In today’s world, we are constantly using the internet to communicate, shop online, transfer funds, pay bills and almost everything else under the sun to fill our leisure time. Living in the digital age, everything we do is recorded online and makes all types of information readily available and may end up in the wrong hands. Our online habits and usage put us at risk for a crime that we don’t really think about, which is financial online identity theft. Are adults even aware of what identity theft is and what can be done to protect their personal information online?
Defining identity theft according to Reyns and Henson (2016), “Identity theft involves the collection and use of an individual’s personal information, without his or her consent, for criminal purposes”. Cybercriminals can take and use your stolen credit card information to go on shopping sprees in your name and even accrue debts as they take out loans and mortgages (Jordan, Leskovar & Maric, 2018). This is particularly scary nowadays because we shop, pay bills, transfer funds all online. Identity theft can ruin your credit score, reputation and possibly be accused of a crime committed by the thief (Jordan, et. al., 2017).
On the other hand, Adrian Moise (2015) states that “there is no standard definition regarding identity theft”. Moise (2015) continues, “the only element which is found in the definitions regarding identity theft is that it is carried out in several phases”. In Phase 1, the act of obtaining identity related information, is further broken down to subcategories which criminalize the acts of online identity theft (Moise, 2015).
In Phase 1, subcategories are listed as illegal access to information systems, illegal system interface, illegal data interference, illegal interception, misuse of devices, and computer-related forgery (Moise, 2015). Phase 2 is listed as the act of possessing or transferring identity-related information and Phase 3 is the act of using identity-related information for criminal purposes (Moise, 2015). Although the definitions may appear to be defined in different ways, the overall meaning of identity theft is the same.
Most people are unaware of the existence of “data-brokers” who collect Americans’ information and then slice, dice and resell the information for marketing purposes and profit (Roberts, Indermaur & Spiranovic, 2013). Similar to a personal data “chop-shop”concept, this has become a multi-billion dollar industry. The internet provides the “means for conducting fraudulent activity with the stolen identity,” not limited to online banking and shopping online for goods (Roberts, et. al., 2013).
The National Crime Victimization Survey (NCVS) report indicates that in 2012, 7% of all households were affected by online identity theft (Reyns & Henson, 2016). In 2017, about 16.7 million Americans were affected, losing an estimated $16.8 billion (Schultz, 2018). According to Javelin (2018), The Identity Theft Study, found there were 1.3 million more victims in 2017, with the amount stolen rising to $16.8 billion.
These are the most recent and approximate estimated numbers for the last year. The number of account takeovers – “where cyber criminals gain access to an individual’s account and change the contact and security information associated with the account – rose by 61 percent from 2015 to 2017, reaching 1.4 million incidents resulting in over $2 billion in economic losses” (Schultz, 2018). These numbers continue to popularity of online shopping and use of online banking, bill pay, and transfer of funds.
The tricky part about this type of crime is that it may go completely unnoticed until time has passed. Victims can be left clueless of who or how their personal information was stolen (Fawzia, 2015).
As reported in the 2018 Identity Fraud Study, 6.64 percent of consumers became victims of identity fraud, an increase of almost one million victims from the previous year (Teller Vision Editors, 2018). Account takeover losses reached 5.1 billion, a 120 percent increase from 2016 and reaching a four-year all time high (Teller Vision Editors, 2018). It takes about 16 hours on average to resolve issues with account takeover, which equals more than 62.2 million hours of time lost in 2017 (Teller Vision, 2018).
In the 2018 Identity Fraud Study, showed that consumers were concerned about fraud, numbers rose from 51 percent in 2016 to 69 percent in 2017 (Teller Vision Editors, 2018). “In an early study by the Pew Internet and American Life Project the majority of Americans surveyed (87%) were concerned about credit card theft online, with 69% ‘very concerned’ ” (Roberts, Indermaur & Spiranovic, 2013). This “very concerned” group consisted of women, older adults and African-Americans (Roberts, et. al, 2013).
The loss isn’t always financial for identity theft victims. The victims may have to deal with psychological, emotional pain and suffering, stress from debt collectors calling and harrassing for collection, the rejection from loan and mortgage applications, and damage to reputations and possible arrest for the identity thief’s other crimes (Fawzia, 2015).
Common Forms of Identity and Cybertheft
Although we are researching identity theft, we want to narrow in on forms of online financial identity theft. According to an article written by Fawzia, there was a notable change in how the fraud was being committed (2015). Even though credit cards are the primary targets, the implementation of the chip reader in stores shifted theft from physical stores to online with the use of Paypal and other internet accounts such as Amazon (Fawzia, 2015).
The use of technology also makes identity theft possible by using social media and streaming content (Jordan, et. al., 2018). An important tip to follow is to always be careful what you post online. For example you could post a picture on Facebook, accidentally capturing a credit card in the background (Reznik, 2013). These cybercriminals are waiting patiently and preying on your personal information.
A popular method is malware, which is malicious software that can give criminals unauthorized and undetected access to computers and networks (Schultz, 2018). This type of software is uploaded without the user’s knowledge through clicking on links or a compromised website (Schultz, 2018). Adware is a form of malware, in which advertisements based on browsing are shown to redirect you to other websites to collect data about you (Sullins, 2006). There is also ransomware, which encrypts your personal data on the computer to make it virtually unusable unless the victim pays a ransom for the decryption (Malmo, 2018).
Another common way your information can be stolen is by phishing attacks. Phishing happens once a link or an email is opened, personal information, such as usernames, passwords, and account numbers are all vulnerable to be at risk of cyber theft (Schultz, 2018). Phishing attacks can also occur when spam emails are sent and appear to come from reputable companies, such as banks and charities, soliciting personal information such as a credit card numbers, passwords, and Social Security numbers (Hutchings & Hayes, 2009). Always make sure the website is accurate in its entirety before entering personal information for purchases. A simple suffix of a trusted website, typing “.co” instead of “.com” can lead you to a phishing attack (Hutchings & Hayes, 2009).
Using identical usernames and passwords on multiple sites give cybercriminals the chance to “purchase stolen login credentials on the dark web and then use those credentials to attempt to gain access to other websites, such as those of financial institutions to transfer funds” (Schultz, 2018). Matthew Loker (2018) also mentions that “saving your username and password on a company’s website or utilizing public wifi” can also put an individual at risk.
One of the most preventative measures that can be taken to avoid online identity theft is to be educated on the subject. Education can be found in various forms on the internet, information packets and reading up on the most current issues. The Federal Trade Commission operates IdentityTheft.gov, which you can find tips to protect your identity, report information and also receive a free personalized recovery plan (Ebbinghouse, 2005). Education is key for prevention and how to handle situations if ever in a compromised situation.
Along with educating yourself about identity theft, you can also take further measures such as installing and frequently updating antivirus and antispyware software on computers, smartphones, and tablets which prevent malware to be downloaded onto personal computers where financial information is readily available to thieves (Schultz, 2018).
The use of spam filters will also identify potential phishing emails and websites and it also helpful as a preventative measure as well as downloading a free web browser toolbar to alert you if you happen to access a phishing website (Ebbinghouse, 2005). In cases when emails are received where you do not recognize the sender, emails asking for sense of urgency, email requests for personal or financial information, or suspicious emails which include links or attachments should be deleted or opened with caution (Wardman,et. al. 2010).
Creating and using different usernames and complex passwords for each website can also be a puzzling deterrent for lurking cybercriminals (Schultz, 2018). The Department of Justice’s Office of Civil Rights also recommends using multi-factor authentication or a 2-factor authentication “for system logins instead of a single, more easily hackable password” for extra protection (Malmo, 2018). You should also always limit posting personal information on social media such as date of birth (Kess, et. al., 2017).
Enrolling in a commercial credit monitoring service can also prevent identity theft by immediately detecting and alerting you whenever fraudulent financial activity occurs (Kess, et.al., 2017). Equifax, Experian, or TransUnion are the three major credit bureaus, in which you can set up a free fraud alert to make it more difficult for thieves to make charges or open new accounts under your name (Ebbinghouse, 2005). You can also pay for a protection plan from companies such as Privacy Guard, True Credit, ID-Fraud Watch. These plans include credit monitoring as well as court records, social media monitoring, account takeover monitoring and may provide insurance for losses (Ebbinghouse, 2005).
It is also advised to communicate with your credit card companies to see if they offer any protection from an account takeover situation occurrence (Kess, et. al., 2017). You can even ask your credit card issuers for substitute ot temporary credit card numbers for internet purchases (Ebbinghouse, 2005).
Since no one can be completely immune to identity theft, there are ways to recover after being victimized from it. Cover all of your bases and report to your bank and credit card companies as soon as you notice any fraudulent activity on your account.
Account takeovers “involve the fraudulent use of a person’s credit card or bank account” and represent “86% of all identity theft” (Kess,et. al., 2017). This type of identity theft, or ATO, continues to be one of the most challenging for consumers with victims paying an average of $290 in out-of-pocket costs and spending 16 hours on average to resolve (Teller Vision Editors, 2018).
First, make sure to report to the police and get a police report. You can also report to the Better Business Bureau to file a complaint (Ebbinghouse, 2005). Kess, Grimaldi and Revels state that “protections can easily remedy the problem with no out-of-pocket cost to the victim” with zero-liability policies and second-factor authentication. A federal site, IdentityTheft.gov also offers a place to report information about your identity theft and then uses that information to send you a free personalized recovery plan to help you through each step (Fawzia, 2015). You can also call your credit card companies, bank and other online services and request new passwords and pin numbers (Ebbinghouse, 2005).
Private identity theft resolution services or credit repair services are also out there, but can be expensive to the consumer (Winslett, 2018). Another way is to hire a lawyer to organize and prepare disputes for fraudulent debts that may have accrued (Loker, 2018). Whether or not you want pay to dispute fraudulent charges, it’s totally up to the individual. Just know that there are many options out there to choose from.
The thought of someone stealing your personal information and racking up fraudulent debt is terrifying. We need to be more cautious of the dangers of cybercriminals online living in this digital world today. It is important that we place the preventative measures in place to protect our personal and financial information while shopping online or just posting on social media. Sign up for those credit alerts, get the antivirus software for all your electronic devices and read up on the latest information to keep yourself educated (Ebbinghouse, 2005). While you cannot be 100 percent immune to online identity theft, you can definitely do things to deter cybercriminals from stealing your information. Also, if you are ever exposed to cybertheft, know all of your options of how to recover from it.