MANAGEMENT INFORMATION SYSTEMS

The Effect of Identity and Data Theft on Computer Systems

The Effect of Identity and Data Theft on Computer Systems

Abstract

Identity theft is the fastest growing crime in America, and millions of people become victims each year. Furthermore, identity theft costs corporations over $20 billion per year, and consumers are forced to spend over $2 billion and 100 million hours of time to deal with the aftermath. This paper uses a system dynamics model to explore policy options dealing with identity theft and to provide implications for marketers. The results indicate that the current approach to combating identity theft will not work. However, inexpensive security freezes could be effective, because they result in a nonlinear reduction in identity theft that is similar to the “herd immunity” seen in epidemiology. Thus, identity theft can be addressed by protecting just a fraction of the total population.

What is identity theft?

At the most general level, identity theft is “…the misuse of another individual's personal information to commit fraud” (Gonzales and Majoras, 225). Most reporting agencies recognize two major subcategories of identity theft: existing account fraud, in which a thief takes over or appropriates an existing account or credit relationship, and new account fraud, in which a thief uses personal information to open new accounts and credit relationships in the victim's name. Existing account fraud is more prevalent and typically less costly than new account fraud (Anderson, 160) and (Javelin Strategy and Research, 152). Although existing account fraud may result in thousands of dollars of charges to a credit card, laws and corporate policy limit consumer liability for such fraudulent charges, and existing account fraud rarely affects an individual's credit rating.

By contrast, new account fraud costs approximately $850 dollars and 80 h of time per victim to correct when it is first discovered (Javelin Strategy and Research, 152). Moreover, whereas existing account theft is generally over at the time of detection (when the fraudulent account is closed), new account fraud is a symptom of a larger problem—that a thief has stolen one's identity. As a result, new account fraud can continue occurring for years before the thief is caught (as the thief continues to open new additional accounts), and the fraud can have a disastrous effect on the victim's credit rating (even if each occurrence is temporary). Because of the severity of the new account identity theft problem, this analysis focuses only on it. (Acohido and Swartz, 200)

How does new account theft occur?

The first step in becoming a victim of identity theft is that a criminal must obtain the victim's identity information, either through low-tech methods such as “dumpster diving” (i.e., rooting through garbage for personal information) or stealing mail, or by using higher-tech methods such as hacking into a corporate computer system, stealing a laptop containing identity information, “phishing” (i.e., fooling a customer into revealing information through a fake website or email), or using malicious computer code to obtain the information (Gonzales and Majoras, 225). Once identity information is obtained, the criminal either ...