The internet has been hailed as one of the best inventions in human history. It presents seemingly endless opportunities in diverse areas including the ability to carry out business transactions over the internet. Online commerce has developed in leaps and bounds over the last decade and more complex transactions are now possible over the cyberspace. With this development has come an associated problem; cyber identity fraud. This research paper seeks to identify the trends in cyber identity fraud, analyze the legal issues involved in cyber identity fraud and make appropriate recommendations on the changes that can be made to combat cyber identity fraud.
Introduction to the problem
Cyber identity fraud has been defined as the deliberate assumption of another person’s identity with the intent to fraudulently obtain resources, financial or otherwise, by pretending to be the other person over cyberspace. Cyber identity fraud usually involves the assumption of another business’ identity over the internet to obtain credit finance or the fraudulent obtaining of credit, goods or services by the online use of another person’s identity (Identity Theft Center).
The main targets of cyber identity fraud are commercial banks, insurance companies, credit card companies and other non bank financial institutions like mutual funds and investment companies. Cyber identity fraud has grown into such a large magnitude that proper legal frameworks need to be set up to counter its spread, identify and apprehend culprits and set the necessary laws to prosecute and convict them. Compensation and support to victims should also be governed by a proper legal set up to ensure uniformity. A problem exists because the already existing legal frameworks meant to deal with cyber identity fraud are not effective in containing the problem of cyber identity fraud. Inadequacy of the existing legal frameworks in dealing with cyber identity fraud is thus a legal issue that needs to be comprehensively dealt with.
Background of the study
The ability to carry out business transactions over the internet is regarded as an important milestone in the globalization process. Commercial undertakings are now possible between individuals at the extreme corners of the globe. The volume of business transacted over the internet has been growing as internet develops and parties to transactions become bolder to step into the uncertain world of internet business transacting. This development has however had its downside in the development of business related cybercrime, with identity fraud being the most prevalent of these cyber crimes. As the internet developed to enable transactions online, criminals found a new and easy way of committing crimes anonymously over cyberspace by assuming the identity of others without their knowledge to obtain goods, credit and services. This development in cyber identity fraud has made what seemed as a potential new avenue of doing business full of risks and high associated costs that were not initially anticipated. Regulation cyberspace activities thus became necessary as a result. The need for legal framework to control business operations in cyberspace have thus became necessary. Governments, both national and local have put in place laws to govern cyberspace and manage cyber identity fraud. These are however insufficient to deal with the increasingly high number of cases and complexity of cyber identity fraud. It is thus important to create new legal frameworks intended to keep pace with the speed and complexity of growth of online identity fraud.
Statement of the problem
Cyber identity fraud has been identified as one of the growing forms of crime with about 9.9 million Americans being victims of cyber identity fraud in 2008 (Finklea 2010). The federal trade commission (FTC) estimates that consumers lose approximately 50 billion dollars annually as a result of cyber identity theft. The loss resulting from cyber identity fraud is monumental and harmful to private businesses and the economy in general. Cyber identity fraud erodes consumer trust in business transactions that involve the use of the internet, and this may have negative long term impact on major companies that make transactions online (Hudson 2008). Cyber fraud also leads to increased corporate costs, eroding their profitability both in the short run and long run. Companies lose essential operating assets through cyber identity theft, further increasing the corporate cost of carrying out online business. Jamieson et al (2007) identifies the need for governments to develop strategies to counter cyber identity fraud in terms of legislation, protection of information, awareness creation, law enforcement and justice systems, procedures of reporting and victim support. This by implication means that the systems already in existence are insufficient or effective in dealing with the present form of cyber identity fraud. There is therefore a dire need to develop such legal strategies so as to come up with appropriate and effective legal strategies of combating cyber identity fraud.
Purpose of the research
This research is intended to identify the existing legal framework that governs the management of cyber identity fraud and examine its ability to effectively deal with the issues arising from cyber identity fraud, examine the weaknesses of such in light to recent development in online business transaction processes and the changing technological and computing knowhow and the tactics employed by cyber criminals and suggest appropriate legal strategies and policies that need to be put in place to counter the social and economic threat of cyber identity fraud. The research will assist in the development of better legal policies to effectively counter the harmful effects of cyber identity fraud.
This research will seek to answer the following questions.
What legal strategies and policies have been put in place in terms of legislation, law enforcement, justice systems, public awareness, mode of reporting and support for victims by national and local governments to deal with the problem of cyber identity fraud?
How effective have the above legal strategies been in dealing with cyber identity fraud and what has been their success rate? Have the legal strategies and policies adjusted accordingly to adapt to the ever changing form of cyber identity fraud?
What changes need to be made to these legal policies and strategies to ensure that they are most effective in fighting cyber identity theft and increase their success rate? How should these proposed changes be implemented to ensure that they are effective and sufficient in dealing with cyber identity fraud?
Significance of the research
This research will go a long way in evaluating the legal policies and strategies presently in place to counter cyber identity fraud, identify their shortcomings and make propositions on ways that they can be improved. This will assist legal experts and policymakers in various levels of government and other stakeholders in the business community evaluate these strategies and policies and come up with better policies. The research will therefore assist towards the goal of having the possible minimum cases of cyber identity fraud.
Assumptions and limitations
This research makes the prime assumption that legal policies and strategies meant to counter cyber identity fraud. Most of the propositions in the research are based on the assumption that there already exists local and national government legal frameworks that this research seeks to improve on.
The research makes assumption that all nations are at peace and no conditions of animosity or non co-operation exist among some nations. This limits the scope of the study to only those nations in amicable diplomatic terms with the United States of America.
The developments of the legal issues surrounding cyber identity fraud have been extensively discussed in the last few years and various perspectives to the problem have been put forward. The Australasian centre for policing and research (2006) has defined cyber fraud as “the gaining of money, goods, services or other benefits through the use of false identity.” The Credit Industry Fraud Avoidance System (2007) defines it as the use of another person’s attributes such as name, address or date of their birth without their consent to obtain goods, services or credit online.
Jamieson et al (2007) identify cyberspace as one of the channels used for identity fraud. The other channels are traditional and mechanical or digital devices channels. They also identify organization insiders, organized criminals, opportunistic and technologically individuals working alone as the main perpetrators of identity fraud. These are also the main perpetrators of cyber identity fraud. Wang et al (2006) has listed the methods used by cyber identity fraudsters as phishing, key logging, hacking, the use of viruses and worms among others.
Phair (2006) has investigated the issues of security of systems and system data breaches as they relate to identity fraud in cyberspace. Fraud methods in cyberspace have been extensively investigated by McLaughlin (2003) with Smith and Urbas (2001) also making their own investigation and analysis in cyber identity fraud methods. Criminal inter-jurisdictional issues have also been researched on extensively. Lim (2007) and Hayashi (2007) have carried detailed separate studies of the issues that are involved in criminal proceedings against cyber identity fraudsters that involve different legal jurisdictions. These studies clearly demonstrate the need for evaluation of the legal framework that govern cyber identity fraud and the need to make appropriate changes to effectively contain the problem.
Good legal policies and strategies are developed by governments which are proactive in identifying and evaluating the risks posed by cyberspace crime to their economies (Jamieson et al 2007). It is these governments that come up with some of the most effective legal systems that deal with issues relating to cyber identity fraud. Jamieson et al conclude that organizations’ and governments’ preparedness usually results in better legal frameworks and lack of this form of preparedness leads to poor and usually inadequate policy formulation which does not effectively combat cyber identity crimes. They identified three stages of policy formulation to deal with cyber identity fraud; first by sealing the loopholes that may result in cyber identity fraud committed by insiders in organizations and governments, secondly by formulating policies to prevent, measure and mitigate any identity fraud that actually occurs and thirdly by implementing these policies in the best way possible to ensure their effectiveness (Jamieson et al 2007).
The response awareness levels about cyber identity fraud have also been investigated (Wang et al 2006). Although a larger part of the public is aware of the existence a legal framework to deal with cyber identity fraud, many are usually reluctant to involve the authorities when they fall victims to such fraudsters. The reasons for this non disclosure are varied across individuals and business enterprises. Loss of reputation, huge financial losses and the need to protect organization image have been cited as some of the reasons corporate victims show reluctance to report incidents of cyber fraud that are perpetrated against them (Jamieson et al 2007). Individual victims are usually ashamed of admitting that they have fallen prey to fraudsters and will not report the incidents to authorities. Apathy against authorities, especially the police has also been cited as a reason why some individuals will keep incidents of cyber identity fraud to themselves.
Many governments have passed legislation meant to counter the activities of online identity fraudsters (Wang et al 2006). The structure and implementation of such legislation differs from one government depending on various factors such as availability of computing technology and the level of adoption of online business transacting. In the United States, the congress has passed the Federal Identity Theft and Assumption Deterrence Act of 1998 (18 USC 1028) which provides the penalties and jail terms for identity theft convicts. The Credit and Debit Card Receipt Clarification Act of 2003 and the Fair and Accurate Credit Transactions Act of 2003 are examples of amendments of past laws meant to ensure the protection of organizations and individuals against the harmful activities of online identity fraudsters.
Conclusion and recommendations
From the review of the literature, it is clear that the legislation already in existence is inadequate to effectively deal with the ever changing tactics of the online identity fraudster. Changes need to be made on legislation and legal policies regarding cyber identity theft and online crime in general.
The process of development of legal policies meant to deal with cyber identity theft should be all inclusive of the relevant stakeholders. Those who will be affected or will benefit from legislation or a policy should be included from the initial stages of the creation of the law or policy. Such involvement will ultimately result in better laws which effectively take care of the interests of the stakeholders and which are based on the existing technological and economic environment.
Better awareness about the existing policies governing identity theft fraud cases should be increased. This will lead to increased appreciation of the measures in place by all the stakeholders. High level of awareness will result in better methods of prevention of identity fraud in cyberspace. The levels of reporting of incidents of cyber identity fraud incidents will increase and this will provide authorities with a better chance of tracking, apprehending, investigating and prosecuting fraudsters and this will go a long way in deterrence of such crimes. This will make the existing policies and legal frameworks more effective in dealing with online identity fraud.
Some of the cases of identity fraud online are as a result of poor systems in organizations. There is need for legislation to govern identity management in organizations. These legislations should contain benchmarks against which organizations will base their identity management systems to ensure that the highest standards of identity protection by business organizations are instituted. This will ultimately result in reduced case of cyber identity fraud since it will make it very difficult to access information about the identities of others.
Protection of information laws should also be instituted to ensure that organizations protect the information of their clients and members. Organizations that require personal information of individuals should be tasked by the law to ensure that such information does not fall into the wring hands. Laws governing the safekeeping of such information need to be upgrade to make them adapt to the ever changing level of technology. This will ensure that laws existing to protect individuals and organizations against online identity fraud do not become obsolete in face of advancement in technology.
Since online trade is global, there is need to harmonize legislations that govern cyber crime among different nations. Countries, through international bodies such as the United Nations and regional integrations should seek to make laws governing cyber identity fraud have a global outlook so that havens for such fraudsters do not exist in countries which have lax laws on cyber crime. This will deter cyber criminals who use identity theft to defraud people in other nations and reduce the cases of online identity fraud in the long run.
Law enforcement and justice systems need to change tactics accordingly as cyber identity fraud becomes more sophisticated. The loopholes that may exist within the justice system that may allow perpetrators of identity fraud to escape justice should be rectified. Stiffer penalties and non availability of bail for suspects of such crimes are some of the actions that the justice system can take to ensure that it plays its role in fighting cyber fraud effectively. Law enforcers should develop systems in tandem with current developments in technology to assist them apprehend perpetrators of online identity fraud. Law enforcers should keep themselves abreast with the tactics employed by cyber identity fraudsters. All this can only be possible when the legal policies and strategies governing conduct of law enforcers allows for such.
Reporting procedures for incidents of cyber crime need to be changed to make the process easier to victims. Protection of the identities and information about victims should be assured and any complainant should be assured that no victimization will occur during the reporting process. Appropriate reporting processes for individual and corporate victims can only be developed effectively only if the legal policies governing such are well adapted to different situations hence the need to change legal policies appropriately to circumstances.
Australasian Centre for Policing and Research (ACPR). (2006). Standardization of definitions of identity crime terms: A step towards consistency. 145(2), Commonwealth of Australia.
Credit Industry Fraud Avoidance System (CIFAS). 2011 online. Retrieved from http://www.cifas.org.uk/
Organization for Economic Co-operation and Development. (2009). Online Identity Theft. Ottawa: OECD Publishing.
Federal Trade Commission. (2009). Identity Theft Survey report. Federal Trade Commission.
Finklea, K. M. (2010). Identity Theft: Trends and Issues. Washington, DC: Congress Research Service.
Hayashi, M. (2007). The information revolution and the rules of jurisdiction in public international law. The resurgence of the state: Tends and processes in cyberspace governance. London: Ashgate.
Jamieson, R., Stephens, G. & Winchester, D. (2007). Managing identity fraud: For governments and organizations.1-45, Sydney: Unpublished working paper.
Lim, Y. (2007). Cyberspace law: Commentaries and materials (2nd Ed.). London: Oxford University Press.
McLaughlin, L. (2003). Online fraud gets sophisticated. IEEE internet Computing, 7(5), 6-8.
Phair, N. (2007). Cybercrime: The reality of the threat. New York: Routledge.
Smith, R. & Urbas, G. (2001). Controlling fraud on the internet: A CAPA perspective. London: Panther Publishing.
United States Constitution. 18 USC 1028.
Vacca, J. (2003). Identity Theft. New York, NY: Prentice Hall.
Wang, w., Yuan, Y. & Archer, N. (2006). A contextual framework for combating identity theft. IEEE security and privacy, March/April 2006, 30-38.