Identity Theft

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

Identity Theft is a special case of an Identity Pathology that is used to acquire access to financial accounts at a Web Site that can be exploited to provide the attacker with the means to steal or launder money or other user assets.

Context

  • There are many types of accounts that can be exploited by attackers. For example the attacker can use illegally acquired money in one country to over pay a user's tax account and then apply to that taxing authority for a refund.
  • The US Federal Trade Commission defines Identity Theft as "someone using your personal information to open accounts, file taxes, or make purchases". Note that stealing a credit card, which has no intrinsic value, is not a major crime. Using a stolen credit card account number to make a major purchase is a major crime.

Problem

  • The number of exploits against a user's assets has grown as users spend more time and money online.
  • It is easy at many Web Sites to create accounts. Only financial accounts that are in a depository institution (like a bank) are subject to strong Know Your Customer legislation.
  • The tendency of the internet to reduce Friction makes money crimes easier to create and harder to prosecute. So beware of any web offering that makes it easier for sites to charge your credit or debit cards with unspecified or unending amounts of money.

Solution

  • Users must be protected from fraudulent account creation by giving them control of their own User Private Information.
  • Still Users need to be aware of their own account status and monitor them for fraudulent activity.

References

  1. Ann Carrns, Freezing Credit Will Now Be Free. Here’s Why You Should Go for It. (2018-09-15) New York Times p. B4 https://www.nytimes.com/2018/09/14/your-money/credit-freeze-free.html