The Prevention of Internal Identity Theft-Related Crimes: A Case Study Research of the UK Online Retail Companies by Romanus Izuchukwu Okeke A thesis submitted in partial fulfilment for the requirements of the degree of Doctor of Philosophy at the University of Central Lancashire May 2015 STUDENT DECLARATION Concurrent registration for two or more academic awards I declare that while registered as a candidate for the research degree, I have not been registered candidate or enrolled student for another award of the University or other academic or professional institution. Material submitted for another award I declare that no material contained in the thesis has been used in any other submission for an academic award and is solely my own work. Signature of Candidate Type of Award PhD School Lancashire Business School [i] ABSTRACT Ranked the third biggest cyber security threats of 2013 by Forbes, Internal Identity Theft-Related Crimes (IIDTRC) leave countless victims in their wake, including online retail companies and consumers. With the rapid growth in the use of credit and debit cards in e-commerce, the online retail has been a key target for the IIDTRC perpetrators. IIDTRC involve the misuse of information systems (IS) by the dishonest employees to steal victims’ personal identifiable data. The crimes pose significant socio-economic impact and data security risks. In the context of online retail, relatively little research has been done to prevent IIDTRC. A few studies focus on situational-based IIDTRC prevention approach built on an independent use of software security. Others develop IIDTRC prevention frameworks in the context of generic e-businesses. The majority of the frameworks have little or no grounded empirical research. This research entitled the ‘The Prevention of Internal Identity Theft Related Crimes: A Case Study Research of the UK Online Retail Companies’, attempts to bridge this research gap. It provides answers to two questions – what is the nature of IIDTRC in online retail companies and what framework can be used for IIDTRC prevention. This research set out three aims to answer the two questions. First, it provides understanding of causes, methods of carrying out and prevention of IIDTRC. Second, it extends a role-based framework (RBF) for the prevention of IIDTRC. Third, it evaluates the extent the RBF can be applied in the prevention of IIDTRC in online retail companies. A qualitative case study was used to achieve these aims. The empirical data were collected in the northwest of UK from 2011 to 2013. The field study was carried through archival analysis, semi-structured interview and participant observation. Organisational role theory (ORT) was used to guide the concept of a role- based framework (RBF) – a collaborative approach where the key components of management work in unison is required to prevent IIDTRC. The attributes of RBF were synthesised from the recommended IIDTRC prevention practices. The empirical evidence suggests that IIDTRC perpetrators in online retail companies are likely to be the top management and call centre employees. The findings suggest that online retail consumers’ credits/debits cards details are as much vulnerable to IIDTRC as the companies’ identities such as trade secrets and trademarks. Furthermore, the common methods used by the IIDTRC perpetrators include collaboration, collusion, infiltration and social engineering. [ii] Some of the IIDTRC prevention practices, of which the majority is software security, are implemented without considering the contribution of human-centred security based on management roles. In examining the contribution of the management roles in implementing Information Systems security practices, major challenges that are faced by online retail companies were identified. They include lack of resources, lack of management support and lack of IIDTRC prevention awareness training. This research concludes that an application of RBF can reduce the impact of the identified challenges. This was suggested by applying RBF in conducting IS security auditing in three online retail companies. The finding from the selected companies suggests that the RBF approach can maximise management performance in providing effective IIDTRC prevention practices. It provides better returns on cost, quality and time in the IS security auditing. It has an impact on management attitudes on preventing IIDTRC by clarifying and aligning their roles in implementing effective IS security auditing. There is heterogeneity of this effect across the companies suggesting that some are utilising the RBF approach while others are not. The finding confirms the plausibility of the RBF attributes. It suggests that the human-centred security play an integral role for effective internal data security in preventing IIDTRC. It suggests that it pays to use the collaborative management roles approach for implementing IIDTRC prevention practices. Furthermore, the use of the RBF approach can improve the effectiveness of the online retail companies in preventing IIDTRC. The findings suggest that benefits may accrue from the RBF approach when supplemented with a collaborative IS auditing. The benefits depend on the level of management IT skills, their perception of their roles, top management support and the organisational operations. This research contributes to the literature in identity theft prevention in online retail. To IS security practitioners, it identifies the data security challenges and IIDTRC prevention practices. To theory, it extends a role-based framework for IIDTRC prevention. To the emerging research in the digital economy, it puts forward as a robust starting point for further related works in cyber security, cybercrimes prevention and criminology. [iii] TABLE OF CONTENTS STUDENT DECLARATION.............................................................................................. I ABSTRACT ....................................................................................................................... II LIST OF FIGURES ............................................................................................................ X LIST OF TABLES .............................................................................................................. X ACKNOWLEDGEMENTS ........................................................................................... XIII LIST OF ACRONYMS AND MEANINGS ................................................................... XIV CHAPTER 1 RESEARCH INTRODUCTION 1.1 Research Ba c k g r o u n d ............................................................................................. 1 1.2 Internal Identity Theft Related Crimes: Extent of the Problem .............................. 2 1.3 Internal Identity Theft Related Crimes: Global Issue ........................................ 2 1.3.1 Internal Identity Theft Related Crimes: UK Issue .......................................... 3 1.3.2 IIDTRC: Case of UK Online Retail Companies ............................................. 4 1.4 Related Studies on Internal Identity Theft Related Crimes .................................... 5 1.4.1 Prevention of IIDTRC: The Background of Role Sharing................................... 7 1.4.2 Concept of Role-based Framework ..................................................................... 9 1.5 Research Aim and Objectives .................................................................................... 10 1.6 Research Questions .................................................................................................... 11 1.7 Research Design and Methodology ............................................................................ 12 1.8 Research Benefits ....................................................................................................... 13 1.9 Thesis Outline ............................................................................................................. 14 [iv] CHAPTER 2 LITERATURE REVIEW 2.1 Introduction ................................................................................................................ 16 2.1.1 Literature Review Framework ........................................................................... 16 2.1.2 Review Background ........................................................................................... 17 2.2 Concepts of Internal Identity Theft Related Crimes: Definitions and Themes .......... 19 2.2.1 Definition of Internal Identity Theft Related Crimes: The Contextual Issues ... 20 2.2.2 Definition of IIDTRC: The Circumstantial Issues ............................................. 21 2.3 Understanding Internal Identity Theft Related Crimes at the Workplace .................. 25 2.3.1 Internal Identity Theft Related Crimes: Workplace Dishonesty ........................ 25 2.3.2 Internal Identity Theft Related Crimes: Perpetrators Motive ............................ 27 2.3.3 Summary of the Understanding of IIDTRC ....................................................... 34 2.4 Perpetration of Internal Identity Theft Related Crimes .............................................. 34 2.4.1 Enabling Elements for Perpetrating of IIDTRC ................................................ 35 2.4.2 Mechanisms for Perpetration of Internal Identity Theft Related Crimes ........... 36 2.4.3 Targeted Assets by the Internal Identity Theft Related Crimes Perpetrators ..... 39 2.4.4 IIDTRC Perpetrators: Who are they and where are they? ................................. 41 2.4.5
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages328 Page
-
File Size-