A contextual framework for combating identity theft

Identity fraud has been reported as one of the fastest growing crimes in the world today, and a key facilitator of terrorism, money laundering and trafficking (of people, drugs, weapons and illicit material). In the last few years, there has been a significant increase of academic research on the subject. It is important to establish the adequacy of exiting literature. This academic literature targets to explain the trends and methods as well as future risks and implications related to identity fraud. The aim of the review is to survey the literature and identify gaps in coverage and methodology and thus areas requiring future research. A standard systematic literature review method that involved a search of academic articles from digital libraries was used. A total of 120 articles were selected and a content analysis was performed on the identity fraud phenomenon which led to the identification of thematic areas. These thematic areas are (i) technical issues, (ii) policy and legal issues, (iii) trends, (iv) target sectors and (v) type of research. The analysis of these papers provides useful

User authentication refers to user identification based on something a user knows, something a user has, something a user is or something the user does; it can also take place based on a combination of two or more of such factors. With the increasingly diverse risks in online environments, user authentication methods are also becoming more diversified. This research analyzes user authentication methods being used in various online environments, such as web portals, electronic transactions, financial services and e-government, to identify the characteristics and issues of such authentication methods in order to present a user authentication level system model suitable for different online services. The results of our method are confirmed through a risk assessment and we verify its safety using the testing method presented in OWASP and NIST SP800-63.

2010

Internet shopping, a strong alternative to traditional "go, see, touch and buy" shopping, has been one of the mostly used facilities of the Internet. Several online shopping systems serve internet users all around the world and enable people to get the products they need with a small effort. Internet shopping can be considered as "see and buy" retailing. While the "see" part is implemented by the expertise and imagination of web designers, different payment schemes have been devised for the "buy" part. The most used media are online credit card transaction systems. Several different methodologies have been developed for credit card transactions. However, research has shown that most of internet users do not fully trust credit card payment systems because of financial risks such as loss of money. Various approaches have been performed in order to gain the consumers' trust in credit card transactions; but no foolproof solution has been found to overcome the weaknesses in those systems. This paper proposes a new solution that combines biometric ID card with online credit card transactions. Since the implementation details such as the type and the matching algorithm of the biometrics data might vary between countries because of the project requirements and laws, the proposed system remains local for the each country that might adopt the solution. To elucidate the proposed system and provide a concrete example, we used Turkish e-ID pilot system as the identity verification module since it best fits the requirements of the framework.

International Journal of Electronic Governance, 2007

Digital identities, profiles and their management enable online interactions and transactions among people, enterprises, service providers and government institutions. In this paper, after having examined the European identity management policies, we explain the differences between digital identity and digital citizenship and introduce digital credentials. We also discuss how an identity management framework, composed by shared and standardised services supporting authentication procedures, can change within the e-Government domain. The paper concludes by outlining future trends and the potentiality of the extended digital identity in both public and private sectors.

Proceedings of the 2013 ACM workshop on Digital identity management - DIM '13, 2013

Evidence of identity (EOI), sometimes mentioned as breeder documents in a physical representation form, refers to a single or a set of evidence that can be used to provide confidence to the claimed identity. Trust of evidence of identity needs prudential assessment by an authority or a service provider before such evidence of identity can be accepted for identity verification or eligibility evaluation purposes. This is especially the case when such purposes have a high risk of cost, security, and other critical consequences. In this paper we analyze the status of deployed EOIs in the scope of ePassport issuance; and then attempt to define the implementation types, fraud scenarios, security objectives, and trust levels for EOIs, which have not been clearly defined in existing research and standardization societies. As a pilot survey work in this field, recommendations from policy and technology perspectives towards a highly-trusted EOI framework for standardization are shaped towards future ePassport issuance standardization and practice. Finally, a new design of birth certificate, compliant to the proposed recommendations, is presented as an example of trusted EOI.

IJCSIS, 2019

In a highly vulnerable environment, marked by fraud and sophisticated types of attacks, authentication and identity security remain key elements of security policy. However, solutions such as the use of a simple authentication based on the couple (identifier / password), are no longer sufficient. New approaches based on strong authentication solutions or various certification protocols must be deployed. In this context, and in the case of an academic entity, we seek to develop a global platform that supports multiple services with different levels of security and different users (students, professors, administrators). The goal is to protect access to various sensitive areas of a university for example while ensuring flexibility of operation. In this context, this contribution relies on public key infrastructure technologies associated with PKI smart cards to secure authentication. To further refine our architecture, we will use the most efficient cryptography techniques. The purpose of such an approach is to guarantee simultaneous and secure access of different actors to various data and services with several levels of classification. Keywords: Authentication, Smart Card, Security, Access Control, Information System, Public Key Infrastructure, Password, Encryption

Payment card fraud is causing billions of dollars in losses for the card payment industry. Besides direct losses, the brand name can be affected by loss of consumer confidence due to the fraud. As a result of these growing losses, financial institutions and card issuers are continually seeking new techniques and innovation in payment card fraud detection and prevention. Credit card fraud falls broadly into two categories: behavioral fraud and application fraud. Credit card transactions continue to grow in number, taking an ever-larger share of the US payment system and leading to a higher rate of stolen account numbers and subsequent losses by banks. Improved fraud detection thus has become essential to maintain the viability of the US payment system. Increasingly, the card not present scenario, such as shopping on the internet poses a greater threat as the merchant (the web site) is no longer protected with advantages of physical verification such as signature check, photo identification, etc. In fact, it is almost impossible to perform any of the 'physical world' checks necessary to detect who is at the other end of the transaction. This makes the internet extremely attractive to fraud perpetrators. According to a recent survey, the rate at which internet fraud occurs is 20 to25 times higher than 'physical world' fraud. However, recent technical developments are showing some promise to check fraud in the card not present scenario. This paper provides an overview of payment card fraud and begins with payment card statistics and the definition of payment card fraud. It also describes various methods used by identity thieves to obtain personal and financial information for the purpose of payment card fraud. In addition, relationship between payment card fraud detection is provided. Finally, some solutions for detecting payment card fraud are also given.