Privacy and Identity Theft: Risk Factor Analysis

An individual’s personal information is the key to their identity. Therefore it is a valuable commodity and must be protected. However, there are a lot of involved factors. Technology has completely changed the way we interact with the world around us. The consumer market has exploded with various devices and we are living in an interconnected environment where most of the devices have a digital presence and also the ability to communicate with other objects and people. The number of interconnected devices essentially means they will collect, store, transmit as well as share huge amounts of data, some of it highly personal. Therefore, although these new developments have brought enormous benefits to consumers they have also opened up a lot of privacy and security issues. These potential risks need to be analysed and measures should be enforced to contain them.

When there is unauthorized access to or the collection, disclosure, use or disposal of personal information, it is referred to as a privacy breach. The most common type of privacy breach occurs when the personal information of customers, clients, employees or patients is stolen lost or mistakenly disclosed. For example, when computer containing information of employees is hacked or confidential information is mistakenly emailed to the wrong individual.

When an intruder gains unauthorized access to an individual’s personal information such as name, social security number, bank account information etc. and uses it to commit fraud or other crimes, it is referred to as identity theft. The intruder can commit various frauds using this personal information such as applying for a credit card under the individual’s name and then racking up colossal charges to poaching up his or her tax refund. In some cases, the identity thieves completely assume the unsuspecting person’s identity, obtain identification bearing their name and may also commit crime posing as that person. It is therefore evident that the repercussions of identity theft are terrifying and can cost a lot of money as well as create confusion in an individual’s life.

A report by the Federal Trade Commission estimates that almost 9 million Americans experience some type of identity theft each year. However, this number is subject to fluctuations as both crime fighting methods and the tactics that criminals employ for stealing identity evolve over time. The most common types of thefts occur in the following areas:

The financial implications of identity theft are huge and lead to billions of dollars in losses each year. The main causes of this theft are related to technological and social factors. More than 70% of ID thefts are committed by insiders using techniques such as phishing and social engineering to steal personal information. The security systems that are currently in place cannot provide effective protection. Password or card based systems are highly vulnerable to intruder attacks and also risk being shared or stolen.

The yearly cyber-crime cost in the United States is over 300 million and it keeps on rising. In this context, identity theft is a growing problem affecting businesses and millions of individuals as of today. It can ruin people’s bank accounts, destroy their job opportunities and can even get them kicked out of their homes. Its victims face significant credit card bills and also have their credit history destroyed. It accounts for over 80 percent of the social security number misuse reported to the social security administration. Victims may face difficulty in securing a job or buying a home, or even worse. They could also face arrest for crimes that an impersonator has committed in their name.

The effects of privacy breaches are far reaching and sometimes irreversible. It has been fraudulently used to obtain drivers’ licenses, employment benefits, receive government benefits and welfare as well as to evade criminal prosecution. Thus it is a problem that indirectly affects every individual in the society because it causes the interest rates to increase to make up for the industry’s losses.

The increased connectivity between devices and the internet and how it is utilized by individuals to manage their social and personal lives may create a number of privacy risks. With desktop or laptop computers that are connected to a network, the absence of efficient security mechanism can enable intruders to access personal information and misuse it or transmit it to other device. If intruders gain control of a device, they may exploit vulnerabilities of that device to facilitate attacks on the customer’s network or enable attacks on other such systems.

Other privacy risks include the collection of crucial personal information of individuals such as financial account numbers, precise geolocation, health information etc. These risks are associated with the use of traditional internet and mobile commerce. Passwords, PINs and tokens are the common ways to access online accounts and for conducting financial transactions. But these methods prove feeble to a hacker’s sophisticated techniques. These traditional mechanisms have several vulnerabilities that are exploited by intruders to facilitate identity theft and fraud.

Phishing is a social engineering technique in which the attacker attempts to acquire the victim’s sensitive information by impersonating a trustworthy third-party such as social networks. These are the main sources for mining information about potential victims. As social networks related phishing messages are attractive to people, thieves use them in up to 25% of identity theft related crimes. They use the same logos and colors of the trustworthy organization. So individuals are not reluctant to open these messages and might get tricked to divulge their password or PIN. If a fraudster gains access to an individual’s password, he can use it to send mails, access his account and make online purchases. The damages could be huge and irreversible.

While some modern technologies have made consumers vulnerable to privacy breaches, others have enhanced data security and helped to prevent identity theft. The most prominent and reliable among these prevention mechanisms is biometric technology. It is one of the most accurate and reliable method to protect sensitive personal information. This technology authenticates people based on their based on their unique physical or biological characteristics such as fingerprints.

Biometrics is no longer the fodder of Hollywood spy movies and has now trickled down to the consumer level. More and more consumers are now unlocking their phones or laptops with their fingerprints. Organizations like hospitals have implemented it to reduce the risks of medical identity fraud. Implementing biometric systems can help curb frauds as they authorise access based on the individual’s unique fingerprint pattern. A hacker can hack a person’s PIN number but it is practically impossible for them to steal a person’s fingerprint.

The recent advances in computer science have resulted in fingerprint recognition devices that are highly reliable and less expensive to own. These devices can be used in all access control instances which necessitate a living person to be authenticated. Fingerprint technology ensures positive verification of the person accessing the information, confidentiality of the information in transit or in storage. It also has other features such as non-repudiation of acts or transactions. An action can be very well traced back to the individual using his fingerprint and therefore it acts as a strong deterrent to identity theft.

As compared to passwords or PINs, fingerprints are highly convenient, non-intrusive and have reduced administrative costs. A fingerprint scanner typically performs authentication and verification in stages. In the enrollment stage, the scanner captures the unique patterns of the fingerprints and converts it into a template. This is then encrypted and stored in a database which will be subsequently used for matching purpose. Only when the presented fingerprint matches the stored template access will be granted.

The success of biometric technology and the security that it provides has made it popular among various sectors. The rise in hacker activities has also fuelled interest. Various agencies of the federal government have embraced this technology and the U.S. Army’s Biometrics Department goal is to replace passwords with fingerprint recognition to enable defence personnel to obtain access to their computer networks.

If a hacker gets access to a database of passwords, it might compromise many systems and create huge losses. However, the biometric identity templates that are stored on a server are extremely difficult to compromise. This is because the actual images are never stored at all. The templates are actually a mathematical representation of the data points that an algorithm extracts from the scanned fingerprint. At any point, no image is ever stored or transmitted across the network. Moreover, the algorithm is one way which means that the original fingerprint image can never be extracted from the fingerprint template. It is simply a binary data file i.e. a series of zeroes and ones. Therefore, it is impossible to reverse engineer this data and steal an individual’s biometric identity.

In the online world, information privacy is a very important matter and is generally defined as an individual’s right to have some control over how their personal information is collected, shared or used. The failure to prioritize this issue can lead to the unwanted exposure of information which can then be used to commit identity theft. Fingerprint identification is a technique that can mitigate the current identity theft crisis as it can positively verify and authenticate individuals.