ebook img

Online identity theft. PDF

141 Pages·2009·1.919 MB·English
by  OECD
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Online identity theft.

Online Identity Theft The growth of the Internet and e-commerce has taken ID theft to new levels. Using widely available Internet tools, thieves trick unsuspecting computer users into providing personal data, which they then use for illicit purposes. Online Identity Theft The potential for fraud is a major hurdle in the evolution and growth of online commerce. EpGteloTsIgeDotnlnhu-igou vpc ebetibdteshao nelaiypnlyecmsca l umf huhtttmmprih;orvnpe eaeeiawainosc s nntgtt sfash rirndreta luaa ove nrismttosawero dt. cfrs.e pt i roophteweehn uo-crooibssspnofru a sekbmmomnetsornkme,sae oli.apintr nekessrge nid uiv a sdsr;Ia nDe etttsdhoser ptv:r -h Ioeepicnceeucuoteffetibtnfiosl,ril ncs lnimd–cu ee w: mta tpwht anouaeeyhy srr sda t feOn oatetr enchsEfiisrdu anCsa st ebhrDu IeeioDsIp D imfena s trtgd,teh-h h eaameideswqnfo fbtudbat ne,ca ro eireabtno enncotdklo eoytu bh s–uscpe sntoos rr atonucmyrdtlia-fieebflndmeescaerrd tept he sasaitadnunhsivg.ibdee tenTis da moshtt taafi,ienav fkn-nsej eltoaeeisinnarnw es lf tlso e,tyy etc fpaeffpurneepossdcss me t oitdvo f e , CecCcEeCcCcEeC--y-oyo-Y-YYOOcccbbnCnCBoBoBoeeNNssOOmrmrmEuEuESSffmmMmmMmRRRrrUUeeeeeaFaFMFMrMrrMrruuTRRc c cdEdEccEEeNeeAA oRoR e ReRDccUcUnn--CCh h hcfcf DCDCTaiEaiEaoodd lO lOlHm m eCeCllClCnnNmeINmeeOORHcHncnneeFFegNegDNgrrAAII eecDecDcS cSLLssFseeyyEUELU L ObbcccccNENEMMeeooyhUhrNrNCCbnnaaEEfRfesslGGlEErrRRrululT a aEEeefmm E EHuunCinCSSree--ddg grOs rOC FC eCeCte e IsNOcsNOc -F-YYf ococFcFMcTiMBBfnonoooIIHtfDmfEDmMEMnnhii dmdRmsREsE FEIfeeuueRuNFNIFonRnmRrmrRSRucCcCcCeteSreeTAeAhrrEEE tT UcU ch Sctc EEySChh oDoDEtb--ianEnHrhC CCe lCfCfdiCrlArOiOOi ddefOBdOsLrneMeNM e NLnsNagnFcDMeucMEceSoDIcdesF eNnUTEEo TTdccecGHnMRR-Hy oyHdfcEICbCbnER i IoreFefSsREERDrsmiruIr D Rtf fCmmC CsC rrF SftYeeHFaHaOOi rrfTufBuOAA ctiNU ddcfEhSeULL toFR eREhLLfcRnI-To DEFhCEcffTHuiaRooNNEdOHrl mueNAGGlFtN rnmeFhUICEEtcDnF eIhfDFeSEgSrT i TfeTc t cHCECCtshHeHyh -rYbYOcFIc CiReFfodBBhINroROI DnaEERsfuSslSM reRrRlSuFUcTaetmFMFOTouM hnSeRR dn gUESrtE EdeAAhe RRE RscC-UifUr CTCcoi cOrdDCDoHnOEos Nmf O sn t CNciFCemd DsNofcODIeueHiF nofFnmTr NstTAnTcIcHeuhDSdHeLHer mI EfU LR fIcceFoRiNEMhrrDouIDNRa sCnr EltFf tSGEl FRiOhfdeT EOi EnefU CSnStgU-RhOc CeERC esTNOC TYHccFOMHByo IbFN nDEMFeIsDRFErIuEFfTN FmRrTHReCaCHr uAEFE dcUF I ERoIeDR-n-SC cfSCTiodOT OmeS Mn mNEceMSCer U c e T T SFushoho oreua s mwwwtrfe ucSwwwo lewlor wwweOtiute ...hiEsssrxnc oooCtfao euuucoDrOrrrcmfccc eEiteeesahsC oootsitiseeeho D tecccnbo@ ddd oOaa...oobooolElek orrrCOggg cuiDsE///dtgs9 C.taco7oohDvin8viresaleg 9in binar2l.caonew6ebo a4laIliknTbe0rscd/ r5 o9ae-o6w7rn/ny598 i l8n7l9oiinn9n82fe ie96nb 2vg4os6i 0hoas4o5k et0us6rh,5vl5de ip68cs 5ue9eers8 ialeo9inn dtdkhic sifsa:r elslien a ktnr:i da lss,t aatsiskt iycoaul dr alibtarbaraiasens, .o r write to Online Identity Theft eCcEC c -yo -YOc bCn oBeN sO mrEu Sf mMmR rU eCe aFMrM ruO Rc dEcE eNA Ro eR cUS n-C hcU fDC aEoi dM lO mCel C NmneEO Hn ceRF Nger AI ecDCS cLs eyE UOL cbc NEMNo ehc NCrn aFyE fsGlbE IrR uDle Eaemr E EuCn Sfe -dNgr Or C Cea C eNsOc u-Y Eodc FcMB n o oIEe fDEMmn -i- dcRsEmC Ee oueNF OnRmm rR CcCceMm Ee ArEe eE -M cUr cc C EyccChoDEbOo-eanHRC e nlCMfcrAsClOihdfOueMLrEaeMnmNLlan gEelCuMcESereRdesHNn UE Cc gecAcGMRo-EyeoLncECsb EnLfoC eSEscRimErdeuH o f Cem-NCmCnrAcneYesGHaocOLrruBuemAEcL Nmd cEmeScEL eFo eRyeL rNcIn-Cbr DhEFcGfcecYaRoiNErodeElBmf nNAeGlcSrmneEfUChEa incedRCauDSgEereldFY ec n lc CECsReeBceyC n-Y-eOAcbEcCYcg oeBhUcNRoeBrOnayEsmDSFfslbEM rRmulR cUeRCaemroeFMAMunFrfOneRdgUrEcRrsEN Aeaeu DReARscu USm-c CoUdc cCUeDhCn oEorDeaOfM Omn -lCi cCdcNsmlCNEoOeeouHeSO RnnFnmmcrNAUfcgI NocemDiCSeeLdrMenSe sEeUOL scr ccUnEuNEyccMNhocbRmMoeNCaneFeE ne lf cGErECIrsclRiDhdfRue yEO rcaEenEbmC SloanN-gCeNeluO ncCrereFCOdCfesfnN OIi Ycr NdDEgeccFMoaeB-ye FoEuIncnEsb DEnMIdNCfoc eD-scRi EemrCdCOEeuEo fNFem-cmOREnNrNcnRyeCesa CMocSCbrEruAuEemecEU m-EMd Uc rmecC E eM ofC eDyEEercOr-n-brHE R-hC acfcecCMCaRuoiACOrodelOdOmMf nLelEMCc rmneNfeLM hEainOc-CMedESau RgMereNHl dU Ee n s ISBN 978-92-64-05658-9 -:HSTCQE=UZ[Z]^: 93 2009 02 1 P www.oecd.org/publishing Online Identity Theft ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT The OECD is a unique forum where the governments of 30 democracies work together to address the economic, social and environmental challenges of globalisation. The OECD is also at the forefront of efforts to understand and to help governments respond to new developments and concerns, such as corporate governance, the information economy and the challenges of an ageing population. The Organisation provides a setting where governments can compare policy experiences, seek answers to common problems, identify good practice and work to co-ordinate domestic and international policies. The OECD member countries are: Australia, Austria, Belgium, Canada, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Japan, Korea, Luxembourg, Mexico, the Netherlands, New Zealand, Norway, Poland, Portugal, the Slovak Republic, Spain, Sweden, Switzerland, Turkey, the United Kingdom and the United States. The Commission of the European Communities takes part in the work of the OECD. OECD Publishing disseminates widely the results of the Organisation’s statistics gathering and research on economic, social and environmental issues, as well as the conventions, guidelines and standards agreed by its members. This work is published on the responsibility of the Secretary-General of the OECD. The opinions expressed and arguments employed herein do not necessarily reflect the official views of the Organisation or of the governments of its member countries. Corrigenda to OECD publications may be found on line at: www.oecd.org/publishing/corrigenda. © OECD 2009 You can copy, download or print OECD content for your own use, and you can include excerpts from OECD publications, databases and multimedia products in your own documents, presentations, blogs, websites and teaching materials, provided that suitable acknowledgment of OECD as source and copyright owner is given. All requests for public or commercial use and translation rights should be submitted to [email protected]. Requests for permission to photocopy portions of this material for public or commercial use shall be addressed directly to the Copyright Clearance Center (CCC) at [email protected] or the Centre français d'exploitation du droit de copie (CFC) at [email protected]. 3 FOREWORD – Foreword OECD member countries understand the need to better address the challenges arising from misuse of the Internet. The “Future of the Internet Economy” project was initially presented to the OECD Committee on Consumer Policy (CCP) at its October 2005 and March 2006 meetings, with an invitation to the countries to participate. Recognising the close synergies with its past and future work programme in relation to this issue, the CCP, at its 72nd session in October 2006, agreed to provide input to the project. Cyber fraud was identified as the main theme to be examined, with a particular focus on ID theft; mobile commerce; user education and empowerment; cross-border law enforcement co-operation; and redress for individual victims on line. Unlike most of the subject areas identified above, ID theft is a new topic for the CCP to explore. This issue is indirectly covered by the 1999 OECD Guidelines for Consumer Protection in the Context of Electronic Commerce (“The 1999 E-commerce Guidelines”) (OECD, 1999), and the 2003 OECD Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders (“The 2003 Cross-border Fraud Guidelines”) (OECD, 2003). But ID theft has never been, as such, the subject of an in-depth study by the Committee. In light of the growing importance of this issue, at its 72nd session, the CCP requested the Secretariat to prepare an analysis of online ID theft, to better understand the concept and the extent to which it can affect consumers and users. ID theft is a cross-cutting problem that violates not only consumer protection rules, but also security, privacy, and anti-spam rules. Considering how best ID theft could be countered should be done under a multi- disciplinary approach. Thus, in preparing the initial scoping paper, the CCP Secretariat consulted with the Secretariat to the OECD Working Party on Information Security and Privacy (WPISP). The CCP Secretariat also established contacts with the OECD’s Working Party on Indicators for the Information Society (WPIIS) to examine how statistics could better measure online ID theft cases. ONLINE IDENTITY THEFT – ISBN- 978-92-64-05658-9 – © OECD 2009 4 – FOREWORD The resulting Scoping Paper on Online Identity Theft was discussed by the Committee on Consumer Policy (“CCP”) at its 73rd and 74th Sessions in 2007. It was prepared by Brigitte Acoca, of the OECD Secretariat, based on independent research and member countries’ input. It served as a basis for the development, in 2007 and 2008, of the CCP’s policy principles on online identity theft. The paper was declassified by the Committee on Consumer Policy on 9 January 2008, under the written procedure. The following book is based on The Scoping Paper on Online Identify Theft, and the CCP’s policy principles on online ID theft: OECD Policy Guidance on Online Identify Theft. ONLINE IDENTITY THEFT – ISBN- 978-92-64-05658-9 – © OECD 2009 5 TABLE OF CONTENTS – Table of Contents Executive Summary ......................................................................................... 7 Part I. The Scope of Online Identity Theft .................................................. 13 Chapter 1. The Problem Posed by Online Identity Theft ............................ 15 A new Internet landscape ........................................................................... 15 What is identity theft? ................................................................................ 15 ID theft’s main elements ............................................................................ 16 Chapter 2. Online Identity Theft: Tools of the Trade ................................. 21 ID theft based solely on malware ............................................................... 21 Key drivers of online ID theft: Phishing and its variants ........................... 22 Phishing techniques .................................................................................... 24 Phishing evolution and trends..................................................................... 27 What online ID thieves do with the data: credit card fraud and other abuses ....................................................................................... 29 Chapter 3. The Impact of Online Identity Theft .......................................... 33 Defining the victims ...................................................................................... 33 Victims’ direct and indirect losses ................................................................ 36 Are there more victims off line than on line? ................................................ 39 Remediation tools for victims ....................................................................... 40 Part II. Addressing Online Identity Theft ................................................... 45 Chapter 4. The Role of Government ............................................................. 47 How OECD countries currently define ID theft ............................................ 47 The option of criminalising ID theft.............................................................. 50 Public education and awareness campaigns .................................................. 51 Annex 4.1 ID Theft: Education and Government Initiatives in OECD Countries ......................................................................... 62 Annex 4.2 United States Initiatives to Combat Identity Theft ......................... 67 ONLINE IDENTITY THEFT – ISBN- 978-92-64-05658-9 – © OECD 2009 6 – TABLE OF CONTENTS Chapter 5. Private Sector Initiatives: What Role for Industry and Internet Service Providers? ............................................. 73 A serious private-sector threat ................................................................. 73 Annex 5.1 Private-Sector Initiatives to Educate Consumers about ID Theft............................................................................. 78 Chapter 6. International, Bilateral and Regional Initiatives ................... 81 International organisations ...................................................................... 81 International informal networks .............................................................. 84 Annex 6.1 Multilateral Instruments Addressing Online ID Theft ................ 98 Annex 6.2 United Nations Study on Identity Fraud .................................... 100 Chapter 7. Online Identity Theft: What Can Be Done? ......................... 105 Enhancing education and awareness ..................................................... 105 Dissemination of information ................................................................ 109 Co-ordination of education initiatives ................................................... 110 Authentication and data security ........................................................... 111 Electronic authentication ....................................................................... 111 Areas for further work ........................................................................... 112 Chapter 8. Conclusions and Recommendations ...................................... 115 Part III. OECD Policy Guidance on Online Identity Theft ................. 117 I. Introduction ............................................................................................. 118 II. Ways that education and awareness could be enhanced to prevent online ID theft....................................................................... 122 III. Data security ........................................................................................ 127 IV. Electronic authentication ..................................................................... 128 V. Further work .......................................................................................... 128 Glossary ..................................................................................................... 131 Bibliography .............................................................................................. 133 ONLINE IDENTITY THEFT – ISBN- 978-92-64-05658-9 – © OECD 2009 7 EXECUTIVE SUMMARY – Executive Summary Identity theft is an old misdeed, but the growth of Internet and e- commerce has taken it to a whole new level. Using widely available Internet tools, thieves go “phishing” and “pharming” to trick unsuspecting computer users into providing personal data, which they then use for illicit purposes. All of this is possible because face-to-face client relationships do not exist on the Internet. Establishing one’s real identity for online transactions is complicated, thereby making fraud easier. The potential for fraud is a major hurdle in the evolution and growth of online commerce. E-payment and e-banking services – the focus of this book – suffer substantially from public mistrust. In the United Kingdom, for example, a recent study estimated that 3.4 million people were unwilling to shop online owing to concerns about online security. Given the growth of online ID theft, many OECD member countries have taken steps to ensure that consumers and Internet users are adequately protected. These steps encompass various measures: consumer and user- awareness campaigns, new legislative frameworks, private-public partnerships, and industry-led initiatives focused on technical responses. Despite these initiatives, most countries have not sufficiently addressed the problem of ID theft, and online ID theft in particular. Thus, the scope, magnitude and impact of ID theft vary from one country to another, or even from one source to another within the same country. These differences reflect the need for a more co-ordinated response at both the domestic and international levels. The purpose of this book is threefold: (1) to define ID theft, both online and off-line, and to study how it is perpetrated, (2) to outline what is being done to combat the major types of ID theft, and (3) to recommend specific ways that ID theft can be addressed in an effective, global manner. ONLINE IDENTITY THEFT – ISBN- 978-92-64-05658-9 – © OECD 2009 8 – EXECUTIVE SUMMARY The tools of the trade As explained in Part I of this book, there are three main methods thieves use to obtain personal information via the Internet and/or individual computers: • Malicious software (malware) is surreptitiously installed into a computer or device − fixed or mobile − to collect the user’s personal information over time. • Computers or mobile devices are hacked into, or otherwise exploited, to obtain the user’s personal data. • “Phishing,” whereby thieves use deceptive e-mails to get users to divulge personal information, includes luring them to fake bank and credit-cards websites. These phishing messages, commonly distributed by e-mail spam, are also used to install malware on the computers of unsuspecting recipients. Phishing techniques are becoming more sophisticated and harder to detect. Some aptly named principal forms are: • “Pharming”: using deceptive e-mail messages to redirect users from an authentic website to a fraudulent one, which replicates the original in appearance. • “SMiShing”: sending text messages (“SMS”) to cell phone users that trick them into going to a website operated by the thieves. Messages typically say that unless users go to the website and cancel, they will be charged for services they never actually ordered. • “Spear-phishing”: impersonating a company employee/employer via e- mail in order to steal colleagues’ passwords/usernames and gain access the company’s computer system. ID thieves misuse victims’ personal information for a plethora of unlawful schemes. Typically, these involve: misuse of existing accounts; opening new accounts; fraudulently obtaining government benefits, services, or documents; health care fraud; and the unauthorised brokering of personal data. Challenges in addressing online ID theft Part II of this book outlines what is currently being done to address online ID theft at the domestic and international levels. There are ongoing efforts, but they are stymied by two major issues: ONLINE IDENTITY THEFT – ISBN- 978-92-64-05658-9 – © OECD 2009

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.