Addressing Identity Crime in an Information Economy, 26 J

Total Page:16

File Type:pdf, Size:1020Kb

Addressing Identity Crime in an Information Economy, 26 J The John Marshall Journal of Information Technology & Privacy Law Volume 26 Issue 1 Journal of Computer & Information Law Article 2 - Fall 2008 Fall 2008 Beyond Whiffle-Ball Bats: Addressing Identity Crime in an Information Economy, 26 J. Marshall J. Computer & Info. L. 47 (2008) Erin Kenneally Jon Stanley Follow this and additional works at: https://repository.law.uic.edu/jitpl Part of the Computer Law Commons, Internet Law Commons, Privacy Law Commons, and the Science and Technology Law Commons Recommended Citation Erin Kenneally & Jon Stanley, Beyond Whiffle-Ball Bats: Addressing Identity Crime in an Information Economy, 26 J. Marshall J. Computer & Info. L. 47 (2008) https://repository.law.uic.edu/jitpl/vol26/iss1/2 This Article is brought to you for free and open access by UIC Law Open Access Repository. It has been accepted for inclusion in The John Marshall Journal of Information Technology & Privacy Law by an authorized administrator of UIC Law Open Access Repository. For more information, please contact [email protected]. \\server05\productn\S\SFT\26-1\SFT102.txt unknown Seq: 1 20-MAY-09 13:32 BEYOND WHIFFLE-BALL BATS: ADDRESSING IDENTITY CRIME IN AN INFORMATION ECONOMY ERIN KENNEALLY & JON STANLEY* I. INTRODUCTION Information technology has enabled Americans to live significant as- pects of their lives in a digital environment. The U.S. legal system’s re- sponse to this shift has been protracted, confused, and uninspired at times. A significant consequence of this muddled response has been a widening gap between a citizen’s expectations of a safe and secure digital environment and the stark reality of a chaotic and at times, dangerous, digital environment, mediated by various marketing and advertising perception machines.1 The situation resembles one where business and government, racing to exploit the new opportunities that technology inspires, set up a shop- ping mall to entice visitors. At the same time and unknown to the con- * Erin Kenneally is a licensed attorney and forensic scientist who consults, researches, publishes, and speaks on prevailing and forthcoming issues at the crossroads of information technology and the law. These include evidentiary, privacy, and policy implica- tions related to information forensics, information security, privacy technology and infor- mation risk. Ms. Kenneally is founder and CEO of Elchemy, Inc.and holds a Cyber Forensics Analyst position at the University of California San Diego. Ms. Kenneally holds Juris Doctorate and Master of Forensic Sciences degrees. Jon Stanley is the Director of Tech Law for Elchemy, Inc. and Principal of the Law Firm of Jon Stanley. His focus areas include regulatory concerns for business entities, information security, privacy, cybercrime, cyberspace insurance, and intellectual property, about which he has spoken at various na- tional conferences including the American Bar Association, Computer Security Institute and the Annual RSA Conference. Mr. Stanley earned his J.D. from the University of Maine Law School and his LL.M. in Information Technology and Telecommunications Law from Strathclyde Law School, UK. This project was supported by Award No. 2005-IJ-CX-K061 and 2006-DE-BX-K001 awarded by the National Institute of Justice, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in this publication/program/exhibition are those of the author(s) and do not necessarily reflect the views of the Department of Justice. 1. See WordNet, http://wordnet.princeton.edu/perl/webwn?s=chaotic (last visited Aug. 12, 2008) (search definition of “chaotic:” “lacking a visible order or organization”). 47 \\server05\productn\S\SFT\26-1\SFT102.txt unknown Seq: 2 20-MAY-09 13:32 48 JOURNAL OF COMPUTER & INFORMATION LAW [Vol. XXVI sumer, this “mall” is a zone where each beleaguered consumer is largely left to his own devices to protect himself from fraud or theft.2 While the legal system does not allow the outright bludgeoning of harried citizen- consumers in these malls, it implicitly demands a threshold of a near- mugging before it will intervene on the citizens’ behalf. Moreover, con- sumers’ choices are increasingly limited to these “unprotected” malls as institutions raze their concrete stores and migrate to the virtual stores. This would be an untenable scenario in the physical world, yet it is suggested that this is happening in the digital world. This tension be- tween consumer expectations and reality can be viewed as a macro re- flection of the features-versus-security tradeoff in software development, where the longstanding and dominant first-to-market policy has not co- incidentally spawned demand for more secure code. Yet in this larger digital mall space the outcry for security is dispersed and muffled, thus allowing institutions to continue to drive consumers towards digital transactions without a corresponding investment in the security that would be required in the “physical” marketplace. This paper will explore the underpinnings and state of these pernicious dynamics in the context of identity crime, suggest likely consequences if nothing is done to alter the dynamics, and offer some solutions to bring a more well-founded sense of stability, safety, and order to this emerging and chaotic digital world. In the throes of an accelerated period of change, society is struggling to make rational choices that strike a balance between traditional con- sumer expectations about safety and the grim realities of fraud and theft that the consumer faces online. The fear, uncertainty and doubt sur- rounding personal information privacy are the primary manifestations of this dynamic. The most tangible instantiation of this privacy fear3 has arguably been the explosion in both alleged and actual Identity Theft Crime(“IDC”).4 IDC exposes the rift between citizens’ expectations of sta- bility and security, and the reality of society’s information age institu- tions’ management of digital data. This paper attempts to drive a proverbial zamboni across the dialogue about the identity theft problem 2. In the digital world these “devices” include, for example, improperly configured firewalls, continuous software patch updates, and anti-virus/malware/spam software. 3. See Press Release, TRUSTe, TRUSTe Report Reveals Consumer Awareness and Attitudes about Behavioral Targeting (Mar. 26, 2008), available at http://www.truste.org/ about/press_release/03_26_08.php. 4. See U.S. Dept. of Justice, http://www.usdoj.gov/criminal/fraud/websites/idtheft. html (last visited Aug. 27, 2008). For our purposes here, and throughout the paper the term Identity Theft Crime (“IDC”) means: “Identity theft and identity fraud are terms used to refer to all types of crime [or tort violations] in which someone [or some entity] wrongfully obtains and uses or intends to use another person’s personal data [or identifying informa- tion and/or symbols] in some way that involves fraud or deception, typically [but not exclu- sively] for economic gain.” \\server05\productn\S\SFT\26-1\SFT102.txt unknown Seq: 3 20-MAY-09 13:32 2008] BEYOND WHIFFLE-BALL BATS 49 rather than taking yet another swing at this complex topic with a whif- fle-ball bat. We will highlight the compartmentalized and imbalanced role that the free market and law enforcement plays in response to this emerging threat to privacy, the implications of this dynamic, and recom- mendations for improving the societal risk management of Identity Crime. A. THE QUESTIONS THAT WILL DEFINE THE ANSWERS Fundamental questions that must be addressed in any analysis of IDC include: What is identity in the analog world? What is identity in a digital environment? How is identity unlawfully acquired and used? How and when does this dynamic invoke legal protections? How are and should these legal protections be measured in terms of recoverable loss and/or damages? What is the nature and scope of IDC, and conse- quently, where are the risk allocation points during the lifecycle of IDC where responsibility and liability for prevention, detection and response should attach? This paper is motivated in part by what the authors con- tend to be a lack of satisfactory, objective answers to these questions. While this paper does not answer the totality of these questions it ex- poses the shortcomings of the predominant discourse about IDC, which is often as superficial as the perceptions it ingrains. In so doing, the goal is to direct solution-focused dialogue on these critical issues by providing a deeper and more comprehensive understanding of the role of key insti- tutional forces on the structure and functions of IDC. An examination starts with the contention that that the relation- ships between citizens and their institutions are undergoing, at mini- mum, two significant role transformations in the digital environment.5 Specifically, we dissect the IDC crisis6 as owing to the dominion of un- regulated or misguided free market forces.7 It is further suggested that these misguided, or unbounded, free market forces are forging and man- 5. By this term we mean any environment where digital information, information us- ing a series of ones and zeros, is stored. 6. See Press Release, Federal Trade Commission, FTC Testifies on Identity Theft (July 12, 2000), available at http://www.ftc.gov/opa/2000/07/identity.shtm. Jodie Bernstein, Director of the FTC’s Bureau of Consumer Protection, delivered the agency’s testimony before the Subcommittee on Technology, Terrorism and Government Information of the Senate Judiciary Committee, stating “The fear of identity theft has gripped the public as few consumer issues have,” the testimony says. “Consumers fear the potential financial loss from someone’s criminal use of their identity to obtain loans or open utility accounts. They also fear the long lasting impact on their lives that results from the denial of a mort- gage, employment, credit, or an apartment lease when credit reports are littered with the fraudulently incurred debts of an identity thief.” Id.
Recommended publications
  • 2020 Identity Theft Statistics | Consumeraffairs
    2020 Identity Theft Statistics | ConsumerAffairs Trending Home / Finance / Identity Theft Protection / Identity theft statistics Buyers Guides Last Updated 01/16/2020 News Write a review 2020Write a review Identity theft statistics Trends and statistics about identity theft Learn about identity theft protection by Rob Douglas Identity Theft Protection Contributing Editor In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses. According to the FTC’s “Consumer Sentinel Network Data Book,” the most common categories for fraud complaints were imposter scams, debt collection and identity theft. Credit card fraud was most prevalent in identity theft cases — more than 167,000 people reported a fraudulent credit card account was opened with their information. Identity theft trends in 2019 In the next year, the Identity Theft Resource Center (ITRC) predicts identity theft protection services will primarily focus on data breaches, data abuse and data privacy. ITRC also predicts that https://www.consumeraffairs.com/finance/identity-theft-statistics.html 2020 Identity Theft Statistics | ConsumerAffairs consumers will become more knowledgeable about how data breaches work and expect companies to provide more information about the specific types of data breached and demand more transparency in general in data breach reports. Cyber attacks are more ambitious According to a 2019 Internet Security Threat Report by Symantec, cybercriminals are diversifying their targets and using stealthier methods to commit identity theft and fraud. Cybercrime groups like Mealybug, Gallmaker and Necurs are opting for off-the-shelf tools and operating system features such as PowerShell to attack targets. Supply chain attacks are up 78% Malicious PowerShell scripts have increased by 1,000% Microsoft Office files make up 48% of malicious email attachments Internet of Things threats on the rise Cybercriminals attack IoT devices an average of 5,233 times per month.
    [Show full text]
  • Suspect Until Proven Guilty, a Problematization of State Dossier Systems Via Two Case Studies: the United States and China
    University of Pennsylvania ScholarlyCommons Publicly Accessible Penn Dissertations Fall 2009 Suspect Until Proven Guilty, a Problematization of State Dossier Systems via Two Case Studies: The United States and China Kenneth N. Farrall University of Pennsylvania, [email protected] Follow this and additional works at: https://repository.upenn.edu/edissertations Part of the Asian Studies Commons, Communication Technology and New Media Commons, International and Intercultural Communication Commons, and the Social Influence and oliticalP Communication Commons Recommended Citation Farrall, Kenneth N., "Suspect Until Proven Guilty, a Problematization of State Dossier Systems via Two Case Studies: The United States and China" (2009). Publicly Accessible Penn Dissertations. 51. https://repository.upenn.edu/edissertations/51 This paper is posted at ScholarlyCommons. https://repository.upenn.edu/edissertations/51 For more information, please contact [email protected]. Suspect Until Proven Guilty, a Problematization of State Dossier Systems via Two Case Studies: The United States and China Abstract This dissertation problematizes the "state dossier system" (SDS): the production and accumulation of personal information on citizen subjects exceeding the reasonable bounds of risk management. SDS - comprising interconnecting subsystems of records and identification - damage individual autonomy and self-determination, impacting not only human rights, but also the viability of the social system. The research, a hybrid of case-study and cross-national comparison, was guided in part by a theoretical model of four primary SDS driving forces: technology, political economy, law and public sentiment. Data sources included government documents, academic texts, investigative journalism, NGO reports and industry white papers. The primary analytical instrument was the juxtaposition of two individual cases: the U.S.
    [Show full text]
  • The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future
    World Privacy Forum The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future By Pam Dixon and Robert Gellman April 2, 2014 Brief Summary of Report This report highlights the unexpected problems that arise from new types of predictive consumer scoring, which this report terms consumer scoring. Largely unregulated either by the Fair Credit Reporting Act or the Equal Credit Opportunity Act, new consumer scores use thousands of pieces of information about consumers’ pasts to predict how they will behave in the future. Issues of secrecy, fairness of underlying factors, use of consumer information such as race and ethnicity in predictive scores, accuracy, and the uptake in both use and ubiquity of these scores are key areas of focus. The report includes a roster of the types of consumer data used in predictive consumer scores today, as well as a roster of the consumer scores such as health risk scores, consumer prominence scores, identity and fraud scores, summarized credit statistics, among others. The report reviews the history of the credit score – which was secret for decades until legislation mandated consumer access -- and urges close examination of new consumer scores for fairness and transparency in their factors, methods, and accessibility to consumers. About the Authors Pam Dixon is the founder and Executive Director of the World Privacy Forum. She is the author of eight books, hundreds of articles, and numerous privacy studies, including her landmark Medical Identity Theft study and One Way Mirror Society study. She has testified before Congress on consumer privacy issues as well as before federal agencies.
    [Show full text]
  • Using Big Data Analytics to Fight Identity Fraud
    Primary IDA Color Palette Secondary Color Palette - Medium R122 R247 R0 R0 R154 R250 R47 R165 G134 G143 G53 G114 G155 G187 G163 G194 B142 B30 B95 B156 B157 B119 B255 B218 Gray Orange Navy Blue Blue Using Big Data Analytics Gray Orange Navy Blue Blue R106 R84 R102 R191 R42 R147 R165 R216 G154 G148 G49 G191 to Fight Identity Fraud G197 G201 G113 G216 B194 B63 B144 B191 B255 B129 B206 B216 Light Blue Green Purple Light Gray Light Blue Green Purple Light Gray Dr. Stephen Coggeshall Chief Analytics and Science Officer ID Analytics/Lifelock 2nd Workshop of Mission-Critical Big Data Analytics Prairie View, May 16,17 A Symantec Company © 2017 ID Analytics, Inc. Confidential Primary IDA Color Palette Secondary Color Palette - Medium R122 R247 R0 R0 Outline R154 R250 R47 R165 G134 G143 G53 G114 G155 G187 G163 G194 B142 B30 B95 B156 B157 B119 B255 B218 Gray Orange Navy Blue Blue Gray Orange Navy Blue Blue • All about identity fraud R106 R84 R102 R191 – modes R42 R147 R165 R216 G154 G148 G49 G191 G197 G201 G113 G216 B194 B63 B144 B191 B255 B129 B206 B216 – examples Light Blue Green Purple Light Gray Light Blue Green Purple Light Gray • Using big data analytics to catch identity fraud – a look into our technology © 2017 ID Analytics, Inc. Confidential 2 One column Primary IDA Color Palette Secondary Color Palette - Medium ID Analytics Overview R122 R247 R0 R0 R154 R250 R47 R165 G134 G143 G53 G114 G155 G187 G163 G194 B142 B30 B95 B156 ID Analytics applies advanced analytics to a unique sources of U.S.
    [Show full text]
  • The First Paper Presents the Results of a Joint Study Undertaken by Staff At
    NONBANKS IN THE PAYMENTS SYSTEM: INNOVATION, COMPETITION, AND RISK— A Conference Summary By Richard J. Sullivan and Zhu Wang∗ From the early days of automated card sorting to the more recent times of the Internet and check imaging, payments and payments processing have continually embraced new technology. At the same time, the industry has been shaped by its share of entry and exit, through startups, mergers, and the reorganization of businesses seeking the proper scope of horizontal and vertical integration. Many of these changes have introduced new risks to payments. In response, public policy has evolved to help manage these risks. These changes have enabled nonbank organizations to play a larger role in the payments system. Nonbanks have followed a number of pathways to more prominence: purchasing bank payment processing subsidiaries, carving out niches in the payments market through innovation, and taking advantage of economies of scale made possible by shifting to electronic forms of payment. The contributions of nonbanks are undeniable. They have introduced some of the most far-reaching innovations to the payments system in recent years, leading to greater efficiencies in payments processing. At the same time, nonbanks have changed the dynamics of competition in payments, leading to a significant change in the system’s risk profile. The Federal Reserve Bank of Kansas City sponsored a conference on nonbanks in the payments system in Santa Fe, N.M., on May 2-4, 2007. The conference addressed many of the key questions raised by the growing presence of nonbanks in payments. Have recent payments innovations been more likely to come from nonbanks? Have nonbanks improved or harmed competition in payments? Have nonbanks increased risk or helped to develop tools to manage it? ∗ Richard J.
    [Show full text]
  • Member Guide
    Table of Contents Welcome....................................................................................................................... 1 Consumer Services Student Loan Solutions ................................................................................................ 3 Credit Monitoring .......................................................................................................... 4 ID Theft & Fraud Resolution ........................................................................................ 5 Legal Advice ................................................................................................................. 6 Financial Advice............................................................................................................ 6 Online Legal Resource Center ..................................................................................... 7 Tax Preparation/Consultation ....................................................................................... 9 Terms & Conditions................................................................................................ 10-11 Phone Directory .......................................................................................................... 12 1 Welcome CONGRATULATIONS! Thank you for selecting the Student Assist Plus benefits plan and joining the thousands of other individuals that rely on our professional team to help them save money. Our valuable membership plan provides exclusive offers & savings on services such as: • Student
    [Show full text]
  • Identity Theft Protection Summary
    ROCHESTER INSTITUTE OF TECHNOLOGY Identity Theft Protection Table of Contents Introduction ...........................................................................................................................................................2 Important Note About Passwords .....................................................................................................................2 General Information ..............................................................................................................................................2 Who is Covered and When ..............................................................................................................................2 You Need to Enroll ...........................................................................................................................................3 Proof of Eligibility for Family Members .............................................................................................................3 Open Enrollment ..............................................................................................................................................4 Election Changes During the Plan Year ...........................................................................................................4 Who Pays For This Protection ..........................................................................................................................4 What the Identity Theft Protection Benefit Covers ................................................................................................5
    [Show full text]
  • Identity Theft Glossary
    Identity Theft Glossary •Account takeover: An account takeover is when a fraudster uses personal information to ​ ​ obtain products and services. Credit card fraud is the most rampant, but skimming and phishing are also common types of account takeovers. •Anti-virus: Anti-virus software runs continuously in the background of a computer and ​ ​ scans for viruses, worms and malware every time the user accesses a website or downloads anything. •Bait and switch: A bait and switch attack is when a hacker buys advertising space on a ​ ​ webpage and then links the advertisement to a page infected with malware. •Black hat hacker: All hackers are capable of compromising computer systems and creating ​ ​ malware, but black hat hackers use these skills to commit cybercrimes. •Blockchain: A blockchain is a string of time-stamped digital records shared between ​ ​ multiple computers. If the data in one block changes, all subsequent blocks in the blockchain reflect the alteration and become invalid. Blockchains help prevent identity theft and fraud by making it difficult to tamper with the data in a block. •Bot: Short for “robot,” a bot is an autonomous program that interacts with computer ​ ​ systems in a way that appears or attempts to appear human. Hackers can use bots to mine for usernames and passwords used to commit identity fraud. •Cookie theft: Cookie theft is when a cybercriminal makes copies of unencrypted session ​ ​ data and then uses that data to impersonate someone else. •Credential cracking: Credential cracking describes the various methods — word lists, ​ ​ guessing and brute-force — cybercriminals use to obtain passwords. Credential cracking threats are why it’s important to create varied and complicated passwords for all accounts.
    [Show full text]
  • Enroll Today! Identity Theft Occurs Almost Every 3
    I de n tit y T h eft P r otectio n S olutio n S Identity theft occurs almost every 3 seconds! Last year over 11 million Americans were victims of Identity Theft; that translates into a new victim every 3 seconds. This makes identity theft the single largest and fastest growing category of crime in the United States. Last year, for every burglary in the United States six identities were stolen. Are you next?? • Over 11 million U.S. victims last year • 37% increase over the last three years • 47% of ID Theft victims encounter credit problems • ID Theft causes an average of $4,841 in damage per victim • ID Theft restoration can take hundreds of hours Get protected... • by a solution that monitors 1,000+ databases and over 650 billion data points • by a system that rapidly detects identity fraud • by a secure web site that provides you an identity score and report • by ICFE certified specialists that restore your identity if it is compromised Enroll today! And take advantage of IdentaVault’s world class identity theft prevention programs. Whether you are looking for basic protection from our Silver Program, advanced protection from our Gold Program or premium protection from our Platinum Program, IdentaVault has a program to fit your needs. (see Enrollment Form on back). About IdentaVault IdentaVault is one of the fastest growing identity theft prevention providers in the United States. IdentaVault has been in the identity theft industry for years, well before identity theft became a mainstream concern. As a subsidiary of Ocenture, LLC, a two-time Inc.
    [Show full text]
  • KBA —Responsible Use and Scoring February 10, 2004
    PEC Solutions, Inc Leadership in e-Government Solutions KBA —Responsible Use and Scoring February 10, 2004 www.pec.com Introduction Time Complexity of Algorithms Tootsie Roll Pop Internet Identity riddle And Public Perception Leads to … Responsible Use Implementation Best Practices PEC Solutions, Inc. February 2004 -Page 2- Traditional Criticisms of KBA Internet commoditization of Data Accuracy of data furnished to CRA or KB provider Reconciling furnisher’s and CRA’s profit motives with stewardship responsibilities Perception that inquiries can impact credit score LEGEND Consumer Reporting Agency Furnisher KBA KBA Service KBA Provider PEC Solutions, Inc. February 2004 -Page 3- Traditional Criticisms of KBA (Continued) Human Factors Dependence on candidate’s memory Alienation factors (Question selection) Discrimination Solutions must acknowledge Public Opinion Perception Real fears about fraud/identity theft and its consequences PEC Solutions, Inc. February 2004 -Page 4- Overcoming these Criticisms Depends on… Lessons from the Legal World Responsible Use Implementation Best Practices Consistent and defined Scoring Model PEC Solutions, Inc. February 2004 -Page 5- KBA Scoring 1. Identify Verification (valid, existing ID) 2. Identity Authentication - Out of Wallet questions With whom does the user have his car loan? What amount does he pay each month for his mortgage? Who is his ISP? Who is his car insured with? KBA vendor provides a probability (score) that the identity binding is bona fide. Score returned from KBA vendor should not to be confused with an “Identity Score” – which no vendor will yet provide. Vendors require customers to set score thresholds (assuming liability for incorrectly authenticated individuals) PEC Solutions, Inc. February 2004 -Page 6- Factors Influencing Implementation & Score Data Checks Accuracy – Consistency Legitimacy Data Source Diversity Number of data sources (Credit, IRS, Dept.
    [Show full text]
  • Identity Theft Glossary 2021
    Identity Theft Glossary •Account takeover: An account takeover is when a fraudster uses personal information to ​ ​ obtain products and services. Credit card fraud is the most rampant, but skimming and phishing are also common types of account takeovers. •Anti-virus: Anti-virus software runs continuously in the background of a computer and ​ ​ scans for viruses, worms, and malware every time the user accesses a website or downloads anything. •Bait and switch: A bait and switch attack is when a hacker buys advertising space on a ​ ​ webpage and then links the advertisement to a page infected with malware. •Black hat hacker: All hackers can compromise computer systems and create malware, but ​ ​ black hat hackers use these skills to commit cybercrimes. •Blockchain: A blockchain is a string of time-stamped digital records shared between ​ ​ multiple computers. If the data in one block changes, all subsequent blocks in the blockchain reflect the alteration and become invalid. Blockchains help prevent identity theft and fraud by making it difficult to tamper with the data in a block. •Bot: Short for “robot,” a bot is an autonomous program that interacts with computer ​ ​ systems in a way that appears or attempts to appear human. Hackers can use bots to mine for usernames and passwords used to commit identity fraud. •Cookie theft: Cookie theft is when a cybercriminal makes copies of unencrypted session ​ ​ data and then uses that data to impersonate someone else. •Credential cracking: Credential cracking describes the various methods — word lists, ​ ​ guessing, and brute-force — cybercriminals use to obtain passwords. Credential cracking threats are why it’s crucial to create varied and complicated passwords for all accounts.
    [Show full text]
  • This May Be the Best Strategy to Reduce Online Fraud Risk
    F OCUS ON F RAUD This May Be the Best Strategy to Reduce Online Fraud Risk by Stephan Barney raud losses continue to plague online retailers, even though some recent statistics suggest that the tide is turning. A new F study by Experian fraud analysts explores an innovative new data enhancement strategy to help make mitigating fraud risk a reality. n the face of it, online More at Stake A Dearth of Useful Information fraud appears to be In actual dollars, fraud losses Online merchants face two Odeclining—at a limited are growing as the volume of busi- concurrent challenges in fighting rate. Charge-backs due to fraudu- ness conducted online continues to fraud. First, they typically rely on lent activity decreased in 2003, increase dramatically. Online con- a limited amount of internal and according to the Merchant Risk sumer purchases were up 25-30% order information that is not Council (MRC), a nonprofit mem- in 2003 (U.S. Department of always effective in detecting bership organization that works to Commerce) and are expected to fraudulent transactions. For exam- protect and encourage secure rise at a similar pace for the next ple, the information provided in online commerce for merchants several years. an online order is usually limited and consumers. In the MRC’s Online fraud also imposes hid- to name, address, phone number, 2003 member survey, only 10% of den costs that go well beyond actu- and credit card number, and a respondents reported fraudulent al dollars charged back. Revenue is merchant’s internal database may charge-back rates greater than 1%, lost when legitimate orders are only tell them if the customer has compared to 18% of respondents turned away because they look sus- previously ordered from the site.
    [Show full text]