Identity Theft Identity Theft and and

Online Identity Online Identity SolutionsSolutionsHeidi InmanHeidi Inman

May 29, 2008May 29, 2008

Identity Theft DefinedIdentity Theft Defined

Fraud that involves stealing money Fraud that involves stealing money or getting other benefits by or getting other benefits by pretending to be someone else.pretending to be someone else.

The term is relatively new and is The term is relatively new and is actually a misnomer, since it is not actually a misnomer, since it is not possible to steal an identity, only to possible to steal an identity, only to use it.use it.

Types of Identity TheftTypes of Identity Theft Financial Identity Theft – using another’s identity Financial Identity Theft – using another’s identity

to obtain goods/servicesto obtain goods/services Criminal Identity Theft – posing as another when Criminal Identity Theft – posing as another when

apprehended for a crimeapprehended for a crime Identity Cloning – using another’s information to Identity Cloning – using another’s information to

assume his or her identity in daily lifeassume his or her identity in daily life Business/Commercial Identity Theft – using Business/Commercial Identity Theft – using

another’s business name to obtain creditanother’s business name to obtain credit

Techniques for Obtaining Techniques for Obtaining Personal InformationPersonal Information

Researching about the victim in Researching about the victim in government registers, internet search government registers, internet search engines, or public record search servicesengines, or public record search services

Stealing personal information in Stealing personal information in computer databases (Trojan horses, computer databases (Trojan horses, hacking)hacking)

Phishing - Impersonating a trusted Phishing - Impersonating a trusted company/institution/organization in an company/institution/organization in an electronic communication to promote electronic communication to promote revealing of personal informationrevealing of personal information

Techniques for Obtaining Techniques for Obtaining Personal Information Cont.Personal Information Cont.

Browsing social net sites such as Browsing social net sites such as MySpace and Facebook for personal MySpace and Facebook for personal details that have been posted by details that have been posted by usersusers

Remotely reading information from Remotely reading information from an an RFIDRFID chip on a smart card, RFID- chip on a smart card, RFID-enabled credit card, or passportenabled credit card, or passport

Actions taken by the United Actions taken by the United StatesStates

Identity Theft and Assumption Identity Theft and Assumption Deterrence ActDeterrence Act Makes the possession of any “means of Makes the possession of any “means of

identification” to “knowingly transfer, identification” to “knowingly transfer, possess, or use without lawful authority” a possess, or use without lawful authority” a federal crime.federal crime.

Punishment can be up to 5, 15, 20, or 30 Punishment can be up to 5, 15, 20, or 30 years in federal prison, plus fines, years in federal prison, plus fines, depending on the exact crime.depending on the exact crime.

Gives the Federal Trade Commission Gives the Federal Trade Commission authority to track the number of incidents authority to track the number of incidents and the dollar value of losses.and the dollar value of losses.

FTC StatsFTC Stats ID Theft is fastest growing crime in ID Theft is fastest growing crime in

AmericaAmerica 2003 estimate was that identity theft 2003 estimate was that identity theft

accounted for $52.6 billion of losses in the accounted for $52.6 billion of losses in the preceding year alonepreceding year alone

Affected more than 9.91 million Affected more than 9.91 million AmericansAmericans

Average fraud per person rose from Average fraud per person rose from $5,249 in 2003 to $6,383 in 2006$5,249 in 2003 to $6,383 in 2006

Average amount of time spent by victims Average amount of time spent by victims resolving the problem is about 40 hoursresolving the problem is about 40 hours

Fighting Identity TheftFighting Identity Theft

Single Sign-On (SSO) – a method of Single Sign-On (SSO) – a method of access control that enables a user to access control that enables a user to authenticate once and gain access to authenticate once and gain access to the resources of multiple software the resources of multiple software systems.systems.

Single Sign-Off – the reverse process Single Sign-Off – the reverse process whereby a single action of signing whereby a single action of signing out terminates access to multiple out terminates access to multiple software systems.software systems.

Implementations of Single Implementations of Single Sign-OnSign-On

Windows Live (Originally .NET Windows Live (Originally .NET Passport) – developed and provided by Passport) – developed and provided by MicrosoftMicrosoft Allows users to log in to many websites Allows users to log in to many websites

using one accountusing one account HotmailHotmail

SAML (Security Assertion Markup SAML (Security Assertion Markup Language) – used for Google Language) – used for Google ApplicationsApplications GmailGmail

Challenges and Advantages Challenges and Advantages to Single Sign-Onto Single Sign-On

Biggest challenge is getting long-time Biggest challenge is getting long-time users who’ve customized their own links users who’ve customized their own links and methods for accessing online and methods for accessing online services to change.services to change.

Advantages include reducing the amount Advantages include reducing the amount of internal fraud by malicious employee of internal fraud by malicious employee contact, convenience of password access, contact, convenience of password access, security on all levels of entry/exit/access security on all levels of entry/exit/access to systems, and centralized reporting for to systems, and centralized reporting for compliance adherence.compliance adherence.

Real ID ActReal ID Act

National ID Cards – electronically National ID Cards – electronically readable, federally approved ID cards readable, federally approved ID cards for Americans.for Americans.

If you live or work in the United States, If you live or work in the United States, you’ll need a federally approved ID you’ll need a federally approved ID card to travel on an airplane, open a card to travel on an airplane, open a bank account, collect Social Security bank account, collect Social Security payments, or take advantage or nearly payments, or take advantage or nearly any government service.any government service.

National ID CardNational ID Card

What will be stored on this card?What will be stored on this card? NameName Birth DateBirth Date SexSex ID NumberID Number Digital PhotographDigital Photograph AddressAddress Common Machine-Readable TechnologyCommon Machine-Readable Technology

National ID Card cont.National ID Card cont.

PositivesPositives Reduce FraudReduce Fraud Combat TerrorismCombat Terrorism Improve Airline SecurityImprove Airline Security

NegativesNegatives Potential to be misused by thieves with Potential to be misused by thieves with

RFID readersRFID readers Could promote irresponsible national Could promote irresponsible national

behaviorbehavior

Open IDOpen ID

Better way to identify a Better way to identify a person/organization on the internet.person/organization on the internet.

A shared identity service.A shared identity service. Allows Internet users to log on to many Allows Internet users to log on to many

different web sites using a single digital different web sites using a single digital identity.identity.

Eliminates the need for a different user Eliminates the need for a different user name and password for each site.name and password for each site.

Lets users control the amount of Lets users control the amount of personal information they provide.personal information they provide.

SourcesSources "SAML Single Sign-On (SSO) Service for Google Apps". 5/28/2008 "SAML Single Sign-On (SSO) Service for Google Apps". 5/28/2008

<http://code.google.com/apis/apps/sso/saml_reference_implementation.html>. <http://code.google.com/apis/apps/sso/saml_reference_implementation.html>. "Windows Live ID". 5/28/2008 "Windows Live ID". 5/28/2008

<http://en.wikipedia.org/wiki/Windows_Live_ID>. <http://en.wikipedia.org/wiki/Windows_Live_ID>. "Single Sign-On". 5/23/08 <http://en.wikipedia.org/wiki/Single_Sign-On>. "Single Sign-On". 5/23/08 <http://en.wikipedia.org/wiki/Single_Sign-On>. Christopher, Dawson. "Single signon portal makes sense for university". Christopher, Dawson. "Single signon portal makes sense for university".

ZDNet Education. 5/23/08 <http://education.zdnet.com?p=894>. ZDNet Education. 5/23/08 <http://education.zdnet.com?p=894>. "Identity Theft". 5/23/08 <http://en.wikipedia.org/wiki/Identity_theft>. "Identity Theft". 5/23/08 <http://en.wikipedia.org/wiki/Identity_theft>. "REAL ID Act". 5/28/08 <http://en.wikipedia.org/wiki/REAL_ID_Act>. "REAL ID Act". 5/28/08 <http://en.wikipedia.org/wiki/REAL_ID_Act>. Jon, Oltsik. "An easier identity solution". CNET News.com. 5/27/08 Jon, Oltsik. "An easier identity solution". CNET News.com. 5/27/08

<http://news.cnet.com/8301-10784_3-6151431-7.html>. <http://news.cnet.com/8301-10784_3-6151431-7.html>. Declan, McCullagh. "FAQ: How Real ID will affect you". CNET News.com. Declan, McCullagh. "FAQ: How Real ID will affect you". CNET News.com.

5/27/08 <http://news.cnet.com/FAQ-How-Real-ID-will-affect-you/2100-1028_3-5/27/08 <http://news.cnet.com/FAQ-How-Real-ID-will-affect-you/2100-1028_3-5697111.html>. 5697111.html>.

Declan, McCullagh. "National ID cards on the way?". CNET News.com. Declan, McCullagh. "National ID cards on the way?". CNET News.com. 5/27/08 <http://news.cnet.com/National-ID-cards-on-the-way---page-3/2100-5/27/08 <http://news.cnet.com/National-ID-cards-on-the-way---page-3/2100-1028_3-5573414-3.html>.1028_3-5573414-3.html>.

"OpenID". 5/28/08 <http://en.wikipedia.org/wiki/OpenID>. "OpenID". 5/28/08 <http://en.wikipedia.org/wiki/OpenID>.