Electronic Crime: Credit Card Fraud through Identity Theft
Introduction
Today’s technology develops so fast since as everyday passes, technological developments makes us depend more and more on it. Digital world makes our life easier and faster, while sitting at home wearing your pyjama you cannot do not only your work but also shop and buy your daily needs as if doing this from the shopping mall or supermarket and purchasing even the most luxurious and expensive things like used cars and jewellery.
Unfortunately, this is only the bright part of the truth. Deception, stealing, egoism and easy money are what some people are after, and those people are so clever, but they are using their cleverness in a bad way, a way that satisfies their ego. I guess the director of e-Truest Strategy and Computer Associate Mike Small was right when he said: ”technology will not solve all the problems, thieves are cleaver and will always find the weakest link, technology can only manage the pieces that its designed to manage… and the weakest point is people”[1].
Thieves noticed that the digital world has a lot more opportunities to those with enough determination, with low risk of prosecution and even after apprehension, prosecution may not follow because of the time needed to come up with new legislation or the geographical location of the crime itself. This is why many crimes emerged and developed using the digital world and the new technology available. One of the interesting crimes that I will discuss in this assignment is stealing identity and using identity theft to commit credit card fraud in the digital world. Specific questions subject to focus is this paper are what is an identity, how do criminals steal my identity, and what use do criminals get from the stealing other people’s identity.
What is identity?
Maybe Shakespeare was right when he said in Othello that he “who steals my purse steals trash; ‘tis something, nothing; but he that filches from me my good name robs me of that which not enriches him and makes me poor indeed”[2]. Identity theft is one of the common crimes of today’s world; a crime that can disrupt your life or even put you in jail.
Identity is valuable, which is the reason for its theft, especially with the ease in obtaining information and using this information online. Identity carries a transactional value since people engage and verify transactions using personal information comprising one’s identity. Some personal identifiers are common such as age and gender while others are unique such as fingerprints and DNA. However, the combination of identifiers can differentiate from one individual to another. Identity also has a financial value depending on the assets attached to an identity. Large bank accounts and other valuable assets linked to an identity carry greater financial value than identities not linked to financial wealth.[3] Like other crimes, there are motivations for identity theft. The potential gains from the transactional and financial value of identities comprise the motivations for identity theft.
The importance of information is exemplified by the loss of two cds containing the information of the child benefit claimants when this was posted using from an office of the HM Revenue and Customs intended to be sent to the National Audit Office. The information contained in the cds include the names, addresses, dates of birth, names of parents, gender, names of children, national insurance numbers, national insurance numbers.[4] The fact that information of this kind is being stolen means that the information is intended to be used to obtain claims or payments in lieu of the actual beneficiaries. The perpetrators can set-up bogus accounts and redirect payments to these accounts instead of the beneficiaries or claimants. Since the discs contain information of 25 million people, the amount of money that the perpetrators can obtain could reach billions if unstopped. In addition, securing information already exposed is difficult since personal information cannot be changed.
When this issue went public and caused concern, a television commentator downplayed the theft of the information and attempted to prove his point by publicising his account number and address. After this, he discovered that a debit account has been created in his name resulting to a transfer of £500 from his account. The purpose of Jimmy Clarkson in making public his account number and the means of obtaining his address is to prove that even with the exposure of the information contained in the stolen cds, the extent of concern is highly uncalled for.[5] However, as the events showed, electronic fraud comprises an actual concern because perpetrators, in committing identity theft to achieve personal financial gains actually engage all means to obtain information.
Access to personal information gives the criminal many choices in appropriating your identity, gaining access to bank accounts, which can help him in opening new or applying for new credit card or loan under your name and identity via the Internet. This is the simplest and the safest way for the criminal, because of an established account, so there is no need to go through the bank application process. While in some cases, where the identity thief sets out to become you; usually starting with birth certificate or social security number and then applying for other official document like driver’s licence and then he will be ready to open an account and using your name when committing crime. However, all of this depends on the amount of your information thieves can get, with the more information obtained, the greater trouble you will be in.
According to UK Government Cabinet Office in 2002, three basic elements comprise the identity of individuals:
1. Biometric identity is unique to every individual such as your fingerprints and DNA profiles.
2. Attributed identity is a person identity given at birth such as your name, date and place of birth, and address.
3. Biographical identity is the identity that builds-up over time such as your educational qualifications, employment history, and your interaction with organizations like banks and government authorities.[6]
However, even with these elements of identity, these do not serve as aggregate identifiers of individual identity since only one element of the three are used. The next important question is describing identity theft.
What is identity theft?
Identity theft pertains to the unauthorised access and utilisation of the personal information of another person for various illegal reasons. This has become a common occurrence in many jurisdictions. In the United Kingdom, this pertains to identity fraud, which involves the simulation of the identity of an individual or business or the creation of new fabricated identities using stolen identification information. In the United States, identity theft involves the assumption of another person’s identity for financial and other gains. Although stolen identity finds use in many ways, personal financial fraud has become the dominant use of stolen identifying information. Personal financial fraud can cover the takeover of one’s credit accounts or the establishment of new credit accounts by another person using one’s personal information without one’s knowledge or acquiescence.[7]
Online transactions or phone transactions are vulnerable to identity theft for credit card fraud because transactions occur without the presence of the credit card owner so that transactions are verified by requiring information such as account name, account number and other personal information. As long as the customer gives all the required information, the transaction is allowed. There is no way for an electronic system or sales agents to determine whether the person using the credit account is actually the owner unless key information was not given. Since details of personal and credit accounts can be obtained by hacking websites, conning, and skimming or keypad overlay, other people can simulate the card and account details in committing fraud.
An underlying assumption of identity theft is the value of personal and account information that was enhanced because of the popularity of online credit card transactions. Due to the value of information, a number of ways emerged in order to obtain and use unauthorised information in self-serving transactions to the detriment of the true account holder. Information becomes useful in assuming the identity of the account holder in engaging in online transactions such as making purchases or obtaining loans that are credited to the true account holder but the benefit redounds to the perpetrator.
Identity theft constitutes a serious problem for individuals whose identities can be the object of theft by using their credit cards for online transactions. With the increasing incidence of identity theft on a global scale, especially with innovative thieves, the threat to individuals, also escalate. The incidence of identity theft has been increasing over the past years resulting to the accumulation of costs. In the United Kingdom, the annual cost of identity theft has reached £1.3 billion while in the United States, reports showed that losses or costs has reached .6 billion, which if distributed translates into a loss of ,383 for each victim. A survey showed that the annual cost of identity theft reaches up to billion every year from the unauthorised use of credit cards alone.[8] This means that even while identity theft for credit card fraud comprises a newly emerging crime, it has made a significant impact.
Apart from the growing threat of identity theft on a global scale, jurisdictions have not been able to develop policies to protect the identity of individuals and business firms and prevent identity theft. In Europe, the European Commission has implemented a three-year plan intended to decrease the incidence of credit card fraud but this has not been able to decrease the incidence or the losses from credit card fraud. In the United States, credit card information remains as easily obtainable by hackers as shown by the coordinated attacks of 40 American websites.[9] Without effective protective and preventive policies on identity theft, businesses and individuals continue to experience the threat of identity theft, especially information on their credit card accounts.
In addition, there is also little understanding of identity theft and credit card fraud among individuals since some victims do not see themselves as victims of identity theft. The non-recognition of identity theft by a significant number of the people reported as victims does not consider the necessity of reporting their case to the law enforcement authorities. A significant percentage of reported victims also do not express concern over future victimisation.[10] With the lack of understanding of individuals and firms of identity theft and the concurrent complacence about the situation, this makes it easier for thieves to prey on unsuspecting targets.
The situation has resulted to different perspectives of identity theft. One view of identity theft is that this is the downside of online information economy. As such, identity theft constitutes the by-product of an economy supporting instant credit through the ease in opening credit accounts and using credit cards for online transactions. Another perspective of Identity theft is the result of the exploitation of the transactional utility of the Internet resulting to the electronic flow of private or personal information. As such, fraud emerges with the exploitation of Internet transactional functions.
After describing identity theft and the severity of identity theft as a problem, the next question is on the manner that criminals get access to this information and the manner that the abuse of the digital world helps criminal to get this information.
How is identity theft committed?
Identity theft usually used in credit card fraud occurs in a number of ways, such as: 1) hacking; 2) phishing; and 3) skimming[11]. Stolen information is used in making and verifying online purchases and other transactions to the detriment of the individual whose identity has been stolen. Thieves steal your identity through these means.
Hacking
Hacking is the unauthorised access to the information of individuals through websites by knowing where to look and using software. This relies on the loopholes of website security and the ease in obtaining credit card information. Hackers usually look for unsecured and low security websites since information is easer to obtain in these sites. The hacking of 40 websites in the United States has shown the ease in obtaining personal financial information through the Internet. Apart from the ease in obtaining credit account information, the information easily accessed by hackers not only include the credit card account name and number but also other personal details such as age, address, and similar information that allows hackers to simulate a person’s information details in using another person’s account or opening a new credit account.
MSNBC reported another case of identity theft through hacking when a software firm based in Russia sent detailed reports to the company on the manner of viewing around 2,500 credit card accounts and details from websites using only a tool commonly available in the market. Sure enough, the investigation of the process proved its effectiveness in obtaining credit card information from retail websites. This brought to the attention of the public the ease in securing credit account information from transaction-based websites.
The arrest and plea of guilt of a teenager from Welsh exemplified the ease in obtaining information from the net. The teenager used software to break into the security code system of websites and access information sent to the website for the facilitation of transactions, especially purchases and bank transactions. During his arrest, he was able to accumulate 26,000 credit card details. This resulted to £1.8 million representing costs involved in replacing credit cards, repairing Internet sites to incorporate security measures, and compensating individuals who have become victims of credit card fraud. This expressed the ease in illegally obtaining information from the website.[12]
CD Universe’s online retail site was also hacked but the firm was able to catch on the hacker and refused to make payment worth 0,000 to the hacker. The hacker obtained 300,000 credit card data from CD Universe website and used the information to make purchases and seek refunds. The bulk of the amount and the uniform pattern made CD Universe suspicious and although the payment involved many credit card accounts, the firm did not make payment. Due to the refusal of the online retailer to make payment, the hacker posted 25,000 credit account details on the web. Most of the credit cards required replacement to the inconvenience of the credit account holders. Prosecution did not push through because of failure of the online retailer to document electronic evidence.[13]
Other cases involved the breach in the security system of a leading Internet service provider resulting to the theft of 24,000 credit card accounts of individuals including defence scientists, government officials, and top executives of BBC, Barclaycard, Halifax and Shell. Although the hacker claimed as defence the testing of the site to expose loopholes in the Internet service provider’s system, this meant that regardless of the intention, people with sufficient knowledge of online systems could access credit card information for appropriation. CreditCards.com, Egghead.com, and Travelocity are online firms that have been hacked and realised that their online system were not sufficient to prevent the exposure of the credit card account details of their consumers.[14]
Phishing and the Nigerian Scam
Another way of committing identity theft is phishing. Identity theft is committed by conning credit account holders. This is usually committed by sending emails that appear to be from respectable institutions such as government offices, banks, or business establishments asking the recipient to provide information in order to update the person’s information details or confirm information details as part of security measures. By asking recipients to reply to these emails, information can be easily obtained even without knowledge of hacking methods and with account holders unaware of their participation in the fraud.[15] This falls under identity theft by conning people. This is exemplified by the case of Barclays in 2003, when emails were sent to the clients of the banks informing them of the installation of new security measures and requiring the clients to reactivate their bank accounts by following the link provided in the email. The link directs clients to a site that is not connected at all to Barclays and collects personal and account information used in simulating credit cards. A similar case occurred in 2004 when emails were received by City Bank clients informing them that the bank has blocked a number of accounts suspected of being used in money laundering. The email asked the recipients to log in and check their accounts at the given link.[16] By keying information at the website link, information is easily obtained.
One version of phishing is the Nigerian scam, which was also accomplished through emails. The most popular version of the Nigerian scam involves an email explaining that businessmen or former government officials want to transfer funds out of the country but they need an outside account for this. A percentage of the money transferred to the account will be given to the account holder. However, the recipient is asked to provide blank letterheads, account numbers and other personal information needed in the transfer, and even send money to cover the transaction cost. After these are given, no follow-up emails or calls will be received.[17]
Emails could be used to facilitate identity theft and credit card theft. According to Mailfronters, a firm monitoring emails and offering email security systems to online firms and Internet service providers, at least 2 billion span emails flow through the web daily. This constitutes a greater bulk of email that exceeds even the legitimate emails.[18] Card not present fraud is accomplished through emails by using seemingly legitimate fronts to entice individuals to willingly provide their account and personal information.
Information sought to be obtained through phishing include the account name, bank branch, address, and other information useful in verifying fraudulent transactions such as in making purchases online using another person’s identity or transferring money from another persons account to another account. For sure, once account information has been obtained, the thief would likely max out the credit card to the detriment of the true account holder.
Keylogging and Spyware
Another means of committing identity theft is through keylogging and spyware. Keylogging pertains to the process of utilising hardware or software as devices for recording information typed on the computer keypad and then sending this information to the party putting in place the keylogger hardware or software or saving the information for retrieval later. The extent of information achievable through keylogging is limitless because of the wide range of information that can be keyed in from email username and passwords together with account and personal information in case the user engages in online transactions requiring the keying in of these types of information. Keyloggers can be detected by searching for keyloggers on one’s personal computer. There are also anti-keylogging software used to detect and remove software keyloggers. Hardware keyloggers determined by inspecting computer hardware. Certain types of viruses such as Trojan can facilitate the installation of keyloggers in computers when emails containing this virus are opened. [19]
Spyware also facilitates card not present fraud. Spyware pertains to computer technology that supports in the collection of information regarding an individual or business without knowledge or authorisation. This is a software or software component that when installed in computers are able to track and save personal information from passwords to other personal information when filling up online forms or accessing accounts online. Spyware installation unknowingly occurs in downloading legitimate or useful software embedded with spyware or through the opening of files or websites with viruses with spyware components. Spyware can also affect computers through pop-ups that people download with out knowing about it. The existence of spywares in the computer can be detected only by running anti-spyware and anti-virus programs.[20]
Keylogging facilitates card not present fraud by allowing perpetrators to obtain information through keylogging hardware, software and systems. Computer and Internet technology carries the loophole of enabling keyloggers to invade computers without affecting the operation of the computer. This means that computer users unaware of keyloggers could easily fall prey to keyloggers in keying in their personal and account information retrievable by the keyloggers.
The use of keylogging to perpetuate identity theft and credit card fraud is exemplified by the Kinko’s case. A person installed keylogging software in 14 internet cafes of Kinko’s to track and record usernames and passwords keyed in the keyboard. Through keylogging, the individual was able to obtain 450 online banking usernames with passwords. Stolen information was sold through the internet and used to open online bank accounts.[21] Keylogging commonly happens in publicly shared computers in coffee shops or other computer access shops and thieves prey on unsuspecting people engaging in online banking transactions in internet cafes or shops.
Skimming
Skimming is copying credit card details when customers make payments with their credit cards by swiping the card through a portable device different from the firm’s swipe machine. In 2006, Shell petroleum stations cancelled the use of credit card payments after deriving information that a number of credit card customer accounts have been hacked. Association for Payment Clearing Services (APACS) has reported that the theft of credit card accounts is likely to be an inside job, likely accomplished through skimming. Information stolen from Shell customers included the name of the owner of the personal account, credit card number, and expiry date. As such, Shell customers found records of purchases on their credit card bills that they do not know about.[22]
Skimming is committed by obtaining information stored in the magnetic strip of credit cards apart from the pin number entered in the card-swiping machine. At the back of the credit card is a black or brown strip. This contains credit account information of the owner so that this is the part of the card important to identity thieves. Information derived from the magnetic strip of credit cards are used in cloning cards or selling card details through the Internet or using the information in transactions via phone or the net.
Skimming can be done through the card cleaner method, which involves the information theft using automated teller machines. This is done by placing a thin strip of keypad overlay over the ATM that copies the pin number keyed in. After a credit card replica has been made, people can now use the credit card in withdrawing money from ATM machines or using the card in non-personal transactions. [23]
Does ‘chip and pin’ save your identity?
A number of specific solutions have emerged in the previous years attempting to address the credit card fraud. One solution is ‘chip and pin’, which pertains to the utilisation of four-digit number for verification instead of a signature. The reason for the development of the ‘chip and pin’ is to make sure that credit card holders are the real owners of the credit card account. Identity verification is made by entering a pin number. This was intended to address the issue of identity theft and credit card fraud. In making credit card transactions, the four-digit pin has to be used in validating the transaction. However, ‘chip and pin’ does not utilise encrypted data in the magnetic strip, which means that the recipient of the information is able to capture data even the pin entered into the swiping device. This makes it easier for people to retrieve information. In addition, the ‘chip and pin’ solution has not been adopted globally and with the popularity of online transactions, even a pin number cannot actually verify the identity of the user.[24]
The ‘chip and pin’ system has a number of loopholes. One is the design of the swiping devices that accompanies the ‘chip and pin’ credit cards. Most of these machines used by retailers are hybrid terminals that read not only the pin number keyed in but also the data stored in the magnetic strip. This means that these machines read information more than what is necessary to complete the transaction. This became a vulnerability of the system. However, the use of hybrid machines was necessary in allowing transactions with foreign banks so that reverting to a non-hybrid system is not also a viable solution. Another is the lack of a global standard for ‘chip and pin’ transactions that would enable the enhancement of the system to include security measures on a global scale. Without a global standard, collective security action becomes difficult.[25]
An example of the weakness of the ‘chip and pin’ strategy is the suspension of the use of this device in 600 Shell stations when the company found out that £1 million in total was stolen from the accounts of a number of customers. This occurred because people posing as engineers testing the equipment applied a keypad overlay in the ‘chip and pin’ devices giving them access to the credit card information and pin codes.[26] There were suspicions of an inside job in the case of Shell. This means that the placement of accomplices within establishments also constitutes a weakness of the ‘chip and pin’ solution since credit card information since even without a keypad overlay, skimming can allow people to obtain the credit card information of customers by swiping the card in data reading terminals separate from the legitimate payment machines.[27]
At the rate that development in the ‘chip and pin’ strategy is going, this does not comprise a long-term security solution to card not present fraud through identity theft. The ‘chip and pin’ solution is not a guarantee against identity theft.
What is the solution to identity theft?
Since identity theft for credit fraud emerged because of the motivation of the enhanced value of information in the Internet age, addressing this problem involves the removal of motivation for this type of fraud exists. First is through the minimisation in the motivation of offenders to steal information and commit credit card fraud. This can be done by securing websites and developing security measures that address known security threats. However, this is a continuing task since perpetrators are constantly looking for security loopholes. In addition, removing the motivation could also involve the development of regulations on the investigation of electronic fraud cases together with the implementation of laws including penalties in card not present fraud. Second is the educating and informing potential targets as a precautionary measure. By doing so, the awareness of the public would result to greater difficulty in obtaining information since people will practice security measures in sharing information online. Third is by limiting crime opportunities by making identity theft more difficult by improving innovative security measures and enhancing the criminal law system to cover electronic fraud.
‘Chip and pin’ could be part of the solution but this requires global acceptance of the removal of the magnetic strip to prevent identity theft. This solution depends on the cooperation of other jurisdictions such as the United States that has not yet acceded to the removal of the magnetic strip in credit cards. The use of card security code (CSC), which is the three-digit number in the back of the credit card when shopping online, can also contribute to the solution. This is not stored in the card’s magnetic strip or printed in the receipts so that this code is more difficult to obtain. However, this does not prove the cardholder’s identity since this only determines whether the credit card is physically available.[28] Address verification service (AVS) could be another solution to identity theft that works by comparing the number in the billing address entered with the address on file with the card issuer. This can help in preventing card not present fraud but this is not 100 percent reliable since people can change their address or make purchases in different locations.
A combination of the three aspects of identity can offer a greater security measure for electronic or phone transactions. This means that instead of just asking for security or pin codes from consumer, other information could be obtained such as address or birthday as a secondary security measure. However, this means that the three forms of information become accessible to retailers or other entities with which individuals transact to allow them to verify the information being given by customers. In addition, biometrics database are not yet fully operational or networked in many jurisdictions. Nevertheless, the growing practice in online transactions is the use of secret question and answers that do no necessarily involve detailed personal information. Secret question could be anything from name of pet to favourite colour. This may seem over simplistic but unless global information security standards are in place that provides security measures that establishes a high security database system that combines the three aspects of identity, identity theft would remain a problem although the implementation of short-term security measures could lessen the problem.
As such, the problem of card not present fraud through identity theft in electronic transactions extends even beyond technological innovations. This means that while efforts are being made to innovate on credit card security systems, there should also be concurrent developments in criminal law in the form of the enactment of laws covering electronic fraud based on an understanding of the nature and severity of the issue. This should also be reinforced by training in electronic fraud investigation of law enforcement authorities to increase the rate of apprehension and prosecution of people engaging in identity theft to perpetuate card not present fraud. It is only through the coordinated developments in technological innovation and criminal justice that this new breed of fraud can be minimised if not controlled.[29]
Conclusion
Electronic crime has a new strain, which is card not present fraud through identity theft. This new strain of electronic fraud emerged because of the popularity of online transactions that involve the provision of card security numbers as verification of the transactions. Information achieved great value since the simulation of account information enables perpetrators to use information to complete online transactions even without presenting the card or showing their faces. The escalation of the problem came about because of the multiplying number of cases involving not only the exposure of personal and account information but also the theft of money from the accounts of individuals and firms. Identity theft to commit card not present fraud became possible because of loopholes in the security measures applied in electronic transactions that allowed conning through emails, phishing, keylogging, and spyware use intended to draw information from unaware individuals. Solutions have been introduced such as ‘chip and pin’ and biometrics. However, since this new strain of electronic fraud is not merely a technological but also a criminal justice problem, a long-term solution involves not only developments in technology-based security but also legal developments in criminal investigation and prosecution to serve as stringent disincentives for electronic crimes.
References
Bown, J. (2006, May 14). Chip and pin ‘makes fraud even easier’. Times Online. Retrieved March 4, 2008, from http://business.timesonline.co.uk/tol/business/money/consumer_affairs/article717598.ece.
Clark, L. (2006, June 13). How safe is chip and pin technology?. ComputerWeekly.com. Retrieved March 5, 2008, from http://www.computerweekly.com/Articles/2006/06/13/216347/how-safe-is-chip-and-pin-technology.htm.
Clarkson stung after bank prank (2008, January 7). BBC News. Retrieved March 4, 2008, from http://news.bbc.co.uk/1/hi/entertainment/7174760.stm.
Chip-and-pin weakness is revealed (2007, February 6). BBC News. Retrieved March 4, 2008, from http://news.bbc.co.uk/2/hi/uk_news/6333929.stm.
Donnelly, A. (2000). Online credit card fraud outpaces physical world. Computer Fraud & Security, 10(1), 9.
Dwan, B. (2004). Identity theft. Computer Fraud & Security, 2004(4), 14-17.
Federal Trade Commission. (2003). The “Nigerian” Scam: Costly Compassion. Retrieved March 4, 2008, from http://www.ftc.gov/bcp/conline/pubs/alerts/nigeralrt.shtm.
Hamadi, R. (2005). Identity theft: What it is, how to prevent it, and what to do if it happens to you. London: Vision.
Lininger, R. & Vines, R. D. (2005). Phishing: Cutting the identity theft line. Indianapolis, IN: Wiley.
Marron, D. (2008). ‘Alter reality’: Governing the risk of identity theft. British Journal of Criminology, 48, 20-38.
May, J. (2004). Guide to preventing identity theft: How criminals steal your personal information, how to prevent it, and what to do if you become a victim. Pontiac, MI: Security Resources Unlimited, LLC.
Riem, A. (2001). Cybercrimes of the 21st century: Crimes against the individual – part 1. Computer Fraud & Security, 2001(6), 13-17.
[1] Dwan, B. (2004). Identity theft. Computer Fraud & Security, 2004(4), 14-17. p. 16
[2] Weisman, S. (2005). 50 Ways to Protect Your Identity and Your Credit: Everything You Need to Know About Identity Theft, Credit Cards, Credit Repair, and Credit Reports. New York: Prentice Hall. p. 1
[3]
[4] Clarkson stung after bank prank (2008). BBC News. Retrieved March 4, 2008, from http://news.bbc.co.uk/1/hi/entertainment/7174760.stm.
[5] See Above
[6] Hamadi, R. (2005). Identity theft: What it is, how to prevent it, and what to do if it happens to you. London: Vision. p. 5
[7] May, J. (2004). Guide to preventing identity theft: How criminals steal your personal information, how to prevent it, and what to do if you become a victim. Pontiac, MI: Security Resources Unlimited, LLC. p. 2
[8] Marron, D. (2008). ‘Alter reality’: Governing the risk of identity theft. British Journal of Criminology, 48, 20-38. p. 20
[9] Riem, A. (2001). Cybercrimes of the 21st century: Crimes against the individual – part 1. Computer Fraud & Security, 2001(6), 13-17. p. 13
[10] Marron p. 21
[11] Riem pp. 14-15
[12] Riem p. 13
[13] See Above
[14] Riem p. 13
[15] Hamadi p. 150; Dwan, B. (2004). Identity theft. Computer Fraud & Security, 2004(4), 14-17. p. 14
[16] Hamadi p. 151-152
[17] Federal Trade Commission. (2003). The “Nigerian” Scam: Costly Compassion. Retrieved March 4, 2008, from http://www.ftc.gov/bcp/conline/pubs/alerts/nigeralrt.shtm.
[18] Lininger, R. & Vines, R. D. (2005). Phishing: Cutting the identity theft line. Indianapolis, IN: Wiley. p. 25
[19] Lininger & Vines p. 109
[20] Lininger & Vines p.122-123
[21] Hamadi p. 163
[22] Bown, J. (2006, May 14). Chip and pin ‘makes fraud even easier’. Times Online. Retrieved March 4, 2008, from http://business.timesonline.co.uk/tol/business/money/consumer_affairs/article717598.ece.
[23] Hamadi p. 83
[24] Bown, J. (2006, May 14). Chip and pin ‘makes fraud even easier’. Times Online. Retrieved March 4, 2008, from http://business.timesonline.co.uk/tol/business/money/consumer_affairs/article717598.ece.
[25] Clark, L. (2006, June 13). How safe is chip and pin technology?. ComputerWeekly.com. Retrieved March 5, 2008, from http://www.computerweekly.com/Articles/2006/06/13/216347/how-safe-is-chip-and-pin-technology.htm.
[26] See Above
[27] Chip-and-pin weakness is revealed (2007, February 6). BBC News. Retrieved March 4, 2008, from http://news.bbc.co.uk/2/hi/uk_news/6333929.stm.
[28] Hamadi p. 100
[29] Donnelly, A. (2000). Online credit card fraud outpaces physical world. Computer Fraud & Security, 10(1), 9. p. 9
s
Credit:ivythesis.typepad.com
0 comments:
Post a Comment