some companies within the surety business to come under scrutiny for over-exaggerating the jeopardy of Identity Theft.Why and how do Identity Thieves do it?Cybercrime has surpassed illegal drug trafficking as a crime enterprise Symantec Corporation, 2009 Identity thieves use the Internet as a weapon against idiosyncratic consumers by taking personal and financial information, such as credit card numbers and favorable security numbers, and then using that information to, purchase products or launder money (I dentity thieves have been cognize to purchase cars and homes or even create criminal records under another individuals identity) Overseas Digest, When deplorable Things Happen To your Good hit.Such a scheme can be devastating for an identity theft victim and can create financial be for credit card companies and other commercial entities. agree to Columbus state university research, computer player in general, within the U.S. alone, exceeds $3 billion each year, and in the U.K. exceeds 2.5 billion each year Columbus State University, 2011. These statistics alone show the huge impact of computer fraud and identity theft on the economy and businesses in the world we live in today. It shows what a moneymaking(a) business Identity Theft has become today.Cases of Identity Theft Causing a Real Threat in Business Arguably the most famous racing shell of Identity Theft is that of Frank Abagnale, who was pictured in the 2002 Hollywood blockbuster movie Catch Me if You Can DreamWorks ( film), 2002. In the 1960s, Abagnale eluded authorities by posing as characters such as an airline pilot, doctor, assistant Attorney General, and history professor, all the while single-foot up $4 million in bad cheques Posing Facts, 10 bizarre cases of Identity Theft. This bizarre case of Identity theft is portrayed in a comical sense in the film, with Tom Hanks left chasing shadows. provided for businesses in todays society it is furthest from comical, as the protection of consumers information poses major issues within business today. The best way to see the affects of Identity Theft on business is to rattling take a look at some of the major cases within the last few years. This will show the business issues and the implications it is having on business on a daily basis.The headlines within the last few years have highlighted the threat that Identity Theft poses. In what was dubbed at the time the volumedst ever case of identity theft to be prosecuted by the American Departm ent of Justice CBS News, 23rd Feb 2010, the Miami Hack ram (dubbed that by Miami New Times, May 20th 2010) stole over 100 million credit observance details over the course of 4 years. The credit card details, which they hacked, were stored by a number of companies one of which was T.J. Maxx, a British retailer (they would be kn make here in Ireland for their chain of stores called T.K. Maxx).The hackers gained access to the ships companionship systems of T.J. Maxx and stole personal information of over 45 million credit card and debit tease in July 2005. These cards be foresightfuled to the companys customers who purchased items from January 2003 to November 23, 2003, save the company did not discover the theft until much later in 2007 Identity Theft Awareness, 2011. Deepak Taneja, chief executive of Aveska, a firm that advised the company on information security commented at the time Its not clear when information was deleted, its not clear who had access to what, and its not clear whether the data kept in all these files was encrypted, so its very hard to know how big this was, St. Petersberg Times, 30th litigate 2007 This quote shows the issues TJ Maxx faced at the time.They simply didnt know how large this was, added to this was the fact that it took nearly 2 years to find the breach. A combination of the above led to huge consumer outrage at the way T.J. Maxx handled their customers information, and left consumers baffled as to why T.J. Maxx held onto the details for 2 years after the transactions had taken place. Many experts speculated that TJ Maxx would pay in a heartfelt way for the incident. Customers would abandon the brand for fear their personal information would be exposed, and investors would avoid the brand because of crippling fines and costs faced by the company. However, in the 12 months that followed the announcement of the breach, TJ Maxx never looked better.Revenues increased Profits increased, and share equipment casualty incre ased Neal OFarrell, Double Trouble 12 Reasons why were Losing the employment against Identity Theft. But what does this rigorous? Could this have been contrived as a clear message to TJ Maxx and other businesses that not totally is a data breach no big deal any more, but it may skilful be another acceptable cost of doing business? Perhaps. But there is still no wondering(a) the potential impact of a companys consumer information being breached.And, in the case of TJ Maxx, if the decently procedures were followed, this kind of occurrence may have been preventable. Despite the fact their Brand and profits didnt suffer, TJ Maxx accomplished this was a major wake up call. And it was still a learning curve for any business looking in. Lessons must be learnt 1) Collect only the minimum personal customer information required to complete a business transaction. 2) Retain the collected personal information for only as long as needed per business and legal requirements. 3) Monitor sys tems to detect unauthorized software and suspicious net income traffic such as unusual data subjectload in terms of size and time. Identity Theft Awareness, 2011.Businesses must constantly consider their risks and assess their internal controls to prevent costly incidents and their unintended consequences. As far as TJ Maxx, the company spent over $130 million to deal with the consequences of this international identity theft case. Even though their Brand didnt seem to suffer, and profits rose and investment wasnt hindered, TJ Maxx couldnt afford to take this risk again. Neal OFarrell, Double troubleThe second case Ill look at is that of Sonys PlayStation Network hack earlier this year. The details of 77 million of Sonys online PlayStation Network customers were breached. This most recent major intrusion has shown that Identity Theft is still a major issue for large corporations. This case again raised major questions about online transactions The Guardian, April 2011. Confidence in E-Commerce has always been a major problem for business OECD Reinforcing consumer confidence- keystone to Boosting e-commerce, it has been for years, after all, its the reason that most think doubly forward making an online purchase, its that lingering feeling that overshadows an online purchase.It is an obstacle that is being slowly removed, but correct backs like this do not help, as Steve Curran, creative director at the Brighton-based studio Zoe Mode, told Develop pickup From my perspective, the bigger issue is not about the PlayStation Network, but confidence in digital distribution generally. For every story like this that breaks in the mainstream press, consumer confidence about their details being safe is eroded. Confidence in online transactions has been make up, and I think will continue to, but this is a blip. It could be a little criterion back Develop Magazine, Digital distrust could follow, 2011. This hack was a major set back for the companys on going battle for control of the gaming market with Microsofts Xbox. And it was up to Sony to construct confidence in their brand after the major breach The Guardian, April, 2011.Is it an Exaggerated Risk?One thing I did notice when I was doing my research was that, most of the information we have on cyber crime losings is derived from surveys. But can one form an accurate estimate by survey alone? J. Ryan & T. Jefferson take up in their book The Use, Misuse, and Abuse of Statistics in Information Technology, that losses are extremely concentrated, so that representative sampling of the population does not give representative sampling of the losses as a whole. They also argue that losses are based on unverified self-reported numbers. Not only is it likely for a single outlier to distort the result, we find evidence that most surveys are dominated by a minority of responses in the upper tail J. Ryan and T. I. Jefferson The Use, Misuse, and Abuse of Statistics in Information Security Research. I n the 1983 federal official Reserve Survey of Consumer Finances an incorrectly recorded answer from a single individual erroneously in inflated the estimate of US household wealth by $1 trillion.This single erroneous belief added 10% to the total estimate of US household wealth Dinei Florencio & Cormac Herley, Microsoft research Sex, Lies and Cyber-Crime Surveys. In the 2006 Federal Trade Commission (FTC) survey of Identity Theft the answers of two respondents were discarded as not being identity theft and inconsistent with the record. Inclusion of both answers would have increased the estimate by $37.3 billion, in other words it would have turnd the estimate 3 fold Federal Trade Commission, 2007. In surveys of sexual behavior men consistently report having had more female sex partners than women report having had male sex partners (which is impossible). The disparity ranges from a factor of 3 to 9. It is pointed out that a tiny portion of men who claim, e.g., 100 or 200 lifeti me partners account for most of the difference.Removing the outliers all but eliminates the discrepancy Florencio & Herley, Microsoft Research. These seem like bare(a) mistakes, which could be avoided, however safeguards against producing these erroneous results seem largely ignored when it comes to Cyber-Crime surveys Florencio & Herley. So, what does this potential over exaggeration mean for business? This over exaggeration and bad estimates can have huge consequences on both preference allocation and in constitution issues within business and government alike. Imagine this, in a simple scenario a research company comes out with staggering new figures about the rise in Identity theft, online fraud, and the number of companies being sued by customers who were affected by their bad data protection protocols. This type of scenario has happened forwards take for example the research conducted by the ITRC (Identity Theft Resource Center) in 2008.They reported that Data Breaches so ared by 47% over 2007 ITRC, 2008 Data Breach Totals Soars. These kind of estimates can cause alarm bells to ring for some businesses, they in turn may pump more funds into the data protection systems in their own firm to prevent what they believed were Real Threats. Yet, as highlighted above there could be major issues with these statistics, and Florencio & Herley even mention the discrepancies of the ITRC yearly surveys in their book.Again, imagine the implications of such research on policy issues, especially government policy issues. If the government take the results of a certain survey on Identity Theft as a perceived Real Threat, and adopt major measures to tackle it, it could have major implications on business. For starters, it could maltreat consumer confidence in E-Commerce. Like I mentioned before, its the reason we all think twice before making a purchase online and isnt it the reason for the introduction of Prepaid Credit learning abilitys? mickle who have never expe rienced Identity Theft take measures to avoid it. And this could be all down to policy measures.Exaggerated Risk on business in the industryOn 29th defect 2011, CPP Group PLC, a British based company selling life assistance products, announced that the pecuniary Services Authority (FSA) would be launching an investigation into the sale of one of its products to U.K. customers. The product included operate such as credit-score monitoring, an Internet search facility wakefulness the user of inappropriate use of their data and a caseworker to help the person reinstate their identity The York Press, 30th March 2011. The financial operate Authoritys investigation centres around allegations that CPP overstated the risk of identity theft when selling insurance policy for that purpose. As a result in the investigation, CPP had to suspend all sales of its identity theft protection product with immediate effect. The product includes services such as credit-score monitoring, an Internet search facility alerting the user of inappropriate use of their data and a caseworker to help the person reinstate their identity.And, after announcing the news to the London stock exchange, shares in CPP fell a staggering 46% from 2.35 to 1.50, within one day of trading Financial Times, March 2011. The reason for this dramatic fall was, as Chief Executive Eric Woolley stated, Card and identity protection products in the U.K. accounted for more than 60 per cent of CPPs business Eric Woolley, March 2011. This shows how exaggerating the risk of Identity theft within this type of organisation can cause massive losses for a business. In one fowl swoop CPP Croup PLC lost almost half its market capitalisation, just because they were under investigation for over stating (A.K.A Exaggerating) the risk of Identity theft through calls to potential customers. This example shows that some can, and do, overstate the risk of Identity theft, and they reap the rewards as a result, as they can sell t he engineering science to tackle it.ConclusionIn the introduction I provided an overview of some of the literature and then within the assignment I took a look at both sides of the argument. Through the major cases above I have shown how Identity Theft is a Real Threat to business. However it is also a threat to small businesses, small businesses must follow the same guidelines as highlighted in the TJ Maxx instance. Failure to could possibly lead to the damaging effects of major fines, lawsuits and the damaging of the brand image of a company, as well as deterring investors. fagt forget the wider implications for business, with the growing trend towards e-commerce, many companies want to take advantage of this, however major data breaches as seen above can hamper the consumer confidence and set back this industry. Again this is a threat to business in this area.Is Identity theft over-exaggerated? You may think I strayed from the point a little here, but I felt it was important t o look at this side of the argument, and what drives it. What mainly drives it is that saddle horse of the argument that the surveys conducted are unreliable. I am personally not over awed by this argument, however the people who make the argument point to some interesting evidence of the inaccuracy of surveys from some top researchers in Identity Theft. A look into the CPP Group case gives another side to the exaggerated risk argument. Do people/corporations over-exaggerate the risk for their own benefit? Perhaps. But that is where regulation steps in, and in the case of CPP they had to change their marketing strategy within a few weeks once the FSA began an investigation. Overall, this was a very interesting topic to research, and it opened my eyes to some new areas of IT within business and some of the problems it must tackle.Bibliography1.Gartner Research, Phishing Attack Victims Likely Targets for Identity Theft, 4th May 2004 (http//www.social-engineer.org/wiki/archives/IdThei f/IdTheif-phishing_attack.pdf)2.Symantec Corporation Cyber Crime has Surpassed Illegal Drug Trafficking as a Criminal Money-maker 1 in 5 will become a Victim Sept tenth 2009 (http//www.symantec.com/about/news/release/article.jsp?prid=20090910_01)3.Overseas Digest Identity Theft When Bad things Happen to your Good Name. February 2001 (http//www.overseasdigest.com/odarticles/idtheives.htm)4.Columbus State UniversityIs There a Security Problem in Computing? -17 February 2011 (http//csc.columbusstate.edu/summers/notes/security.htm)5.DreamWorks (film) Catch me if you Can declination 25th 2002 (http//www.angelfire.com/biz7/netmeeting/catchme.html)6.Stefan Nagtegaal Data Theft 100 million Records stolen 13th August 2008 (http//whereismydata.wordpress.com/tag/tjx/)7.CBS News 11 Indicted in Largest ID Theft Case Ever Feb 23rd 2010 (http//www.cbsnews.com/stories/2008/08/05/tech/main4323211.shtml)8.Miami New Times The Biggest Identity case ever. Right here in Miami May 20th 2010 (http// www.miaminewtimes.com/content/printVersion/2270696/)9.Identity Theft Awareness TJ Maxx Identity Theft 2011 (http//www.identity-theft-awareness.com/tj-maxx.html)10.St. Petersberg Times TJX Hacker Theft May be Largest Security Breach. Data from 45.7-million Cards illegally Obtained March 30th 2007 (http//www.sptimes.com/2007/03/30/Business/TJX_hacker_theft_may_.shtml)11.Neal OFarrell E-BOOK Double Trouble 12 Reasons why were Losing the Battle against Identity Theft 2011 (http//www.identityguard.com/downloads/ebook-double-trouble.pdf)12.The Guardian PlayStation Network Hack Industry Reactions and Theories 29th April 2011 (http//www.guardian.co.uk/technology/gamesblog/2011/apr/29/psn-hack-industry-reactions?INTCMP=ILCNETTXT3487)13.OECD Reinforcing consumer confidence- Key to Boosting e-commerce 16TH November 2009 (http//www.oecd.org/document/20/0,3746,en_21571361_43348316_44078356_1_1_1_1,00.html)14.Develop Magazine Dvs on PSN hack digital distrust could follow twenty-seventh Apri l 2011 (http//www.develop-online.net/news/37568/Devs-on-PSN-hack-Digital-distrust-could-follow)15.J. Ryan and T. I. Jefferson The Use, Misuse, and Abuse of Statistics in Information Security Research 2003. (http//www.belt.es/expertos/HOME2_experto.asp?id=5752)16.Dinei Florencio & Cormac Herley, (Microsoft Research) Sex, Lies and Cyber-Crime Surveys. (http//www.belt.es/expertos/HOME2_experto.asp?id=5752)17.Federal Trade Commission 2006 Identity Theft Survey Report November 2007. http//www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf18.ITRC 2008 Data Breach Total Soars June 15th 2009 (http//www.idtheftcenter.org/artman2/publish/m_press/2008_Data_Breach_Totals_Soar.shtml)19.The Financial Times CPP in free fall amid FSA worries March 29th 2011 (http//www.ft.com/intl/cms/s/0/89a516dc-5a38-11e0-86d3-00144feab49a.htmlaxzz1eB8FvcKU)20.The York Press FSAs concerns contested as CPP Claims highest level of integrity - March 30th 2011 (http//www.yorkpress.co.uk/news/business/news/8 941469.Watchdog___s_concerns_contested_as_CPP_claims____highest_levels_of_integrity___/)