Trust Broker: A Defense Against Identity Theft From Online Transactions

Edvalson, Michael George

09 December 2005

The proliferation of online services over the years has encouraged more and more people to participate in Internet activities. Many web sites request personal and sensitive information needed to deliver the desired service. Unfortunately, it is difficult to distinguish the sites that can be trusted to protect such information from those that cannot. Many attempts to make the Internet easier to use introduce new security and privacy problems. On the other hand, most attempts at creating a safe online environment produce systems that are cryptic and hard to use. The TrustBroker system is based on a specialized online repository that safely stores user information and helps the user determine which sites can be trusted with their sensitive information. Also, the repository facilitates the transfer of the user's in- formation. The overall effect of the system is to inspire greater confidence in online participation among users who desire to protect their personal information.

identity theft

trust

repository

trust negotiation

Computer Sciences

Developing a Practical Intervention to Prevent Identity Theft: A Behavioral-Science Field Study

Downing, Christopher O'Brien Jr.

16 April 2010

Cashiers' identification-checking behaviors were observed at two grocery stores with the aim to actively involve cashiers in decreasing credit-card fraud. After baseline observations, cashiers at one store received a participative goal-setting and feedback intervention, whereby they collaboratively set a store goal for checking customers' identification. Over 23 days, the cashiers received one-to-one verbal feedback on their store's identification-checking percentages. The percentage of identification-checked purchases at the intervention store increased from 0.2 percent at Baseline to 9.7 percent during the Intervention. Then, it declined to 2.3 percent during Withdrawal, showing functional control of the intervention over the cashiers' target behavior. The cashiers at the other store served as the control group, and their percentage of identification-checked purchases were 0.3 percent, 0.4 percent, and 0.7 percent respectively during each of the A-B-A phases at the intervention store. It was also found the intervention affected male cashiers more than female cashiers. The present study also assessed the social validity of the current intervention by surveying both customers and cashiers from the intervention store. The results showed that customers do not mind getting their ID checked, while cashiers consider it important to check a customer for identification during a credit purchase. / Master of Science

identity theft

credit-card fraud

goal setting

feedback

Strategies to Prevent and Reduce Medical Identity Theft Resulting in Medical Fraud

Clement, Junior V.

01 January 2018

Medical identity fraud is a byproduct of identity theft; it enables imposters to procure medical treatment, thus defrauding patients, insurers, and government programs through forged prescriptions, falsified medical records, and misuse of victim's health insurance. In 2014, for example, the United States Government lost $14.1 billion in improper payments. The purpose of this multiple case study, grounded by the Health Insurance Portability and Accountability Act as the conceptual framework, was to explore the strategies 5 healthcare leaders used to prevent identity theft and medical identity fraud and thus improve business performance in the state of New York. Data were collected using telephone interviews and open-ended questions. The data were analyzed using Yin's 5 step process. Based on data analysis, 5 themes emerged including: training and education (resulting to sub-themes: train employees, train patients, and educate consumers), technology (which focused on Kiosk, cloud, off-site storage ending with encryption), protective measures, safeguarding personally identifiable information, and insurance. Recommendations calls for leaders of large, medium, and small healthcare organizations and other industries to educate employees and victims of identity theft because the problems resulting from fraud travel beyond the borders of medical facilities: they flow right into consumers' residences. Findings from this study may contribute to social change through improved healthcare services and reduced medical costs, leading to more affordable healthcare.

Healthcare fraud

Identity Theft

insurance fraud

Medical Identity Fraud

medical identity theft

Health and Medical Administration

Reducing the risk of e-mail phishing in the state of Qatar through an effective awareness framework

Al-Hamar, Mariam Khalid

January 2010

In recent years, cyber crime has focused intensely on people to bypass existing sophisticated security controls; phishing is one of the most common forms of such attack. This research highlights the problem of e-mail phishing. A lot of previous research demonstrated the danger of phishing and its considerable consequences. Since users behaviour is unpredictable, there is no reliable technological protective solution (e.g. spam filters, anti-viruses) to diminish the risk arising from inappropriate user decisions. Therefore, this research attempts to reduce the risk of e-mail phishing through awareness and education. It underlines the problem of e-mail phishing in the State of Qatar, one of world s fastest developing countries and seeks to provide a solution to enhance people s awareness of e-mail phishing by developing an effective awareness and educational framework. The framework consists of valuable recommendations for the Qatar government, citizens and organisations responsible for ensuring information security along with an educational agenda to train them how to identify and avoid phishing attempts. The educational agenda supports users in making better trust decisions to avoid phishing that could complement any technical solutions. It comprises a collection of training methods: conceptual, embedded, e-learning and learning programmes which include a television show and a learning session with a variety of teaching components such as a game, quizzes, posters, cartoons and a presentation. The components were tested by trial in two Qatari schools and evaluated by experts and a representative sample of Qatari citizens. Furthermore, the research proves the existence and extent of the e-mail phishing problem in Qatar in comparison with the UK where people were found to be less vulnerable and more aware. It was discovered that Qatar is an attractive place for phishers and that a lack of awareness and e-law made Qatar more vulnerable to the phishing. The research identifies the factors which make Qatari citizens susceptible to e-mail phishing attacks such as cultural, country-specific factors, interests and beliefs, religion effect and personal characteristics and this identified the need for enhancing Qatari s level of awareness on phishing threat. Since literature on phishing in Qatar is sparse, empirical and non-empirical studies involved a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government.

364.16

Selecting Online Vendors by Privacy Risks

Raza, Syed Qamar

01 January 2012

Many people have growing concerns about privacy issues, especially the treatment of personal information. Other researchers have demonstrated that consumers do not effectively use privacy policies while shopping online. Current research tends to focus on the contents of Online Privacy Policy (OPP). Often the OPP contains items to meet vendor interests rather than consumer concerns, such as how well the OPP reduces privacy risk. Moreover, various approaches interpret the contents of the OPP rather than the OPP effects on reducing privacy risk. These approaches have not made a substantial impact on consumer selection of a vendor. The research distinguished two types of Privacy Protection Information (PPI): the level of Vendor Privacy Risk (V) added by vendor practices allowed by the OPP and the level of Online Privacy Risk (O) not reduced by the OPP. A survey presented for each vendor the two types of PPI together with a product price. The results indicate that the respondents readily used PPI and preferred to have no Online Privacy Risk rather than no Vendor Privacy Risk. Of the six demographics attributes of the respondent, only the frequency of online shopping and the concern for privacy significantly increased the use of PPI. Recommendations were made for future research.

Identity Theft

Online Risk

Online Shopping

Personal Information

Privacy Risk

Vendor Risk

Computer Sciences

Identifying Business Risk Factors of Identity Theft

Minniti, Robert K.

01 January 2016

Businesses are under pressure to identify and control risks affecting profitability, including the risk of fraud. Identity theft, a type of fraud, costs businesses, governments, and individuals in excess of $56 billion a year. In order to develop good internal controls to help prevent and detect fraud, it is necessary to identify the risks to the business, but business owners are not always aware of what risk factors relate to identity theft. A nonexperimental research design formed the basis of this research study. The population for this study was data from all 50 U.S. states, represented via government databases maintained by the Federal Trade Commission, the U.S. Census Bureau, and the Department of Labor from all 50 U.S. states from 2008 until 2014. The fraud triangle theory formed the theoretical framework for this study. Regression analysis determined the significance of relationships between state-specific instances of international immigration, state-specific unemployment rates, and state-specific instances of identity theft. Both state-specific instances of international immigration and state-specific unemployment rates demonstrated a significant and positive relationship with instances of identity theft. The implications for positive social change include improved understanding of risk factors for identity theft, which could lead to lower costs of operation for businesses and lower prices for consumers.

fraud

identity theft

immigration

internal control

risk

unemployment

Accounting

Business

Criminology

Criminology and Criminal Justice

Detecting SSH identity theft in HPC cluster environments using Self-organizing maps

Leufvén, Claes

January 2006

<p>Many of the attacks on computing clusters and grids have been performed by using stolen authentication passwords and unprotected SSH keys, therefore there is a need for a system that can detect intruders masquerading as ordinary users. Our assumption is that an attacker behaves significantly different compared to an ordinary user. Previous work in this area is for example statistical analysis of process accounting using Support Vector Machines. We can formalize this into a classification problem that we will solve with Self-organizing maps. The proposed system will work in a tier model that uses process accounting and SSH log messages as data sources.</p>

SSH identity theft

cluster security

intrusion detection

Self organizing

Information technology

Informationsteknik

Using Web bugs and honeytokens to investigate the source of phishing attacks

McRae, Craig Michael,

January 2008

Thesis (M.S.)--Mississippi State University. Department of Computer Science and Engineering. / Title from title screen. Includes bibliographical references.

Phishing Warden : enhancing content-triggered trust negotiation to prevent phishing attacks /

Henshaw, James Presley,

January 2005

Thesis (M.S.)--Brigham Young University. Dept. of Computer Science, 2005. / Includes bibliographical references (p. 47-50).

Mapeamento de incidentes com identidades digitais e estratégias de controle em ambientes virtuais

GOMES, Anselmo Lacerda

31 August 2015

Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2016-04-07T13:22:15Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) AnselmoLacerdaGomesCInMsc (19-11-2015).pdf: 2341760 bytes, checksum: 06c1abb20d748a6921088b434a7b7cb3 (MD5) / Made available in DSpace on 2016-04-07T13:22:15Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) AnselmoLacerdaGomesCInMsc (19-11-2015).pdf: 2341760 bytes, checksum: 06c1abb20d748a6921088b434a7b7cb3 (MD5) Previous issue date: 2015-08-31 / O Roubo de Identidade Digital (RID) é o roubo de informações que resulta na possibilidade de alguém assumir a identidade da vítima. Em decorrência disso, credenciais de acesso e dados dispostos em qualquer meio eletrônico ficam vulneráveis, como em computadores e em dispositivos móveis. Ultimamente, esses dispositivos têm sido bastante visados pelos atacantes, devido à sensibilidade e pessoalidade dos dados nele armazenados. Senhas, informações bancárias, financeiras e de geolocalização são apenas alguns exemplos de dados expostos a essa vulnerabilidade moderna. O RID é uma prática que pode resultar no êxito de diversos outros crimes associados, por exemplo, estelionato, espionagem, ciberterrorismo e ciberguerra. Suas implicações são sérias, já que o atacante pode assumir o controle de instalações industriais, centros militares, governos e organizações inteiras, sendo imprevisíveis os danos à ordem pública e aos cidadãos. Neste trabalho foi utilizada a metodologia de mapeamento sistemático para identificar quais são os principais incidentes de segurança associados ao RID. Relações e relativizações foram realizadas a fim de mapear as suas principais causas e consequências. A principal contribuição desta dissertação é o mapeamento sistemático de RID. Finalmente, esta dissertação de mestrado objetivou delinear o conhecimento sobre o assunto, de forma atualizada, indicando diretrizes para a minimização ou completa prevenção de incidentes dessa natureza. / The Digital Identity Theft (DIT) is the stealing of information that allows the attacker to take the victim’s identity, somehow. This promotes the access to credentials and data disposed in computers, mobile devices or any electronic environment, making them vulnerable. Recently, mobile devices are being very targeted because of the sensibility and personality of the data found there. Passwords, bank, financial and geolocation information are just some examples of data being exposed by this modern vulnerability. DIT is a practice that may result in the success of many other associated crimes, like embezzlement, espionage, cyberterrorism and cyberwar. Its implications are serious because the attacker can assume the control of industrial facilities, military centres, government and entire organizations, damaging the public order and the people to an unpredictable extent. This work used the systematic mapping methodology to identify which are the main security incidents related to DIT. Relations and relativizations were performed to map its main causes and consequences. Finally, this dissertation aimed to delineate the knowledge on the subject, indicating guidelines to minimize or avoid entirely incidents with this nature.

Roubo de Identidade Digital

Mapeamento Sistemático

Segurança Digital

Cibercrimes

Digital Identity Theft

Systematic Mapping

Digital Security

Cybercrimes