Impact of Identity Theft in E-Commerce

Info: 5446 words (22 pages) Dissertation
Published: 12th Dec 2019

Tagged: Information SystemsE-commerceSecurity

Share this: Facebook Twitter Reddit LinkedIn WhatsApp

ABSTRACT

In the world of today, where time is money and information is a corporate asset, protection of data confidentiality and integrity has become critical. Today, companies are focusing much more on how to secure their businesses from identity fraud, which has emerged as the modern day menace. As I found research on identity theft is rather limited. This research will provide more knowledge of the subject.

The aim of this research therefore was to find and assess the impact and the level of identity theft in e-commerce. This was achieved by using analytic induction from the existing research literature and analysis of feed back from the various business executives, industry specialists and company clients through a questionnaire.

After introducing identity theft and its impact on the corporate sector in detail, in the first two chapters with the data protection laws; it discusses their merits, demerits, controls and loopholes, the third chapter of this study delves into the methods and techniques used to prevent identity theft, it discusses in detail their efficacy, efficiency, implications and limitations while the last chapter is a case study of an organization where , existing data has been collected from various sources and has been critically analyzed and reviewed.

A quantitative method approach has been employed in carrying out this research, besides carrying out a case study of an organization

Moreover, aim to decrease the risk and effects of identity theft in e-commerce possible best practice techniques were identified through this research which was achieved through a study of existing literature which results the formation of a policy document. This policy document was also evaluated by industry experts.

INTRODUCTION

Like Mcleod and Scheel (2001) says, “e-business creates higher customer satisfaction, by providing quicker service, less effort to buy a product or service, and less business cost compared to a business run without the use of information technology (IT)”.

Internet is also called worldwide network of computers. It provides excellent opportunities for an organization to do their business online. To get more customers and to increase the public’s awareness of the business, it is very important to represent themselves on the Internet and their products, resulting in increased sales volume and higher profits. Security implications hold back the business. Nowadays, Credit card companies, banks and software companies’ work together to produce a broad standard to do safe online business. Whereas on the other hand System Hackers are trying to get as much information as possible, which they can easily sell in the black market. Some of the staff in companies also busy in selling their customer’s details in the same black market. Specific guidelines should be followed by companies to develop a safe and successful appearance in the online business.

Some critics like Professor Richard Walton CB, (2005) however quarrel, “The rise of the Internet and other modern technologies has brought about a fundamental change in commercial life. He further says that thieves have been stealing wallets and credit cards for a long time, but the growth of online buying and on-line banking has made Identify Theft the fastest growing white-collar crime in the U.K. and America, It’s a big problem, and it can happen to anyone”.

On the other hand, some people are disagreed that the major cause of Identity theft is internet. As per Thomas C. Greene (2005) he said, that “The vast majority of incidents can be traced to (what he calls) skimming, or dumpster diving, he goes further to say that plain stupidity among those who own our personal data are also contributive. Only a small fraction of such incidences result from on line transactions.” I found majority of research is on the topic of identity theft, which usually consists of some variations in the phrase “identity theft is the fastest growing crime in the United kingdom” or it begins with a quaint anecdote about the tens of thousands of identity theft victims that emerge each year.

According to a report published in the American angle, Anne P.Minz (2002) which says that the consumer sentinel network of agencies gathering data on e-commerce fraud, reports that in 2001 alone, there were 204,000 complaints, compared to 138,900 reported in 2000. It is noticeable that 47% increase demonstrates the growing nature of the problem. Figures such as the ones noted above are apparently disconcerting, in other to glean possible remedies which in turn demands for additional research on this issue.

There are so many occasioning of identity theft and different ways this may be consummate. The overheads and wounded are considerable to financial institutions as well as individuals, but the overheads are often difficult to reveal or enumerate, mainly for individual punter sufferers. If an individual is auspicious enough to avoid financial responsibility for the theft, in so many ways they still endure losses in different ways, which may not be substantial; most of the time the affecting damage is very heavy that some sufferers commend suicide while so many others hunt for therapeutic or psychiatric assistance. In an attempt to recover from the theft or loss, sufferer may end up costs more money and time.

These two must not be perplexed as theft resembles fraud in that and both engagedin some form of unlawful takings, but fraud requires an extra component of false pretenses formed to persuade a sufferer to turn over wealth, property or other services. Theft, by difference, needs only the illegal captivating of another’s possessions withthe aim to enduringly divest the other of the possessions. Harsh punishment is for fraud because of more planning is involved in that than does the theft.

However, for the use of this study we are going to focus on identity theft in e-commerce in accessing the effect on online business in UK.

Definition of Identity

Definition of Theft

“Theft” can be defined as per English Law act 1968 section (1). Subsection (1), that a person is guilty of theft if he is deceitfully appropriates property belongs to another with the purpose of enduringly miserly the additional of it; and that ‘steal’ and ‘theft’ shall be construed consequently. It is irrelevant whether the appropriation is made with a view to expand, or is made for the thief’s own benefit.

As per encyclopedia dictionary 2007, Sometimes theft is used synonymously with larceny as a term; however, we can say that, it is actually a broader term, encircling many forms of dishonestly taking of property, including cheating, double-crossing and false pretenses. Some states categorize all these offenses under a single statutory crime of theft. Property belonging to another is taken without that person’s consent will be assumed as theft, where Theft could be regarded as criminal act.

Sense of Identity Theft

In the Identity theft and assumption prevention Act of 1998 the term “identity theft” was first codified, where the act makes it as a “federal crime when someone deliberately uses or transfers, without legal permission, a means of identification of another person with the aim to commit, or to aid or support, any unlawful activity that constitutes a breach of federal law, or that constitutes a offense under any applicable state or local law.” In addition, the act defines it as a “means of identification” as “any name or number that may be used, alone, or in combination with any other information, to identify a specific person.” Identifying information is noted to be, surrounded by other things, passport number, a name, date of birth, driver’s license or national insurance number (NI), access device or telecommunication identifying information.

Identity theft may be broadly defined as the unlawful acquirement or the use of any aspect of an individual’s personal information for committing some form of criminal activity (Hoar, 2001; LoPucki, 201; Slosarik 2002). This definition is proposed to cover any type of crime that falsely uses a victim’s name, home address, bank account, credit / debit card number, national insurance number, date of birth, etc. (Federal trade commission, 2004)

Formal Definition of Identity Theft

Although the act of simply embezzlement one’s private information is an offense, the key factor to be notable here is that this information is then used to declare to be someone else. In other words we can say when someone else uses your identity as his own with the ultimate ambition for fiscal, material, and monetary gain.

The Internet, the evolution of e-commerce, online shopping, and wireless capability, the explanation of identity theft can be further extended to comprise such things as the hacking into the customer databases of large organizations; stealing of usernames and passwords; the theft and hacking of network login sessions; and onwards.

The development of e-commerce and particularly Wireless has compounded the problem of identity theft. Basically, it can happen worst yet to anyone, anywhere and at anytime, at variable edges in the way that information can easily be stolen. For example, Identity theft can occur by an individual simply rummaging through the trash cans at the local dumpster (the technically it is well-known as “Dumpster Diving”, and will be discussed later).

Identity theft can also happen at your workplace, particularly if you do most of your work through telecommuting over a wireless link. Suppose yourself sitting in a café at the train station, and while you are waiting for your train. Your laptop computer is connected to the “Hot Spot” or wireless link at the café, and you access your confidential customer data as well as an important work e-mail, but how do you know if the wireless link is for authentic? For example, there could be someone sitting next to you, and this person could have set up a fake wireless access point, and you unintentionally logged into that, thinking that you have really linked to a legitimate, safe and encrypted wireless link. Now, you can see that, this person has all the right to use your customer information, usernames and passwords as a result of that fake link, or “rogue” Wireless access link, And then you are completely unaware to all of this (this situation is well-known as “The Evil Twins”).

Nowadays, you can see every where there is always a case of theft of identity going on almost every day. First, it was simply stealing a Bank Account Number or 16 digits credit card numbers, but now this crime is going on a large scale, where it affects millions of people all at once. Some peoples working in companies where they are steeling and selling customers full details under the table. As according to the BBC world report – (March-2008) on local TV news, that HSBC Bank lost one data disk (compact disk) of their customer details.

As we move more towards a wireless and mobile world, people who launch identity theft attacks are becoming much more stylish in the manner in which these attacks are launched. We are also seeing a trend today where large corporations are becoming very complacent in protecting their customer databases from these attacks. There are also trends going on where small, Wireless devices with huge capacity are being used in identity theft crime, and private information is even sold during auctioning processes over the internet.

Definition of the term “Electronic Commerce”:

“Electronic Commerce refers generally to all forms of commercial transactions involving both organizations and individuals, that are based upon the electronic processing and transmission of data, including text, sound and visual images” (OECD, 1997),

“Electronic commerce is about doing business electronically. It is based on the electronic processing and transmission of data, including text, sound and video. It encompasses many diverse activities including electronic trading of goods and services, online delivery of digital content, electronic fund transfers, electronic share trading, electronic bills of lading, commercial auctions, collaborative design and engineering, online products (e.g. consumer goods, specialized medical equipment) and services (e.g. information services, financial and legal services); traditional activities (e.g. healthcare, education) and new activities (e.g. virtual malls).” (EC document, 1997)

“Electronic commerce is the carrying out of business activities that lead to an exchange of value across telecommunication networks” (EITO, 1997)

“E-commerce involves business transactions conducted through computer networks. The e-business literature deals with the technical facilities needed to run a business smoothly.”(Laudon and Laudon, 2000) “E-business creates higher customer satisfaction, by providing quicker service, less effort to buy a product or service, and less business cost compared to a business run without the use of information technology (IT)” (McLeod and Schell, 2001). Both of these approaches to e-business point to changes in the entire vision of a classical understanding of business.

Service industry’s challenges

Companies are using electronic funds transfer (EFT) for their customers as the fast and secure way of transactions, at present; there are two most excellent ways to handle money online: personal checks and credit cards, there are other fast and secure methods to exchange funds online. Electronic funds transfer (EFT) is another name for online money exchange. Here, the exchange of digital money is involved between buyers and sellers. In the front customer authorization is made over the Internet where Banks handles the transactions behind. To ensure higher level of security specialized authentication systems should be adopted. IDs and passwords are one of the most fashionable methods of data security are in use to access a server or Internet site, but these are often poor. To address this problem, Axent Technologies has developed hardware and software solution called Defender that creates unique, one-time passwords that cannot be guessed, shared, or cracked (Venetis, 1999).

“The system incorporates software on the user’s computer that communicates with the Defender Security Server on the other end. When the user connects with the server, a software token is activated that automatically establishes a dialogue with the server. A new password is generated during each session, removing any possibility that the user will forget to change his/her password on a regular basis” (Venetis, 1999).

This study aims not only to evaluate benefits of adopting secure solution to identity-theft, but also to see that what best practices should be adopted by the Companies, which add value to their online business. Through in-depth research, I will be able to examine why customers switch to new online companies for their shopping. I will see techniques other company’s uses to give confidence to their customers to retain them. Although there is a very limited research available on prevention of identity theft in e-business, but my aim is to study how I can contribute from the experiences of other company’s perspective. By using quantitative method approach, I will try to test the current literature available on the subject matter.

The study is based upon research conducted throughout the report from a variety of sources. The scope of the study is the assessment of tools, technologies and architectures that may involve in identify theft in e-commerce. As the scope of “Identity theft in e-commerce” is a diversified, so I have limited my research to online fraud detection and prevention methods.

Why this research?

The Literature provides insights into factors underlying the impacts of identity theft on e-business and failure results: customer’s lack of confidence, inappropriate variety of technologies structures, lack of ability to control and secure online businesses, lack of adoptable techniques and processes, but lack of study on how to secure online business.

Research Questions

To concentrate the research primary and secondary questions have been devised to establish a central path to guide the research.

PRQ:What technologies are currently in place to combat fraud and how do they work?

SRQ:Looking at previous fraud prevention techniques, have new technologies actually prevented and deterred fraud from the mainstream areas?

The past study on identity theft in e-commerce was not enough to solve the problems. As the cyber crime growing rapidly, it is very difficult to secure online business. The purpose of this dissertation was to investigate why the organization like XYZ UK Limited not able to continue their online businesses and what new techniques and best practices are in use by others to run their online businesses. What are the techniques that were appropriate for identity management and how well the organization (XYZ UK limited) complies with these

techniques? The quantitative data was collected through an online questionnaire addressed to approximately 50 business executives, partners, experts and consumers.

AIMS AND OBJECTIVES

This research emphasizes the issues in private company (XYZ-UK Limited) regarding the risk and impact of identity theft that company had faced while doing online business and also the problems they had been through in transactions, made on the Internet.

I will also put forward what new techniques should be adopted to increase more business and customer’s satisfaction. To see companies involved in e-business and how to overcome their problems. Adopt new techniques and ideas to have secure online business.

Following are research objectives:

To analyze, the affect of cyber crime on businesses and with its consequences on customer relationship.

Determine the protection level that the company has provided through its security

Policy to maintain the privacy of their customer’s sensitive information and determine it’s compliance with industry best practices.

To identify the reasons that results for the company in suffering loses and losing business opportunities and determining their plan to overcome those constraints.

Analyzing new strategies acquired by the company to achieve the level of protection and review their effectiveness in accordance with existing practices.

To provide opinion whether new methods for safe on-line business ensure customers’ satisfaction or need of improvement.

Organization of Research

This research is organized as follows. The first chapter, as noted, introduces the research and objectives. The second chapter provides the brief overview of literature on identity theft in e-commerce and describes the critical background identity theft associated with e-commerce., and third Chapter consists of Methodology. Chapter 4 Analysis of the findings of Survey as well as content analysis to assess the scale of the effect of these factors on e-commerce success as supposed. Chapter 5 is a policy document can be used as best practices.

CHAPTER2

Literature Review

“What’s my ROI on e-commerce? Are you crazy? This is Columbus in the new world.

What was his ROI?” (Andy Grove, chairman of Intel)

CHAPTER TWO

Literature Review

DEFINITION OF E-COMMERCE

Various definitions of e-commerce are there; the one given at this point is an attempt to relate to this research.

While, defining the term “Electronic Commerce” ranges from broad (EITO) to the very narrow (OECD), basically they are equivalent. A patent description of transactions rather than the scope of activities are there. A hurdle in drafting a precise definition of e-commerce is the continuing evolution of science and technology and its impact on ever-changing environment. (Civil Jurisdiction, 2002)

Some authors and authorities have obviously been some hard work on the result of identity theft to those whom their identity had been stolen; they were trying to see how identity theft can be avoided and possible ways to avoid one’s identity being stolen by the criminal specially in online business and to find what identity theft in e-commerce is about.

For instance, Mehdi Khosrowpour (2002) defines “identity theft is a form of hacking which results in possession of personal data and information by the hackers to masquerade as the true identity owners for future use”.

IMPACT OF CYBER CRIMES ON BUSINESS

E-commerce oriented Businesses are often having a fear that exposing security weakness gives the opportunity to hackers to penetrate into business sensitive information and do the damage. These concerns have shown to have negative impact on consumer attitudes toward using the Internet to make purchases. (Koufaris, 2002) The outcome is failure in doing business online. The losses can be divided into “direct” and “indirect losses”. The complete impact of identity theft is not completely understood so far, but latest researches importance the fast development and major costs linked with the offense have discussed and looking to solve it. Near the beginning debate around identity theft relied on subjective proof which is mainly reported by the popular press Identity theft is in many ways a more harmful act that can have continuous effects on major financial effect on merchants as well as on customers.

Recent studies have found that identity theft victims often suffer the same emotional consequences as victims of other crimes. The crime of identity theft can be difficult to track because it takes many forms and is used to facilitate other crimes, such as credit card fraud, immigration fraud, Internet scams, and terrorism.

“Identity fraud arises when someone takes over fictitious name or adopts the name of another person with or without their consent” Rt Hon David Blunkett MP (2002)

DIRECT LOSSES

“Direct losses can be defined as losses in terms of monetary value. Reflection of such costs can be seen as incorporated costs of the market incentives faced by such parties addressing the issue. Surveys conducted by experts show the range of financial losses that the businesses have suffered. Identity theft losses to companies are over two times greater whereas to consumers three times that are linked with conventional payment deception. Analysis of recent consumer surveys has suggested that while users may view the internet as a marketing channel valued for its convenience and ease of use for shopping, security and privacy issues are very influential on decisions to buy online”. (Smith and Rupp, 2002a, b)

In e-businesses associated fraud losses are also normally charged back to merchants. From the perspective of the credit card issuer, the cost of identity theft for illegally purchased products is most likely to be claimed against the applicable retailers by the credit card issuer. Internet merchants’ fraud-related costs are high, and when those costs are combined with growing consumer fears of identity theft it results in significant damage to the business. For consumers, the main impact of identity theft is the unauthorized use of their credit card accounts that could make them suffer financial losses. Corporate identity theft provides perpetrators to conduct industrial sabotage resulting in possible fines to businesses for breach of regulatory rules.

Another form of direct losses is the loss of data, according to studies data breaches cost companies losses in terms of administrative performance, management defections and loss of critical and sensitive business data as well as customer data. It will also allow consumers to sue if their personal information is improperly taken from online transactions (Tillman, 2002). It also results in cost overheads for companies to implement preventive measures and techniques. Additionally there will be costs for the recovery of loss-data. It also impacts the company to continue its business processes, above all companies may go out of business because of major data-loss.

One more category of direct loss is the loss of equipments and products, since it is very easy for id theft criminal to divert the delivery or shipment of goods by having unauthorized access to the place where it is convenient to pick it up.

INDIRECT LOSSES

There could be many indirect losses because of identity theft. For example, the time and resources spent on corrective action after the identities and personal information have compromised. However, the ultimate indirect loss, in this regard is, the loss of goodwill, company reputation, customer confidence and relationship with trading partners. Reputation is one of trustworthy behaviour and plays an important part in determining the willingness of others to enter into an exchange with a given actor (Grabner-Kraeuter, 2002, p. 48).

It has also estimated that businesses fear to accept large number of orders because of their susceptibility, especially they turn away overseas transactions and hence get to lose business. The combination of financial losses coupled with reputation and customer trust provide great level of damage to the e-businesses. In terms of reputation, it can said that any e-commerce scandal will become headline of news immediately and the media is always curious about such scandals, thus the publicity of any such incident ruins the company reputation largely.

Consumers always worry about their privacy. Many researchers have found that, a majority of internet users worry about spreading of personal data, because the person stealing someone’s data can use it to misuse the bank accounts, conduct a crime using the details of somebody else, can easily get away from worst situations or can even cross countries borders using fake identities, all of the above can create problem for the person whose identity has been used for all such crimes.

Liability issues are always in concern when companies are dealing with trading partners or doing the business within a country having strict laws for companies to be found liable if they do not protect their own and critical information of others. Theft of corporate identities may adversely affect morale of third party employees as well as the competitive advantages that a company may have with its trading partners. Using a network perspective, concerning interrelationships between people and organizations, economic relationships between organizations embedded in networks of social relationships (Galaskiewicz, 1985; Granovetter, 1985; Uzzi, 1997).

Improper handling of information can also take companies to court where they can held accountable for negligence and can face severe fines including imprisonments. Another aspect of indirect loss is the damage to the credit history of both customers and businesses. Businesses will no longer be able to obtain business loans to boost their business and also cannot obtain insurance benefits from insurance companies. Similar things happens to customers, once their history has been marked susceptible they cannot obtain bank loans, credit cards, health claims and even a better carrier.

In summary, the above psychoanalysis shows a picture what an individual or a business might suffer from if cyber criminals steal their identities.

E-commerce and Main Categories

Nowadays businesses are using heterogeneous computer environments to integrate their proprietary systems with the external world. Database servers and application servers supported with middleware to interface with online connections; these include HR management, supply chain management and customer relationship management.

Through electronic networks where the purpose is to achieve businesses, E-Commerce can be separated into major categories:

Business-to-Business (B-TO-B) relationship

Business-to-Customer (B-TO-C) relationship

Business-to-Government (B-TO-G) relationship

Consumer-to-Consumer (C-TO-C) relationship

Mobile Commerce (m-commerce) relationship

The two core categories are Business to Business and Business to Customer.

Business to Customer (B-TO-C)

B-TO-C e-commerce is a part of the business, which deals with commercial activities between companies and customers. Companies can easily make their strategies according to the needs and requirements of customers, based on analysis of customer’s statistics in this model, these statistics can be based on marketing, sales and customer service components (e.g. ordering, online assisting, delivering and customers interaction etc.).

E-tailing

The most common form of business-to-consumer (B2C) transaction is E-tailing. (Electronic retailing) It is the selling of sellable merchandise over the Internet.

E-Tailing: Revolutionary Trends in E-Business

Recent studies have found that 1997 was the first big year for e-tailing. Dell Computers claimed as they processed a multimillion dollar orders taken through their Web site. In 1996, was the success for Amazon.com welcomed Noble & Barnes to launch its

E-business site whereas, Commerce Net/Nielsen Media disclosed that 10 million customers had completed purchases on-line.

A systematic approach in this regard, needs a good combination of business strategies and dynamic networks. “The total of these structures is called a dynamic strategic network” (Dyke, 1998). One of the best examples of B-to-C e-commerce is Amazon.com, an online bookstore that launched its site in 1995. The benefits of B-TO-C e-commerce includes that it provides instantaneous communication between consumer and trader as well as products and services can be access globally and transactions happens in real time, whereas the risk includes, the confidentiality and privacy of customer’s information.

Business-to-business (B2B) and business-to-customer (B2C) transactions are used in e-commerce and is a type of online shopping.

Advantages of B2C e-commerce;

The subsequent advantages are: