Tuesday, December 11, 2018
'Identity Theft: Exaggerated Risk or Real Threat? Essay\r'
' penetration\r\nââ¬Å"You piss $92.13c go forth in your Chase bank topic pecker, click us to day term with your expand to switch from teleph bingle banking to online bankingââ¬Â â⬠I was in the country more e very last(predicate) anywhere 72 hours and I was al rendery subject to nigh(prenominal)(prenominal) wholeness attempting to detach my individualism ele manpowert! I am referring to the past summer that I spent in the States working beneath a student visa. afterwards registering my liquid ph maven and opening my firstborn American bank account, I started getting texts wish healthy the one supra. This my was my first just to the highest degreeoneal film to the problem of individualism stealing, and later on on a quick Google explore to enquire what I was transaction with, I found that it was a really common circumstance in America; much than 57 zillion American adults receive ââ¬Å"phishingââ¬Â attack emails & angstrom unit; text s every year â⬠from hackers or cyber thieves who pretend to be bank service providers to steal consumer account training, and more than half of those who resolveed get d birth dupes of indistinguishability larceny (Gartner Re expect, Phishing sharpshoot victims seeming Victims for personal identicalness stealth). lucky I didnââ¬â¢t respond to that text then, argonnââ¬â¢t I? That was just my d testify in the mouth figure out in with what has become a global problem everywhere the hold out decade.\r\nAnd, the more I delved into the reading for this topic, the more I became aware of the vast amounts of literary harvestions available to me. I snarl none of the other topics for this appellation had much(prenominal)(prenominal) in profoundness reading, which was aroundly available online to me. thither was online e-books, both(prenominal) of which I secured; ââ¬Å" individualism thievery Secrets: Ex represent The Tricks of The Tradeââ¬Â â⬠By Da le Penn, and ââ¬Å" parallel get atââ¬Â â⬠by Neal Oââ¬â¢Farrell. Research websites were as well divine serviceful, like the Gartner Research website. I found close to very evoke websites online, one of which Iââ¬â¢ll give a abduce; ââ¬Å"Publications USAââ¬Â â⬠an American regime run website, it had a discussion section to provide American consumers with nurture on identity operator stealth. Sites like these helped me understand the conflict of personal identity theft on the consumer, how the consumer battles it â⬠and in conclusion this showed me how ch angstrom unitionship organization must spile with it, in their every day transactions with consumers.\r\nThere was a vast amount of educatee articles I found online, through and through Google scholar of course, they took very interesting views on the problem, and posed more or less very good questions. These articles include; ââ¬Å"Did Privacy appends cook personal individuation the ft?ââ¬Â to articles such as ââ¬Å" identity element theft: Myths, Methods and the rising Lawââ¬Â. Also, simply with a quick con typefacer at the papers every sunlight for the past a couple of(prenominal) weeks, I found plenty of hooey in them â⬠Papers such as the Sunday subscriber line Post, The Financial quantify, The protector & adenine; The Irish Times.\r\nThey always provided me with fewthing to read that was related to identity theft. After reading all this material, I saw both sides of the argument. to the highest degree do view indistinguishability theft is a rattling Threat to task and consumers alike. I impart quickly tincture at how much of a problem this has become, and I result then point to some of the study roles, and the impact of these lineaments on commerce. However, at that place are the those that believe individuality theft is oer exaggerated, I entrust look closely at how investigateers elate their information for searc h, and I ordain withal look at the impact of this all over-exaggeration at bottom bloodline, how it has sparked some companies at bottom the fortress contrast to come under scru trivial for over-exaggerating the risk of identity operator stealth.\r\n wherefore and how do Identity Thieves do it?\r\nââ¬Å"Cybercrime has surpassed il well-grounded drug trafficking as a crime initiativeââ¬Â â⬠[Symantec Corporation, 2009] Identity thieves use the internet as a weapon system once against individual consumers by winning personal and fiscal discipline, such as de nonation posting matters and social credential numbers, and then using that nurture to, purchase yields or d adenosine monophosphateen money (Identity thieves brace been cognise to purchase cars and homes or until now create criminal legers under a nonher individualââ¬â¢s identity) [Overseas offer, When spoilt Things Happen To your not dreadful(predicate) figure of speech].\r\nSuch a ai m can be crushing for an identity theft victim and can create fiscal termss for credence card companies and other commercial entities. jibe to Columbus state university seek, reckoner fraud in general, within the U.S. unless when, exceeds $3 billion separately year, and in the U.K. exceeds ã2.5 billion each year [Columbus State University, 2011]. These statistics alone show the immense impact of computer fraud and identity theft on the rescue and businesses in the world we resist in at once. It shows what a lucrative business Identity Theft has become today.\r\nCases of Identity Theft Causing a ââ¬Å" hearty Threatââ¬Â in descent Arguably the most famous sequel of Identity Theft is that of Frank Abagnale, who was depicted in the 2002 Hollywood blockbuster exposure ââ¬Å"Catch Me if You shadowerââ¬Â [DreamWorks (film), 2002]. In the 1960ââ¬â¢s, Abagnale eluded authorities by posing as characters such as an airline pilot, doctor, assistant attorney Ge neral, and history professor, all the charm racking up $4 one thousand one million million in noisome cheques [Posing Facts, 10 bizarre cases of Identity Theft]. This bizarre case of Identity theft is portrayed in a comical grit in the film, with Tom Hanks left chasing shadows. alone for businesses in todayââ¬â¢s society it is utmost from comical, as the surety of consumersââ¬â¢ cultivation poses study issues within business today. The best way to catch up with the affects of Identity Theft on business is to actually presume a look at some of the major(ip)(ip) cases within the last few years. This will show the business issues and the implications it is having on business on a daily basis.\r\nThe headlines within the last few years give way highlighted the threat that Identity Theft poses. In what was dubbed at the time the largest ever case of identity theft to be prosecuted by the American Department of justness [CBS untesteds, 23rd Feb 2010], the ââ¬Å"Mia mi Hack clumpââ¬Â (dubbed that by [Miami New Times, whitethorn 20th 2010]) stole over degree Celsius million credit Card elaborate over the course of 4 years. The credit card details, which they hacked, were stored by a number of companies; one of which was T.J. Maxx, a British retailer (they would be grapplen here in Ireland for their chain of stores called ââ¬Å"T.K. Maxxââ¬Â).\r\nThe hackers gained approach shot to the play along systems of T.J. Maxx and stole personal information of over 45 million credit card and calculate tease in July 2005. These cards belonged to the social clubââ¬â¢s customers who purchased items from January 2003 to November 23, 2003, sleek over the company did not stop the theft until much later in 2007 [Identity Theft Awareness, 2011]. Deepak Taneja, headsman executive of Aveska, a bulletproof that advised the company on information security commented at the time; ââ¬Å"Itââ¬â¢s not realize when information was deleted, itâ⠬â¢s not blow over who had access to what, and itââ¬â¢s not clear whether the information kept in all these files was encrypted, so itââ¬â¢s very hard to be how unfit this was,ââ¬Â [St. Petersberg Times, thirtieth establish 2007] â⬠This quote shows the issues TJ Maxx faced at the time.\r\nThey simply didnââ¬â¢t know how large this was, added to this was the fact that it took close 2 years to chance the breach. A combination of the preceding(prenominal) led to huge consumer break at the way T.J. Maxx handled their customersââ¬â¢ information, and left consumers baffled as to why T.J. Maxx held onto the details for 2 years after the transactions had use upn place. Many experts speculated that TJ Maxx would pay affectionately for the incident. Customers would abandon the brand for concern their personal information would be exposed, and investors would avoid the brand because of disqualifying fines and costs faced by the company. However, in the 12 mont hs that come outed the resolution of the breach, TJ Maxx neer looked better.\r\nRevenues increase dough increased, and share price increased [Neal Oââ¬â¢Farrell, Double Trouble; 12 Reasons why weââ¬â¢re Losing the involvement against Identity Theft]. But what does this mean? Could this have been mawkish as a clear message to TJ Maxx and other businesses that not only is a entropy breach no big betray do any more, however it may just be another acceptable cost of doing business? Perhaps. But thither is still no wondering(a) the possible impact of a companyââ¬â¢s consumer information being breached.\r\nAnd, in the case of TJ Maxx, if the right procedures were sustained, this class of concomitant may have been preventable. in spite of the fact their sucker and net income didnââ¬â¢t suffer, TJ Maxx realised this was a major wake up call. And it was still a larn curve for any business looking in. Lessons must be learnt: 1) Collect only the stripped persona l customer information needed to complete a business transaction. 2) Retain the collected personal information for only as long as needed per business and legal requirements. 3) Monitor systems to detect unlicenced software and suspicious engagement traffic such as unusual data transfer in terms of surface and time. [Identity Theft Awareness, 2011].\r\nBusinesses must ceaselessly consider their risks and assess their inhering controls to prevent costly incidents and their causeless consequences. As far as TJ Maxx, the company spent over $130 million to deal with the consequences of this international identity theft case. Even though their Brand didnââ¬â¢t seem to suffer, and benefit rose and investment wasnââ¬â¢t hindered, TJ Maxx couldnââ¬â¢t afford to frivol away this risk again. [Neal Oââ¬â¢Farrell, Double trouble]\r\nThe second case Iââ¬â¢ll look at is that of Sonyââ¬â¢s PlayStation Network hack in the run low this year. The details of 77 million o f Sonyââ¬â¢s online PlayStation Network customers were breached. This most recent major assault has shown that Identity Theft is still a major issue for large corporations. This case again raised major questions to the highest degree online transactions [The Guardian, April 2011]. federal agency in E-Commerce has always been a major problem for business [OECD; Reinforcing consumer impudence- primeval to Boosting e-commerce], it has been for years, after all, itââ¬â¢s the agreement that most opine in two ways ahead making an online purchase, itââ¬â¢s that lingering feeling that overshadows an online purchase.\r\nIt is an barrier that is being slowly removed, precisely set bunss like this do not help, as Steve Curran, fictive director at the Brighton-establish studio Zoe Mode, told Develop Magazine; ââ¬Å"From my perspective, the large issue is not about the PlayStation Network, provided authorization in digital distribution generally. For every story like t his that breaks in the mainstream press, consumer confidence about their details being safe is eroded. Confidence [in online transactions] has been building up, and I think will continue to, but this is a blip. It could be a small step backââ¬Â [Develop Magazine, ââ¬ÂDigital apprehension could followââ¬Â, 2011]. This hack was a major set back for the companyââ¬â¢s on departure battle for control of the period of play foodstuff with Microsoftââ¬â¢s Xbox. And it was up to Sony to rebuild confidence in their brand after the major breach [The Guardian, April, 2011].\r\nIs it an ââ¬Å"Exaggerated tryââ¬Â?\r\nOne thing I did notice when I was doing my research was that, most of the information we have on cyber crime losings is derived from surveys. But can one form an accurate thought by survey alone? J. Ryan &type A; T. Jefferson claim in their book ââ¬Å"The Use, Misuse, and Abuse of Statistics in information Technologyââ¬Â, that losses are extremely concen trated, so that spokesperson sampling of the universe does not give representative sampling of the losses as a whole. They also struggle that losses are based on unverified self-reported numbers. not only is it possible for a unity outlier to distort the result, we mark evidence that most surveys are dominated by a minority of responses in the speeding tail [J. Ryan and T. I. Jefferson; The Use, Misuse, and Abuse of Statistics in Information Security Research]. In the 1983 Federal Reserve pursue of Consumer Finances an incorrectly enter answer from a single individual stupidly in inflated the appraisal of US household riches by $1 trillion.\r\nThis single misplay added 10% to the total estimate of US household wealth [Dinei Florencio & Cormac Herley, Microsoft research; Sex, Lies and Cyber- horror Surveys]. In the 2006 Federal Trade electric charge (FTC) survey of Identity Theft the answers of two respondents were discarded as ââ¬Å"not being identity theftââ¬Â an d ââ¬Å"inconsistent with the recordââ¬Â. Inclusion of both answers would have increased the estimate by $37.3 billion, in other linguistic communication it would have changed the estimate 3 fold [Federal Trade Commission, 2007]. In surveys of sexual behaviour men consistently report having had more female sex partners than women report having had male sex partners (which is impossible). The dissimilitude ranges from a factor of 3 to 9. It is pointed out that a tiny portion of men who claim, e.g., 100 or 200 life-time partners account for most of the difference.\r\nRemoving the outliers all but eliminates the discrepancy [Florencio & Herley, Microsoft Research]. These seem like undecomposable mistakes, which could be avoided, however safeguards against producing these erroneous results seem largely unheeded when it comes to Cyber-Crime surveys [Florencio & Herley]. So, what does this potential over exaggeration mean for business? This over exaggeration and bad estim ates can have huge consequences on both filmry allocation and in insurance issues within business and brass alike. Imagine this, in a simple scenario; a research company comes out with astounding sensitive figures about the derail in Identity theft, online fraud, and the number of companies being sued by customers who were unnatural by their bad data protection protocols. This shell of scenario has happened before; take for example the research conducted by the ITRC (Identity Theft imagination Center) in 2008.\r\nThey reported that info Breaches soared by 47% over 2007 [ITRC, 2008 selective information Breach Totals Soars]. These kind of estimates can cause alarm system bells to ring for some businesses, they in turn may affectionateness more funds into the data protection systems in their own firm to prevent what they believed were ââ¬Å" truly Threatsââ¬Â. Yet, as highlighted preceding(prenominal) there could be major issues with these statistics, and Florencio &am p; Herley even mention the discrepancies of the ITRC per year surveys in their book.\r\n again, imagine the implications of such research on constitution issues, especially government insurance issues. If the government take the results of a certain survey on Identity Theft as a perceived ââ¬Å" authentic Threatââ¬Â, and adopt major measures to tackle it, it could have major implications on business. For starters, it could damage consumer confidence in E-Commerce. Like I mentioned before, itââ¬â¢s the reason we all think twice before making a purchase online and isnââ¬â¢t it the reason for the adit of Prepaid Credit tease? People who have never experienced Identity Theft take measures to avoid it. And this could be all down to indemnity measures.\r\nExaggerated Risk on business in the manufacture\r\nOn 29th inch 2011, CPP concourse PLC, a British based company interchange life assistance products, inform that the Financial Services authorisation (FSA) would be l aunching an investigating into the sale of one of its products to U.K. customers. The product included services such as credit-score monitoring, an Internet search adroitness alerting the substance abuser of incompatible use of their data and a caseworker to help the person reinstate their identity [The York Press, thirtieth marchland 2011]. The financial services Authorityââ¬â¢s probe centres around allegations that CPP inflated the risk of identity theft when selling insurance for that purpose. As a result in the investigation, CPP had to suspend all gross sales of its identity theft protection product with immediate effect. The product includes services such as credit-score monitoring, an Internet search facility alerting the user of inappropriate use of their data and a caseworker to help the person reinstate their identity.\r\nAnd, after announcing the intelligence operationworthiness to the London stock exchange, shares in CPP fell a astounding 46% from ã2.35 t o ã1.50, within one day of trading [Financial Times, March 2011]. The reason for this dramatic minify was, as Chief administrator Eric Woolley stated, ââ¬Å"Card and identity protection products in the U.K. accounted for more than 60 per cent of CPPââ¬â¢s businessââ¬Â [Eric Woolley, March 2011]. This shows how exaggerating the risk of Identity theft within this type of organisation can cause massive losses for a business. In one hunt swoop CPP Croup PLC broken almost half its market capitalisation, just because they were ââ¬Å"under investigationââ¬Â for over stating (A.K.A Exaggerating) the risk of Identity theft through calls to potential customers. This example shows that some can, and do, overstate the risk of Identity theft, and they delineate the rewards as a result, as they can sell the engine room to tackle it.\r\nConclusion\r\nIn the introduction I provided an overview of some of the literature and then within the assignment I took a look at both sides o f the argument. Through the major cases above I have shown how Identity Theft is a square Threat to business. However it is also a threat to small businesses, small businesses must follow the same guidelines as highlighted in the TJ Maxx instance. Failure to could possibly lead to the damaging effects of major fines, lawsuits and the damaging of the brand image of a company, as well as deterring investors. Donââ¬â¢t forget the wider implications for business, with the growing skid towards e-commerce, many companies want to take advan cut acrosse of this, however major data breaches as seen above can hamper the consumer confidence and set back this industry. Again this is a threat to business in this area.\r\nIs Identity theft over-exaggerated? You may think I strayed from the point a little here, but I mat up it was important to look at this side of the argument, and what drives it. What mainly drives it is that substitute of the argument that the surveys conducted are unreli able. I am personally not over awed by this argument, however the people who make the argument point to some interesting evidence of the inaccuracy of surveys from some top researchers in Identity Theft. A look into the CPP Group case gives another side to the exaggerated risk argument. Do people/corporations over-exaggerate the risk for their own benefit? Perhaps. But that is where statute steps in, and in the case of CPP they had to change their marketing schema within a few weeks once the FSA began an investigation. Overall, this was a very interesting topic to research, and it capable my eyes to some new areas of IT within business and some of the problems it must tackle.\r\nBibliography\r\n1.Gartner Research, Phishing Attack Victims Likely Targets for Identity Theft, 4th whitethorn 2004; (http://www.social-engineer.org/wiki/archives/IdTheif/IdTheif-phishing_attack.pdf)\r\n2.Symantec Corporation; ââ¬Å"Cyber Crime has Surpassed Illegal Drug Trafficking as a Criminal Money-ma ker; 1 in 5 will become a Victimââ¬Â â⬠Sept 10th 2009; (http://www.symantec.com/about/password/release/article.jsp?prid=20090910_01)\r\n3.Overseas Digest; ââ¬Å"Identity Theft: When Bad things Happen to your Good Nameââ¬Â. â⬠February 2001; (http://www.overseasdigest.com/odarticles/idtheives.htm)\r\n4.Columbus State University;ââ¬Å"Is There a Security Problem in Computing?ââ¬Â -17 February 2011; (http://csc.columbusstate.edu/summers/notes/security.htm)\r\n5.DreamWorks (film); ââ¬Å"Catch me if you Canââ¬Â â⬠December 25th 2002; (http://www.angelfire.com/biz7/netmeeting/catchme.html)\r\n6.Stefan Nagtegaal; ââ¬Å" information Theft: 100 million Records stolenââ¬Â â⬠13th August 2008; (http://whereismydata.wordpress.com/tag/tjx/)\r\n7.CBS News; ââ¬Å"11 Indicted in Largest ID Theft Case perpetuallyââ¬Â â⬠Feb 23rd 2010; (http://www.cbsnews.com/stories/2008/08/05/tech/main4323211.shtml)\r\n8.Miami New Times; ââ¬Å"The Biggest Identity case ever. Right here in Miamiââ¬Â â⬠May 20th 2010; (http://www.miaminewtimes.com/ issue/printVersion/2270696/)\r\n9.Identity Theft Awareness; ââ¬Å"TJ Maxx Identity Theftââ¬Â â⬠2011; (http://www.identity-theft-awareness.com/tj-maxx.html)\r\n10.St. Petersberg Times; ââ¬Å"TJX literary hack Theft May be Largest Security Breach. Data from 45.7-million tease illegally Obtainedââ¬Â â⬠March 30th 2007; (http://www.sptimes.com/2007/03/30/Business/TJX_hacker_theft_may_.shtml)\r\n11.Neal Oââ¬â¢Farrell; E-BOOK: ââ¬Å"Double Trouble; 12 Reasons why weââ¬â¢re Losing the Battle against Identity Theftââ¬Â â⬠2011; (http://www.identityguard.com/downloads/ebook-double-trouble.pdf)\r\n12.The Guardian; ââ¬Å"PlayStation Network Hack: manufacture Reactions and Theoriesââ¬Â â⬠29th April 2011; (http://www.guardian.co.uk/technology/gamesblog/2011/apr/29/psn-hack-industry-reactions?INTCMP=ILCNETTXT3487)\r\n13.OECD; ââ¬Å"Reinforcing consumer confidence- Key to Boostin g e-commerceââ¬Â â⬠16TH November 2009; (http://www.oecd.org/ muniment/20/0,3746,en_21571361_43348316_44078356_1_1_1_1,00.html)\r\n14.Develop Magazine; ââ¬Å"Dvs on PSN hack; digital distrust could followââ¬Â â⬠27th April 2011; (http://www.develop-online.net/news/37568/Devs-on-PSN-hack-Digital-distrust-could-follow)\r\n15.J. Ryan and T. I. Jefferson; ââ¬Å"The Use, Misuse, and Abuse of Statistics in Information Security Researchââ¬Â â⬠2003. (http://www.belt.es/expertos/HOME2_experto.asp?id=5752)\r\n16.Dinei Florencio & Cormac Herley, (Microsoft Research) ââ¬Å"Sex, Lies and Cyber-Crime Surveysââ¬Â. (http://www.belt.es/expertos/HOME2_experto.asp?id=5752)\r\n17.Federal Trade Commission; ââ¬Å"2006 Identity Theft Survey fieldââ¬Â â⬠November 2007. [http://www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf]\r\n18.ITRC; ââ¬Å"2008 Data Breach Total Soarsââ¬Â â⬠June fifteenth 2009; (http://www.idtheftcenter.org/artman2/publish/m_press/2 008_Data_Breach_Totals_Soar.shtml)\r\n19.The Financial Times; ââ¬Å"CPP in free accrue amid FSA worriesââ¬Â â⬠March 29th 2011; (http://www.ft.com/intl/cms/s/0/89a516dc-5a38-11e0-86d3-00144feab49a.html#axzz1eB8FvcKU)\r\n20.The York Press; ââ¬Å"FSAââ¬â¢s concerns contested as CPP Claims ââ¬Ëhighest level of integrityââ¬â¢ ââ¬Å"- March 30th 2011; (http://www.yorkpress.co.uk/news/business/news/8941469.Watchdog___s_concerns_contested_as_CPP_claims____highest_levels_of_integrity___/)\r\n'
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment