Identity Theft Argumentative Essay

Identity theft refers to the unlawful taking of statistics (e.g., personal account numbers or even tangible items such as deposit playing cards or taking a look at books) whilst Identity fraud entails simply using the statistics for the perpetrator’s gain (e.g., to open a new account). The Internet has introduced instantaneous and cheap communication throughout the globe and it has changed commerce by making it simpler for persons to transact throughout a multitude of jurisdictions. However, the introduction of the Internet has added with it resultant risks and risks and it has become vulnerable to cyber-attacks.

Today nearly all people and companies are related online and net banking has become a buzzword. The thinking of identification theft which was more regarded in the Western world is making its presence felt in growing economies like South Africa. In this context, the reason for this finding is to overview the present-day state of affairs of phishing attacks in South Africa and grant some countermeasures that can be adopted by online corporations to fight this kind of attack.

Identity theft has come to be a major hassle in many international locations with hundreds of thousands of victims from a large diversity of scams committed in full or part online. As a good deal as human beings are addicted to social media easily because it helps them to talk with different people somewhere in the world easily, as (Kapur, 2018) states, ‘social media shrinks the world and makes it an international village’, however, some opportunists are there to steal from different people. Many people discover themselves drowning in money owed and even get blacklisted, due to the fact their identity details have been stolen with the aid of different human beings to make loans with their names.

We grant our non-public records to many apps and websites in the main to use their services, e.g. we point out our cellphone phone numbers and tackle food transport apps, purchasing apps, etc. Advances in cellular commerce and verbal exchange technologies have enabled companies to reach purchasers throughout the globe that have been not until now accessible. Unfortunately, mobile communications have also opened up a chance for electronic crimes. The cause of this article is to explore the law related to identity theft, to overview the corresponding rights, and responsibilities of stakeholders worried about identification theft, and to formulate a system of first-class practices organizations could interact with to forestall or reduce identity theft threats. (Harv. J.L, 2017), States that we are almost all susceptible to theft of our non-public identifying information. There is a massive settlement that identity theft reasons economic harm to consumers, creditors, retail establishments, and the financial system as a whole.

Identity thieves can anticipate any other person’s identification to commit fraud or other crimes with the assistance of digital statistics technology. Being a sufferer of identity theft can be a devastating and life-changing event. Once the victim discovers the misuse they want to commence the process of recovery. For the ‘lucky’ victims this may additionally take solely a couple of telephone calls and a small quantity of time; however, some victims may trip difficulties for many years. To recover, victims of crime require support and assistance; however, inside South Africa, this assistance is unluckily lacking. 

Identity Theft and Biometrics as a Method of Preventing It

Identity theft is what occurs after a person illegally obtains another’s personal information and makes use of it for his own purposes like purchase goods or obtain services under that person’s name. This crime is the fastest-growing white-collar one in the United States today. It is costly to its victims, businesses, or consumers alike. The whole crime is simple. Once they have in their hands the personal information they require, then they could pretend to be the person whose identity they stole. Once they did that, they could now start running up bills or obtaining benefits that are allocated for that person only. (Beaugard, 2003).

This is an enabling crime, or in other words, it’s a crime that aids in the actualization of other crimes. These crimes may range from passing bad checks to ripping off credit card companies to more serious terrorist attacks. Fraudulently obtained and/or mishandled SSNs, birth certificates or driver licenses are the means for identity hoaxes. Getting just any of these three, the other remaining two would be rather easy to obtain already (O’Caroll, 2003).

The Internet just makes everything much faster and much more possible for this crime to proliferate. It only takes several mundane steps to complete the whole process of this crime. First off, these would-be offenders search the Internet. Input “find Social Security numbers” in the search box in search engines and there would be as many as 65 identity sites that would come up. These sites would obtain the number of a person one seeks for a small fee relatively. Fast and quite cheap, the internet enables these thieves to become armed with a name and social security number, and voila, they could now apply for credit cards, take out loans or make unthinkable purchases (Marlin, 2000).

Many of the officials confirmed that Internet growth had indeed increased the opportunities for criminal activities. Concerns had long been raised regarding the risks associated with these computerized database services, an industry that is extensively used by both the private and public sectors to find and verify someone’s identity (US GAO, 1998).

The Internet offers unmatched opportunities for those in search of a new identity. One of the anomalies of Internet use is that online, sincerity and credibility of identity are difficult to confirm. This leads to both the internet users being a little bit careless with regard to their personal information when they are online than they would be in real-life situations. Some websites may even exist solely to take advantage of the desire of various people for information about other people. These information brokers provide information about an individual’s medical records, bank details, credit rating, criminal record, driving license, and vehicle registration documents for a fee. In short, everything that the fraud needs to decide on a victim and misuse his or her identity is readily available on the Internet (Finch, 2003).

The Internet search engines also exemplify unparalleled speed and accuracy that make sure that all the references to a specific individual can be accumulated within a matter of seconds, accelerating the time the criminal needs in order to choose a victim well. If not through the internet, the criminal who would choose someone to steal from would have to go through a meticulous search into the victim’s background, using up a lot of time and effort. With the internet, this information is just a few keystrokes away and this could be done at the comfort of the criminal’s home. The Internet provides identifying information through both illegal and legal means (Finch, 2003).

The criminals using the internet have the luxury of anonymity when engaging in theft through the internet. Furthermore, a sense of unreality may be felt throughout the process, since when they shut down the computer, everything may seem as if had not happened, the crime just left inside that box. Moreover, there is an ease with which users can create multiple identities online, adding to the sense of freedom they feel from the limitations of everyday offline life (Finch, 2003).

Therefore, to reduce this crime, information handed over to the internet should be better regulated and protected. There are three classifications of identification information. The first one is something produced as a means of identification. An example of this is the passport. Secondly, something an individual only knows such as his mother’s maiden name or the assigning of passwords. Lastly and much more personal, identification is based upon the physical characteristics of the individual. This is the use of biometrics such as an individual’s fingerprints, DNA, and retinal images (The Use of Technology to Combat Identity Theft, 2005).

The first two maybe not be that effective and still vulnerable to misuse. There is no guarantee that documents and cards would not be lost and some information not to be forgotten, and resulting in inconveniences for both the individual in question and the institution affected since it has to issue replacements. Not only that, but they are also receptive to being stolen or duplicated. Equally, knowledge can become known to others and be abused, either alone or along with cards and documents (The Use of Technology to Combat Identity Theft, 2005).

Biometric systems avoid many of these complexities abounding these other methods of identification. These systems are exclusively linked to a particular individual and are extremely difficult to reproduce. Biometrics, as briefly mentioned above are based upon some physical attribute that is more or less particular to the individual. As such, it cannot be stolen and misused by fraud. Fingerprinting is mostly used. This method had been employed to determine the identity of offenders since the end of the nineteenth century and has recently, become a tool for some countries in controlling immigration. Computer systems that can keep and recognize fingerprints made the identification process faster and more accurate (The Use of Technology to Combat Identity Theft, 2005).

Aside from fingerprints, there is the method of hand geometry. It is a voluntary scheme that allows participants to circumvent the usual airport procedures and reduces the processing time to a mere 20 seconds. Participants are required to establish their identity in order to be part of such. The palm of their hands is scanned and the image is kept on a smart card. At the airport, the passenger would just have to insert the card into a terminal then scan his or her hands, for the purpose of checking this with the image stored upon the card. The system is highly accurate and can also be instrumental in other situations needing speedy and accuracy in establishing identity (The Use of Technology to Combat Identity Theft, 2005).

Any system that links identifying information permanently with a particular individual has the chance of eliminating identity theft as well. Since biometrics is highly unique to an individual, the likelihood for them to be abused would seem to be nominal. Nonetheless, the dependability of any system of identification based upon biometrics could be spoiled by the weaknesses of a registration system relying on documentary identification. Biometrics has clear advantages over alternative systems of identification. They are incapable of being taken advantage of by impostors as they are linked to a single individual. Few have the same biometric identity. That said, it has a lot to offer as regards reducing the prominence of identity theft. However, there are also disadvantages that cannot be set aside. First of all, these schemes are expensive to develop and implement.

This should not pose a serious impediment to their use due to the potentially immense financial benefits of reducing fraud but that does not make the issue less important. If they are too costly, then the smaller organizations would be restrained from using such. However, the possibility for ‘function creep’, where forms of identification are adopted for different originally unplanned purposes, is a more pressing cause for concern. The existence of a relatively highly dependable scheme might create irresistible temptations on the part of authorities to apply it widely, and inter-relate many separate collections of personal information. It seems likely that the introduction of a presumably unassailable biometric identification system could soon be adopted by a range of institutions until it became the default means of establishing identification (The Use of Technology to Combat Identity Theft, 2005).

All biometric techniques had their distinct strengths and weaknesses in terms of different criteria like accuracy, cost, and user-friendliness among others. By combining two or three of the different techniques, the effectiveness of ensuring against identity fraud is increased.

Biometrics may extract more from its patronizers since they would have to become more intricate and meticulous as with the information being exchanged through the internet. The verification process of one’s personal information becomes for sophisticated and more regulated. It may also induce higher expenses from organizations. But knowing the level of complexity of identity fraud and how the internet makes it so easy to commit, more sophisticated and more highly dependable protection is needed to reduce this. Biometrics may be the best answer to identity fraud yet.

References

Beaugard, Christopher. (2003) Identity Theft: A Violent Nonviolent Crime. Rutgers Cooperative Reseaerch an Extension pp.1-4.

O’ Carroll, Patrick P. (2003) The Homeland Security and Terrorism Threat from Document Fraud, Identity Theft and Social Security Number Misuse. US Senate Committee on Finance pp.1-5.

Marlin, Adam S. (2000) Online Theft a Growing Concern. The Industry Standard. Web.

Identity Fraud: Information on Prevalence, Cost and Internet Impact is Limited. (1998) US General Accounting Office pp. 1-67.

Finch, E. (2003). “What a Tangled Web We Weave: Identity theft and the Internet.” In Jewkes (ed.), Dot.cons: Crime, deviance, and identity on the Internet. (Collompton, England: Willan.) pp. 86-104.

The Use of Technology to Combat Identity Theft (2005) Report on the Study Conducted Pursuant to Section 157 of the Fair and Accurate Credit Transactions Act of 2003 pp.1-117.

The Identity Theft: Statistics and Research

Introduction

The phenomenon of identity theft has been a problem for a while, having mostly been known as faking signatures for most of its history. However, with the evolution of technology, identity theft has taken the form of stealing people’s personal information and using it to break into their bank accounts or hijack their financial data (Wadhwa & Arora, 2017). Although multiple tools have been developed to address the identified cybercrime, it remains a problem. Therefore, strategies for managing it need to be researched.

Reasons

Due to the lack of awareness of the drastic effects that the mismanagement of personal data may entail, people expose their personal information to cybercriminals quite often, which means that identity theft may become more common. Due to the challenges in locating the person who used one’s financial information, tracking down the perpetrator becomes incredibly complicated. Thus, research addressing possible prevention measures and management strategies are overdue.

Recommendations

It is highly advised that the problem of identity theft be researched by looking at some of the most common tools for preventing it and educating people about the significance of ensuring that their information is kept secure (Bressler & Bressler, 2017). Moreover, the sources of data leakage will have to be investigated in the course of research to define the approaches that will help to disseminate the knowledge about identity theft prevention among general audiences (Irshad & Soomro, 2018).

Summary

The problem of identity theft has become much more pronounced in modern society, where personal data has become highly vulnerable to criminals due to online exposure and gaps in online security. Therefore, both the problems in the current framework for keeping personal information safe and the promotion of technological awareness among the target audience have to be researched. Once the factors that facilitate the vulnerability of personal data are identified, methods for containing it in safer environments can be created.

References

  1. Bressler, L. A., & Bressler, M. S. (2017). Accounting for profit: How crime activity can cost you your business. Global Journal of Business Disciplines, 1(2), 21-30.
  2. Irshad, S., & Soomro, T. R. (2018). Identity theft and social media. International Journal of Computer Science and Network Security, 18(1), 43-55.
  3. Wadhwa, A., & Arora, N. (2017). A review on cybercrime: Major threats and solutions. International Journal of Advanced Research in Computer Science, 8(5). 2217-2221.

Identification of Identity Theft and Prevention Techniques

Presumably, the reasons for committing Internet fraud may be obtaining access to the user’s bank card, or obtaining his personal data. To confirm or this hypothesis, managers will also need to assess how often data was leaked and how often money was stolen during the Internet frauds. A detailed survey of managers in an interview will give an opportunity to study the main motives of Internet scammers. An interview with a relatively small number of people will allow to interrogate all respondents in as much detail as possible regarding cases of hacking at their workplace. This will help determine the difference between the motivation factor from the diamond fraud theory for offline and online thefts.

Introduction

The globalization of the economy, the rapid development of financial markets and instruments traded on them, the complication of relations between economic entities and their business operations at the present stage create favorable conditions for the tendentious presentation of public information, which includes the financial statements of companies. All this combined with the change in the moral foundations of the modern “homo economicus” generates new forms of corporate fraud. They increasingly do not fit into the framework of the differential association theory proposed by Cressy, better known as FTT (Zadereyko et al., 2019). Next, the three-factor model underlying FTT was modified by including another factor in it, conventionally called “abilities”. Almost fifty years later, an improved model appeared, which was called The Diamond Fraud Theory – FDT. The “ability” factor is necessary for the fraudster to ensure a better implementation of the conditions proposed under the FTT. In particular, it is necessary for the possibility of justifying and concealing unfair actions related to the falsification of public information of the company.

Overview

In the context of globalization, human activity is increasingly connected to the global Internet, and the number of its users has increased many times over the past decades. Most of the inhabitants of the planet use the world Wide Web in one way or another, leaving their personal data in it, including when participating in the process of electronic commerce. In the age of information technology, the Internet has become an integral part of everyone’s life. In the era of globalization, human activity is moving into a different environment that has long been mastered, but not properly regulated by law – the information space of the Internet. A huge amount of personal information that requires protection also flows there. Globalization processes play an important role in the formation of this Internet space (Hirsch, 2018). As a result of it the Internet was initially formed as a phenomenon that does not fall under the jurisdiction of any state and is not divisible into national segments.

Modern gadgets are no longer a luxury, they are an integral attribute of everyday, social and professional activities. Humanity is increasingly immersed in the virtual world, transferring part of its life there. This suggests that people are beginning to think with the terminological apparatus of the information society. However, one should not forget about the dangers and threats that accompany the user in the Internet space.

Many organizations are switching to online trading, new areas of activity and development are emerging. For example, in order to be successful, companies need to create and maintain their image on the Internet, take care of promotion and advertising, and position themselves correctly in social Internet services (Taylor, 2020). In the digital space, market participants are fighting for the personal data of their potential customers (full name, email address, IP address, phone number, credit card numbers, passport data, etc.). Then they can be used for targeted advertising messages on websites and social networks, as well as for personal interaction with the consumer in order to attract their attention to the product or service.

However, in order to maintain their image and increase brand loyalty, it is extremely important for companies to ensure the protection of users’ personal data, since information leaks can have an extremely negative impact on the company’s reputation. Despite the existing protection systems, even large corporations are not insured against leaks and subsequent use of personal data by third parties for fraudulent purposes. According to statistics, more than 80% of companies incur financial losses due to violations of the integrity and confidentiality of the data used (Becerril, 2018). This problem especially concerns e-commerce companies promoting their brand by means of Internet marketing. Since the image of such companies is formed only on the basis of information received by the consumer from the Internet, consumer trust becomes crucial for the formation of a brand image.

In the modern world, the issue of personal data protection is relevant, especially the protection of personal data entering the Internet and their information security is relevant. Working online, a person receives a lot of useful information, but sometimes does not notice that their personal data is under great threat. It is obvious that by making extensive use of computers and networks for processing and transmitting information, e-commerce industries must be reliably protected from the possibility of unauthorized persons accessing their data bases and distorting them.

Background and Problem Statement

The Institute of Personal Data is a fairly young institute by legal standards. Its formation is closely connected with the development of the constitutional rights and freedoms of man and citizen, and first of all, with the right to privacy. The paradox of human development lies in the fact that throughout his development, man used, accumulated, transmitted information. The continuous process of informatization of society covers all spheres of human and state activity: from solving problems of national security, healthcare and transport management to education, finance, and even just interpersonal communication. With the development of electronic payment technologies and paperless document management, a serious failure of local networks paralyzed the work of entire corporations and banks, which led to significant material damage and colossal losses.

Since the beginning of the 2000s, large-scale leaks of users’ personal data began to occur on the Internet as a result of hackers hacking information databases of various organizations and enterprises (Zadereyko et al., 2019). To date, data leaks occur daily around the world, so it can be quite difficult to track them. However, it happens that a data leak is so large that it is impossible not to pay attention to it, since such leaks affect a huge number of people. And the consequences of such leaks can be truly catastrophic.

In 2018, more than 2,000 data leaks were recorded in the world, as a result of which about a billion data records were compromised (Wang et al., 2019). The results show that compared to 2015, the number of data leaks increased by 50%, and the number of stolen or compromised data records increased by 80% (Wang et al., 2019). The main target of cybercriminals when carrying out attacks in 2018 was personal data – such attacks accounted for 60% of all incidents, which is more than in any other category, including more incidents involving the theft of financial data (Bertrand et al., 2020).

In addition, the nature of data leaks has also tightened in 2018: about two-thirds of the 55 most serious incidents happened in 2018 (Bertrand et al., 2020). As for the analysis of statistics by industry, in 2018, data leaks most often occurred in retail and in the financial services sector (Mariania et al., 2021). In retail, the number of leaks increased slightly compared to last year and amounted to 15% of the total number of leaks in 2017 (Mariania et al., 2021).

At any e-commerce enterprise, in the course of which confidential information is processed, along with it there is a need to protect it. People are constantly creating more advanced data transmission channels, ways to protect these channels, their physiology and software improvement of the data transmission system. Depending on the data transmission channels in which information circulates, different methods of its protection are used and conceptually different approaches to protection are required.

Due to the constant development of high-speed Internet access technologies, important business components are moving to the Web environment. Bank-Client systems, public websites of organizations, online stores, news, entertainment and trading platforms, blogs, government portals are an obligatory component of the world wide web. Because of their accessibility, they often become an attractive target for attackers, so solutions for effective protection of web applications are now increasingly relevant and in demand. At the same time, ensuring security implies the protection of data; some assets are tangible and have monetary value, others are intangible, but nevertheless have value. The need to protect tangible assets, such as the company’s property register, personal data of users, customers and employees, electronic money is beyond doubt. However, it is also important to understand that such, of course, an intangible value as a company’s reputation also has a value and needs to be protected.

The main problem and key task related to ensuring information security, not only on a global scale, but also within any organization, is the protection of personal data. A separate issue of personal data protection on the Internet arises regarding e-commerce, because online purchases have become a natural phenomenon for most people. When performing these operations, it is worth studying the site where the goods are purchased very carefully for strict compliance with the law. Another source of danger for personal data on the Internet can be job search sites and portals of personalized (intended for a particular citizen and containing their personal data) services to the public.

The problem that this work is aimed at solving is the selection of optimal means to combat threats to which personal data that have entered the Internet may be exposed. This paper deals with the problems of personal data protection, the threat of their leakage and further illegal use by third parties as a result of their various illegal actions. Among them, theft, distortion, modification, erasure from the media and unauthorized access can be distinguished.

When considering the issue of taking measures to protect personal data, then first it is necessary to determine their purpose. These measures are aimed at limiting the use and processing of personal data by organizations without the knowledge of users, as well as preventing their leakage. Personal data in accordance with this law is considered to be any data about individuals (both customers and employees of the company) that can identify them. These include: name, ID number, IP address, etc. Personal data can be divided into two categories: general personal data which is considered in this paper, and sensitive data. General personal data allows to identify an individual and includes place of work, income level, education level, phone number, ID number, etc.

The protection of personal data includes the implementation of several aspects: the creation of local acts for working with personal data; the introduction of organizational measures to protect personal data; the implementation of technical measures to protect personal data. To date, a single automation tool that could thoroughly describe the process of personal data protection in an e-commerce organization, taking into account the realities existing in it has not been created. The implementation of personal data protection measures is a time-consuming and complex process. It naturally requires a specialist with the necessary qualifications to be on the staff of the institution, or the involvement of third-party specialists, which inevitably entails additional expenses associated with this.

The need to take measures to protect personal data is also caused by increased technical capabilities for copying and distributing information. The level of information technology has reached the point where self-protection of information rights is no longer an effective means against attacks on privacy. A modern person is no longer physically able to hide from the whole variety of technical devices for collecting and processing data about people that are explicitly or implicitly applied to them. Thus, this work deals with the problem of choosing the necessary organizational and technical measures when processing personal data. They are used to ensure the protection of personal data from unauthorized or accidental access, destruction, modification, blocking, and copying. The adoption of these measures is designed to prevent the dissemination and other illegal actions with respect to personal data.

Purpose of the Project

The present work is related to the discussion of the complexities of software development of information systems and methods for the protection of personal data. The purpose of this paper is to review existing methods for preventing the commission of Internet frauds. It considers modern means of protection against cyberbullying, including antivirus software packages that are able to detect and classify messages with suspicious content as spam.

This work focuses on the economic aspects of cyber threats — the problems that people and trading companies face in connection with online crime of various kinds. The main efforts will be aimed at a retrospective assessment of the current state of affairs. The paper studied the standards that allow to achieve information security of e-commerce web services, studied the stages and actions to achieve this goal. Separately, the protection mechanism of the Website, acting as a structural unit of the web service, was analyzed.

A study is being conducted of the most easily accessible and vulnerable places for hackers to attack, and the areas of greatest interest to attackers today. In this regard, examples of vulnerabilities and the consequences of their exploitation are established, as well as the vector of a possible attack and the method of protection (Laptiev et al., 2021). The main types of attacks are reviewed, with special attention being paid to attacks aimed at compromising the resource. The most rational solutions for ensuring cybersecurity and the principles of drawing up an integrated approach that should be used throughout the entire life cycle of software development are considered. It is advisable to use both technical means of protection and organizational measures, which is reflected in this work.

The paper aims to track the software both at the development stage and at the stage of active work. For example, a source code security audit is regarded – a service that allows to check every line of code for vulnerabilities (Fabiano, 2019). A penetration test aimed at identifying vulnerabilities in business logic, incorrect access differentiation, incorrect authentication and session management is also discussed. The auditor’s task at the same time is to bypass all means and methods of protecting the application and gain access to private data. The growth dynamics of modern Internet projects and constant updates: the addition of new functionality, code updates, infrastructure expansion leads to the emergence of new untested areas that may potentially contain vulnerabilities. Therefore, the work provides evidence of the need for periodic testing (at least once a year) and constant monitoring of logs for security incidents.

The work also focuses on the use of protection against various types of attacks, the introduction of WAFs and the use of vulnerability scanners, which are an integral part of an integrated approach and serve as additional protection. Among the tools considered, there are those that can be used exclusively as auxiliary tools. If during testing of some security methods it is possible to obtain data, for example, it is possible to find out the real IP address, then the tool is considered insufficiently reliable (Deng, 2019). At the same time, the work aims to collect information about the need for service updates during software testing, identification of unsafe configurations, open ports and analysis of surface vulnerabilities that may pose a threat to user data. Summing up, the project aims to develop ways to identify the most effective method of personal data protection for specific online trading processes.

Significance of the Project

Against the background of the destabilization and uncertainty caused by the pandemic, people saw that they were expected, and sometimes required, to provide personal information to combat the spread of COVID-19. At the same time, most of the vital activity has moved to the Internet — in normal mode, this process could take more than one year. Such large-scale changes that have affected people’s communication and their immersion in the digital environment have raised many issues related to privacy protection for organizations that want to comply with the law and stop the pandemic, while respecting the rights of the individual. Consumers and the general public are increasingly concerned about how their personal data is being used.

In this regard, data protection is increasingly becoming a key priority for most organizations. According to a survey conducted among data specialists from large and medium-sized global companies, more than half of respondents said that their organizations in 2020 were forced to introduce additional measures to protect corporate data (Clifford et al., 2018). The need for additional measures could arise due to the transition of many employees to remote, as well as due to the activation of fraudsters. During the pandemic, both the importance of privacy and the benefits that companies that implement enhanced protection measures receive have grown. Organizations report to top managers and boards of directors on data protection indicators. At the same time, the role of the leader of the organization is significant, since it is the head who decides on taking measures to increase the company’s privacy indicators.

Confidentiality has ceased to be just a matter of compliance with the requirements of the regulator: business considers it as one of the basic rules, compliance with which top managers should pay priority attention. Most organizations turn to their own data protection specialists to solve these problems (Kodapanakkal et al., 2020). This is due to the growing concern of consumers about the level of data security in the tools needed to make remote purchases, interact with e-commerce sites and connect to payment.

Radical changes in workflows and other consequences of COVID-19 have caused the weakening of the protection of the IT infrastructure. Inefficient implementation of remote access to e-commerce sites, vulnerabilities in VPNs and a shortage of personnel capable of solving these problems have led to the fact that corporate data was at risk of unauthorized access. Therefore, the development of new methods of personal data protection and regular testing of existing tools plays a particularly important role.

Moreover, the importance of this paper and, in particular, research in this area is due to the emergence of a greater number of innovative fishing lures designed to deceive users and complicate the identification of attacks. The most innovative method of mass fishing is the interception of email by the Emotet bot (Kuner et al., 2018). The bot automatically creates decoy emails using data stolen from hacked e-sales services. This data is subsequently used in correspondence, which makes them very convincing and encourages victims to open files with malware.

Whaling is a type of fishing aimed at senior managers, which is even more dangerous. In this way, cybercriminals are be able to use personal information found or stolen on the Internet to create convincing decoy letters to corporate email addresses (Kodapanakkal et al., 2020). At the same time, hackers actively exploit hot topics to push people to open malicious emails. This may be information about COVID vaccines, warnings about financial problems or political instability. In this regard, the role of the leader and their attitude to the security of their personal information data and company data is paramount.

Research Questions

First of all, the study will be aimed at answering the questions «What are the most popular types of credit card fraud and what are the most effective ways of protection against it? », as well as «What are the ways of reducing risks? » and «How do the factors of Diamond fraud theory apply to internet frauds? ». It will also be established how credit card fraud affects business. The impact will be assessed from three points of view. The most obvious way of fraud impact on business — financial losses — will be calculated. Secondly, it will be found out how a company that is exposed to fraud usually lowers its rating in the eyes of investors and business partners. In addition, the paper will answer the question «How can credit card fraud lead to data distortion? ». The study will also deal with ways of maximizing transaction security protection when shopping online.

In order to effectively combat credit card fraud, it is extremely important to understand the mechanism of fraud itself and how credit card fraud occurs. Therefore, the study will answer the question « What are the reasons for modern card fraud, the process itself and the shortcomings of the protection systems that make it possible? ». Attention will be paid to the two most common variants of criminal actions that lead to the theft of money on card accounts. The first option does not include the participation of the cardholder, when card data are stolen en masse from the servers of banks, online stores, online services, etc. As a rule, organized criminal groups or cybercriminals are involved in this. The card details are then sold on the black markets on the Internet, and the money is cashed out.

Next, the method of fraud with the direct help of the cardholder will be considered. In this case, the initiators are lone scammers; they usually use very effective methods of social engineering (a method of controlling human actions based on the use of the weaknesses of the human factor). They commit theft through various tricks or tricks affect the blind spots in the human psyche. The mechanisms of the prevailing types of fraud using plastic cards will be considered and the most effective ways of protecting against each of them will be highlighted. So, the analysis of skimming, shimming, re-debiting from the card, data interception, data theft with the help of viruses and Trojans will be carried out.

The next research question is «What are potential solutions to problems such as the organization of intellectual property, in particular software? ». They will be organized by the strength of the impact of protecting software from hacker hacks and attacks, from possible forgeries of cards mediating the theft of funds. Potential ways of developing and improving fraud methods will also be investigated. For example, earlier skimmers were placed only on ATMs or mini-cameras were installed next to ATMs to read PIN codes of plastic bank card holders. Today, keyboard pads have become the most popular (their own keyboard is pushed inside, and a panel is installed on top, which looks the same and fixes the entered PIN code). Therefore, the paper should highlight the prospects for the development of key trends in cyber frauds and find out what their impact on the global economy and business is.

Theoretical Framework

Personal data is any information related directly or indirectly to an individual who is prescribed by law as a subject of personal data. Yartey et al. provide a list of such customer information, which includes data from ID, exact place of residence, mobile phone, and email address (Yartey et al., 2021). When processing takes place using information systems, new potential threats appear that need to be minimized, and it is better to eliminate them altogether. A threat to information is considered a possible influence or impact on an automated processing system from inside or outside, which entails any negative consequences for the subjects of this information. Morse et al. provide a situational list when information systems become particularly vulnerable (Morse et al., 2020). It happens when the company’s software is imperfect, has not been updated for a long time and contains vulnerabilities. Moreover, the probability of threats is higher if some processes of the system (in particular, protective ones) do not function in full force, or the conditions of operation and storage of information are complicated.

According to Hou et al., there are several levels of security that determine the use of certain means of protection that appear in this paper (Hou et al., 2019). There are four of them in total: maximum, high, medium, and low; for each type of threat, the requirements set their own level of protection. Its choice is determined based on the characteristics presented by Wagner (Wagner, 2018). First of all, it is the number of subjects whose data are to be processed, the class and degree of value of the processed information. In addition, Sun et al. rely on the types of processing used, as well as the relevance of threats (Sun et al., 2018). Taking into account these parameters helps to develop an effective system of measures that can cope with threats to the safety of data at all assumed levels.

In addition to technical means, the protection system involves the implementation of certain measures. They are aimed at ensuring the proper security of personal data due to the requirements of regulatory acts. The measures are both technical and organizational in nature. According to Whitty, leakage, loss, distortion and destruction of personal data of buyers will be understood under cyber fraud in this work (Whitty, 2019).

Ivanov et al. state that compliance with the requirements for the protection of personal data involves the development, installation and maintenance of complex software systems that solve the following tasks (Ivanov et al., 2018). This is to avoid unauthorized access to data from both external intruders and insiders. For this purpose, firewalls, various access control systems, cryptographic and blocking means are used. The company chooses all the necessary means to protect personal data from leakage independently, requirements are imposed on their capabilities and certification, and not on specific names or types of software products.

According to Pérez-González et al., the task of developing one’s own data security system should be solved step by step (Pérez-González et al., 2019). Any project management methods offer several successive stages of introducing a new type of work. These are development, testing, implementation, analysis of results and revision, taking into account the identified shortcomings. All this complex of actions should take place under the control of the head of the organization. In this case, the creation of a personal data security system will be successful and will not require improvements and alterations.

The globalization of the economy, the rapid development of financial markets and instruments traded on them, the complication of relations between economic entities and their business operations at the present stage create favorable conditions for the tendentious presentation of public information, which includes the financial statements of companies. All this combined with the change in the moral foundations of the modern “homo economicus” generates new forms of corporate fraud. They increasingly do not fit into the framework of the differential association theory proposed by Cressy, better known as FTT (Zadereyko et al., 2019). Next, the three-factor model underlying FTT was modified by including another factor in it, conventionally called “abilities”. Almost fifty years later, an improved model appeared, which was called The Diamond Fraud Theory – FDT. The “ability” factor is necessary for the fraudster to ensure a better implementation of the conditions proposed under the FTT. In particular, it is necessary for the possibility of justifying and concealing unfair actions related to the falsification of public information of the company.

Limitations of the Project

The limitations of the project are primarily related to the inability to compile accurate statistics on the number of cyber frauds, since it is possible to operate only with notifications of data breaches that have been reported to the regulator. The total number of registered cybercrimes is only 10-12% of the actual number (Ali et al., 2018). This is because the affected citizens or organizations that have been subjected to extortion on the web are afraid to seek professional help to resolve the issue because of the risks of allowing the publication of stolen information.

Moreover, restrictions are imposed by the fact that attackers are constantly developing new ways to steal confidential data, all of which cannot be taken into account. For example, there are more than 20 types of software designed to cause damage to devices connected to the network (Harvey, 2018). Hackers are constantly improving their skills and have been implementing artificial intelligence for a long time, which presents potential threat detection systems with a lot of difficulties. In addition, fraudsters regularly develop new technologies for stealing payment data. From the customer’s’ profiles of online stores, they can get ID data, address, phone number, as well as bank card number.

New trends in the field of data protection regularly appear, the development of which also cannot be fully taken into account. For example, the use of artificial intelligence is a completely new stage in the fight against cyber fraud. As organizations move from the data center to cloud platforms, the use of AI-based technologies will continue to grow and become more widespread. There are also regular updates for monitoring and protecting online stores, allowing sellers to use new variations of security settings. They are carried out on the basis of the Data Leak Prevention system, which in real time detects and prevents unwanted transmission of confidential information of buyers through various channels both inside the company and outside of it. In addition, with its help, it is also possible to control such actions on the end devices of users.

In addition, it is impossible to foresee all potential security failures and internal vulnerabilities, which is also a constraint in this study. Research on this topic mainly affects only large trading enterprises that use full-fledged monitoring systems based on risks and a wide range of possible attacks. In small and medium-sized e-commerce businesses, there are very few works aimed at collecting and analyzing the risks of external influence, the data of which could be used.

Another limitation is the factor of human error, which is one of the most frequent and main causes of data breaches. Even the most reliable information security systems can be undermined by employees who do not comply with basic security requirements and are negligent in their duties. In case of intentional incidents, the most common motive is additional earnings. In large teams, there is a percentage of employees who are capable of violating if they see an opportunity for this. Unfortunately, employees of departments close to material values are at risk. Information is also valuable — both corporate (customer bases, supplier bases, marketing plans, etc.) and personal data of customers are in high demand. Sometimes employees consider corporate information personal, which is also a motive for its discharge; for example, those who leave often consider it possible to still have an access to the company’s data.

Assumptions

The motivation factor from The diamond fraud theory for Internet scammers might be different from other types of fraud and represent not money, but data. Presumably, the most effective means of protecting bank cards is the installation of an SSL certificate by the store on its website. The SSL certificate will protect such customer data of the online store as name, address, phone number, bank card details (Wang et al., 2020). Thus, hackers will not be able to steal this information and use it (for example, debit money from a client’s card). In addition, presumably each subsequent version of the program is more reliable than the previous one. This is due to the fact that with each new version, developers improve programs and eliminate weaknesses that could become loopholes for hackers. For independent platforms, non-updatable plugins, extensions and applications will make an e-commerce site an easy target for hackers and other intruders.

Constant updating of the website and server software with the help of fresh minor security versions will probably prove to be one of the best and simplest steps that can be taken to stop an attack. Therefore, installing the latest browser update and regularly updating the computer’s operating system should help prevent data leaks associated with device malfunctions. In addition, frequent checking of the service’s security notifications and timely application of security patches reduces the likelihood of hacking.

Presumably, the most effective algorithm for establishing maximum data transfer security will be to bring the site into compliance with the requirements of the international standard for e-commerce solutions. Regular checking of the site by security scanners, creation of backup copies of stores, data storage on a reliable hosting will be effective. If a business accepts credit or debit cards, regardless of whether they are offline or online, it is necessary to comply with the rules established by the PCI Security Standards Board (Wilson et al., 2018). These rules ensure that any financial data stored in the business is protected. Non-compliance with the rules will increase the vulnerability of customer information to hackers and data hacking.

Choosing the right hosting for a website is one way to protect an ecommerce site. Presumably, the installation of a dedicated server will be the most effective, since it is more protected from security breaches and other problems. Virtual services and hosting are likely to be the least effective, since they have common plans and it is not always possible to customize them for a specific store. It is important that a hosting provider maintains regular backups, keeps comprehensive logs of activities, and monitors network activity. Moreover, one of the important factors is the notification system for abnormal actions on the account and possible infection of the site. Technical support should notify about the violation and provide instructions and a link to the knowledge base on how to solve the problem and assist in eliminating it.

Another thing that may have a tangible effect is the use of plugins and firewall software. Firewalls also protect the site from other cyber threats on the Internet, such as cross-site scripting and SQL injection (Latchoumi et al., 2020). An additional step that is expected to significantly increase security will be the use of two-factor identification during the login process. It will require all users to provide an additional piece of information that only they should have. This is an excellent protection of the online store’s website from the leakage of bank card data.

Definitions

  • Access control system: a set of software and hardware tools designed to organize and restrict access to data (Hirsch, 2018).
  • Antivirus software: a program aimed at the prevention, detection and destruction of computer viruses (Taylor, 2020).
  • Blocking protection: specialized software that blocks the transmission of confidential information and makes it possible to monitor the daily work of employees in order to find security weaknesses and prevent leaks (Becerril, 2018).
  • Card holder: a person who has the legal right to use a plastic card to conduct financial transactions during a certain expiration date of the cards (Zadereyko et al., 2019).
  • Confidentiality: the need to prevent unauthorized access to it by third parties (Wang et al., 2019).
  • Credit card fraud: one of the options for illegal withdrawal of funds from a citizen, as well as illegal possession and use of personal data (Bertrand et al., 2020).
  • Cryptographic protection: data protection by means of cryptographic transformation, which is understood as data transformation by encryption and (or) generation of an extension (Mariania et al., 2021).
  • Details: bank account details, some of which are indicated on the card itself; these include the owner’s name, number, expiration date and security code (Laptiev et al., 2021).
  • Diamond fraud theory: a four-factor model of the criteria required by a fraudster for the qualitative realization of theft, including opportunity, motivation, ability and justification. (Zadereyko et al., 2019).
  • E-commerce: entrepreneurial activity that, in one way or another, is related to the distribution, advertising, promotion, sale of services or goods via the Internet (Fabiano, 2019).
  • External intruder: an intruder who is outside the information system at the time of the threat implementation (Deng, 2019).
  • Firewall: a computer programs whose purpose is to protect the computer from viruses and hacker attacks (Clifford et al., 2018).
  • Fishing: a type of Internet fraud used to obtain user identification data (Kodapanakkal et al., 2020).
  • Identity theft: a special type of fraud involving the use of someone else’s personal data to steal money or obtain other benefits (Kuner et al., 2018).
  • Information security vulnerabilities: weaknesses of an information asset or means of control and management that can be used by attackers (Yartey et al., 2021).
  • Information storage: the process of maintaining the source information in a form that ensures the issuance of data at the request of end users in a timely manner (Morse et al., 2020).
  • Insider: an intruder who is in the information system at the time of the threat implementation (Hou et al., 2019).
  • Leakage (of information) through a technical channel: the uncontrolled dissemination of information from a carrier of protected information through a physical medium to a technical means that intercepts information (Wagner, 2018).
  • Level of protection: an indicator that characterizes the result of the impact of technical and organizational measures taken to ensure the safety and security of information (Sun et al., 2018).
  • Personal data: any information directly or indirectly related to an individual and allowing them to be identified (Whitty, 2019).
  • Re-debiting: double withdrawal of money from a bank card for the same operation (Ivanov et al., 2018).
  • Shimming: an upgraded type of skimming, carried out using a thin technical device that reads information from a bank customer’s card at an ATM (Pérez-González et al., 2019).
  • Skimming: a type of fraud with bank cards, which is the reading of information from their magnetic stripe using a special technical device or skimmer (Ali et al., 2018).
  • Trojan: a malicious program used by an attacker to collect information, destroy or modify it, disrupt the performance of a computer or use its resources for nefarious purposes (Wang et al., 2020).
  • Unauthorized access/actions: access to information or actions with information carried out in violation of the established rights and (or) rules of access to information or actions with it (Wilson et al., 2018).
  • Virus: a small program that replicates by infecting executable files, file allocation blocks or the boot sector of the media and documents created using office packages (Latchoumi et al., 2020).

Summary

The first chapter began with the explanation of the globalization phenomenon, the main symbol of which is the Internet. Against the background of the globalization of Internet users, the popularity of online stores has been increasing recently. It acts as a communication center, playing the role of a coordinator for the smooth interaction of trading elements integrated into the network. However, the impact of the Internet is not limited to positive effects on global trade. Further, the problem of data leakage that arose as a result of the development of the phenomenon of globalization is spelled out. To date, it is happening at an unprecedented rate, and anyone related to e-commerce can encounter it at any time. The statistics collected in recent years are given, confirming that there have been a huge number of data leaks that affect public confidence in the brand.

In connection with the described processes, the purpose of the project is presented below, aimed at describing the various stages of protection against cyber fraud, common causes and the effectiveness of various prevention methods. As a result of the conducted research, an algorithm of the most effective means of crediting data for different types of credit card fraud should be presented. Further, the significance of the project associated with the popularization of online shopping, which came with the beginning of the COVID-19 pandemic and the subsequent lockdowns with the closure of shopping centers, is indicated. Due to the large influx of buyers to the Internet, new methods of fraud have also appeared, which require new protection solutions.

Then follow the questions that will be answered in the course of this study. First of all, it will be necessary to find out which types of credit card fraud are the most popular, and which methods of protection are effective and ineffective for everyone, as well as how it is possible to reduce the risk. After the research questions, theoretical concepts are presented, on the theses and definitions of which this study will be based. In addition, this section of the first chapter also presents the points of view of scientists, which are supported by sufficiently strong arguments and therefore are reliable. The presented theoretical sources reveal new aspects of the scientific substantiation of the problem of personal data protection when using credit cards.

Then the limitations of the project are presented; most of them are related to the rapid growth of cybercrime and the constant development of new methods of fraud. In addition, protection methods are improving rapidly, and at the moment there are too many ways that it is not possible to thoroughly cover in one work. In the Assumptions section, there are hypotheses about the methods of protection that will be the most and least effective. The list of measures with high efficiency is quite extensive and includes a large number of technical methods. At the same time, the list of ineffective methods is usually associated with the choice of a too universal and insufficiently customized method of protection. The list of definitions used in this work completes the first chapter. It can be divided into semantic fields “Types of credit card fraud”, “Methods of personal data protection”, “Confidentiality” and “Electronic commerce”. Then it is followed by a conclusion summarizing the first chapter and the previously mentioned information.

Procedures and Methodology

Introduction

The practical part of the work is connected with the application of the experience of various authors in the field of identifying various kinds of defects, vulnerabilities and threats to the security of information and software systems and their protection mechanisms. This experience was gained by them in the process of certification and state tests, case studies and security audits of more than 500 information security tools, products, portals and systems in the protected execution of leading foreign and American developers (Eslamkhah et al., 2019).

The extraordinary evolutionary growth in the complexity and dynamism of IT products has shown not only the inevitability, but also the hyper-complexity of assessing the compliance of IT products with information security requirements. Despite the heroic efforts of the leading developers, the security problem of software systems has not received its final solution (Baldassarre et al., 2020). The number of critical vulnerabilities does not decrease, and the process of code analysis becomes an extremely difficult task that must be permanently solved within the life cycle of the software system. In this regard, the certification of information security tools remains the main mechanism for managing information security systems. Its effectiveness in real life so far depends on the utmost organization and brainstorming of experts from testing laboratories and certification bodies. Therefore, the use of adequate methods, metrics and methodological techniques can be very useful, which is the main purpose of preparing this work.

In addition to the factors of technical evolution, it should be noted the extraordinary social interest in this problem noted in America over the past few years, for example, it is enough to mention several social phenomena. Thus, the inevitability of the implementation of the law on personal data has profoundly changed the attitude of all legal entities of the country to the protection of confidential information with all the ensuing consequences (Walters et al., 2018). The dialectical emergence of certification wars prompted the developers of security tools to comply with the certification rules in the American computer security market.

In the practical part of this work, the definition of conformity assessment based on a series of international standards is given. It also describes compliance assessment procedures in the field of information security. The following is a detailed description of the concept of certification of information security tools, its legislative and regulatory framework. The practical part is based on the application of mathematical models and methods that can be used in formal proofs of test results, as well as in the planning of work (Mamonova et al., 2020). It also provides formalized methods of testing means and mechanisms of information protection according to the requirements of traditional and new regulatory documents.

The assessment of compliance with the level of security protection, which will be carried out in the practical part of this paper, will demonstrate whether the specified requirements for the product, process and system are met. According to Kurpayanidi, the basic activities of conformity assessment are testing, control, certification, and accreditation for conformity assessment (Kurpayanidi, 2019). The activities used in this chapter will include various conformity assessment procedures. In the field of information security, examples of such conformity assessment activities are certification of informatization facilities, various types of testing and control according to information security requirements. In addition, as part of the procedure for determining the level of information security, it is also possible to audit the security of software, information systems and information security management systems.

In addition to certification of information security tools, various types of conformity assessment procedures for technical means and protection systems, namely testing, certification, testing, audit, and risk analysis, are recognized as the most effective. Testing is a type of activity or conformity assessment procedure. It consists in the experimental determination of the quantitative or qualitative characteristics of the test object as a result of exposure to it during its functioning, modeling or impacts. The legitimacy of information processing at informatization facilities is confirmed by their certification. Its main content consists of certification tests, which are a comprehensive check of the protected object of informatization. This happens in real operating conditions in order to assess the compliance of the applied set of measures and means of protection with the required level of information security.

During certification tests, the compliance of the informatization object with the requirements that ensure the effectiveness of the program is confirmed. First of all, it is the protection of information from unauthorized access (including computer viruses). Further, it is ensuring safety from leakage or exposure due to special devices built into the objects of informatization (Kamalieva et al., 2020). As for software testing, its purpose is to identify errors (defects and shortcomings) in the software implementation of the specified software properties. The features of modern software production imply that testing is integrated into the software quality management system at all stages of the life cycle. According to international standards, testing is a technical operation that consists in determining one or more characteristics of a product, process or service according to an appropriate procedure. Therefore, in the course of the practical part, the synthesis of the described methods for establishing the effectiveness of information security tools will be applied.

Research Project Design

First of all, to implement the project, it is necessary to select the most significant testing areas from the general list. It is necessary to determine the testing method in which the weaknesses of software systems from the point of view of security will be checked. Thus, it will be possible to determine whether there is a blind spot that can be hacked for further data theft. Therefore, it will be mandatory to check the implementation of access control rules. It consists in intercepting explicit and hidden requests, correctly recognizing authorized and unauthorized requests in accordance with discrete and mandatory rules.

It is important to note that manual testing is not the same as vulnerability testing. The purpose of vulnerability testing is simply to identify potential problems, while manual testing is designed to solve these problems. Penetration tests (or pentests) are performed manually in order to assess the security of the online store’s infrastructure by safely hacking it (Ghanem et al., 2019). Vulnerabilities of operating systems, services or applications, incorrect configurations or insufficiently cautious user behavior can be used for this. In other words, an attack is being carried out on the network, applications, devices and employees of the organization in order to check whether hackers can carry out such a hack. According to the test results, it also becomes clear how deeply an attacker could penetrate and how much data they could steal or use for one’s own purposes.

A set of measures is necessary in order to timely track, find vulnerabilities in the system, software in case of illegal, third-party interference, unauthorized access, as well as from copying information. In fact, this is an analysis of data privacy protection. In this regard, it is necessary to choose several of the most suitable tools for verification among those freely available (Panchekha et al., 2019). Security testing will primarily be aimed at minimizing possible risks associated with the purpose of protecting the integrity of the system, software, and personal data. A set of security measures includes checking the resistance of installed applications, software to virus, spyware, hacker attacks, malware. Next, it is needed to choose the tool that is most suitable for working with payment banking systems in online stores and trade web portals.

With the help of the selected tools, it is worth analyzing the degree of protection of confidential data. Next, it is necessary to compile a list of programs that make it possible to restrict third-party user access to certain information. They should also be suitable for checking the integrity of information, which includes the possibility of self-recovery of applications, software and their individual segments after unforeseen failures.

The required level of security largely depends on the type of applications being tested, so it is necessary to identify criteria for assessing the degree of protection. A comprehensive software security check can be carried out in three ways, which are called the white, gray, black box method (Park, 2019). Testing carried out using the white box method implies that the person who is trying to get into the system is well aware of its features and nuances. The gray box employs partial awareness and the black box – its complete absence. Each of the above methods has its own effectiveness and result. It is necessary to identify criteria that will help determine which of the methods is suitable in a particular case. In addition, a static analysis of the code, a search for possible vulnerabilities, bugs, and an assessment of the readiness of products for certification must be carried out without fail.

Sampling Procedures

The selection of ways to protect personal data on the Internet includes the most effective tools from four categories. These are antivirus packages of various types, firewalls, tools to prevent network attacks and alert about them, and scanners of potential vulnerabilities. Antivirus programs can be divided into classic, proactive virus protection and combined. Classic antivirus products search for viruses that are based on signatures — this is a method of searching for known viruses. There are programs with proactive virus protection, the purpose of which is to protect the system from infection; in combined programs, both methods are. The overwhelming number of programs on the market now are of the combined type, which is why they are considered in this paper.

Programs for corporate use differ from personal ones by the ability to install updates for a large number of users from an internal server. Therefore, when compiling a sample of antiviruses, criteria such as real-time protection against viruses and Internet threats (using cloud technologies) and a module for ensuring the security of Internet payments were taken into account. In addition, availability for different platforms (Windows, Android, Mac OS) was an important criterion, which affected the prevalence of using an antivirus package (Shah et al., 2021). The speed of checking the site and the main programs for viruses and adware was also evaluated.

Unlike antiviruses, a firewall is designed to prevent attacks on a computer, so other criteria were used when compiling the sample. The most important factors when choosing a firewall are simplicity and ease of configuration, and the presence of a training mode. Applications should block attacks from the network quickly enough, monitor the traffic of installed applications, detect viruses and malware, as well as automatically block ads when paying for an order.

The firewalls from the sample had to successfully protect against attacks, viruses, malicious code on the store’s pages and take into account a variety of vulnerabilities that could put the client’s security at risk (Kaplan et al., 2019). Moreover, the selected utilities should monitor the incoming and outgoing traffic of other applications. If the process seems suspicious, its connection to the Internet will be immediately blocked. Programs should also have several main modules or sections so that it is possible to customize the level of protection depending on the purpose of use. The selected firewalls also supported flexible network traffic management, creation of their own rules, password protection of settings.

Next, a sample of DLP systems (software or hardware-software complexes) was compiled, designed to prevent leaks of confidential information outside the corporate network. The sample was based on the effectiveness of the analysis of data flows circulating within the company and going beyond it. The reaction rate was also evaluated in case of triggering a pre-configured rule or policy that determines the fact of the transfer of protected information. The time was determined for which the system blocks such a transfer, or sends alarm notifications to a security officer.

DLP systems are divided into three main types (depending on the build of the control subsystem): network, agency, and hybrid DLPs (Guzairov et al., 2018). Network solutions are based on the application of the method of centralized monitoring of data traffic by submitting its mirror copy to deployed specialized servers for analysis according to configured security policies. However, analyzing only network flows, it is difficult to establish a complete picture of how users work with confidential information. In addition, given the current volume of encrypted traffic (according to analysts, in 2019 its share in global web traffic exceeds 60%) and the growing popularity of messengers, cloud services and other specialized applications for information exchange, it is extremely difficult to prevent leaks without workplace control (Dmitriev, 2020). For this reason, only hybrid-type software complexes were considered in the sample.

The last compiled sample included scanners of potential vulnerabilities. The global vulnerability scanner market is actively developing. These tools have become full-fledged vulnerability management systems that can be run as projects. In turn, vulnerability tracking projects turn into processes involving representatives of various departments. For the analysis in this work, modern scanners with integration with risk management or patch management systems, incident management platforms and secure development processes were selected.

Data Collection Sources

Verification of the effectiveness of the protection of e-commerce processes is impossible without a preliminary analysis of information about all aspects of the activities of the selected tools. Manual collection of a large amount of primary data could lead to errors and inaccuracies. Erroneous data taken into account when making a decision could negatively affect the subsequent operation of the protection mechanism. The volume of primary data also significantly affects the completeness and correctness of the subsequent protection strategy. For this reason, automated data collection and processing systems were used, as they cope with this task faster and more successfully both in terms of less labor intensity and in terms of the accuracy of the result obtained.

The list of predefined information sources used in automated data collection and processing includes several tools. First of all, these are sensors that record the time spent on the program’s response to system problems. These are various measuring streaming devices of malfunctions in the system. The largest amount of data was collected during static testing. It consists in on-demand scanning, which is carried out on a collection of malwares. In order to get meaningful results, any static test was conducted on a collection of malwares containing thousands of files. Samples collected over the last six months were used; in addition, during these tests, the results of checking the hard disk on demand were analyzed.

As part of the certification, the products were tested in several categories: the tested product had to recognize all viruses from the list, allowing an attacker to gain access to customers’ banking data (Noeiaghdam, 2019). Next, the program had to not only detect, but also cure the system of detected viruses. Thus, data collection was carried out using the method of statistical observation and consisted in scientifically based registration of facts and their signs characterizing the effectiveness of Internet protection mechanisms against bank data leakage according to a single developed program. This method was used during the initial observation; a monitoring program was compiled – a list of points for which information is collected, and a list of signs and indicators to be registered. These included the performance criteria listed above in the Sampling Procedure section.

In addition, criteria such as the level of detection of the virus collection, heuristic analysis, the percentage of false positives, and treatment of active infection were included in the form. The detection level was determined by the percentage of the number of malicious objects to the total number of files checked. Heuristic analysis included the ability to apply signatures and recognize modified versions of viruses in cases where the signature does not match the body of an unknown program by 100%, but there are more general signs of a virus in a suspicious program (Sing et al., 2021). This technology, however, is used very carefully in modern programs, as it can increase the number of false positives. In this regard, a check was carried out for the percentage of false positives, which is checked for collections with a large number of files that are not malicious. Then the number of false positives was calculated and the ratio of the number of false positives to the total number of files was calculated.

The monitoring program was issued in the form of a blank, in which primary information and technical indicators of the conducted tests were entered. A necessary addition to the form was the instructions, explaining the meaning of the tests carried out and the specific parameter being studied at the presented stage. Thus, a statistical aggregate was collected — a set of indicators of information data protection tools, united by a single qualitative basis (the purpose of programs), but differing from each other in separate features. As a result, homogeneous, dynamic and independent data units were collected.

Unlike static testing, small sets of samples were used to collect reaction rate data. In one type of reaction rate testing, in which the overall indicators for each antivirus company were displayed, test collections of a larger, although still relatively small, size were used. At the same time, the results for specific malware were not published. In another type of tests, calculations were carried out separately for each sample.

As for dynamic testing, its main goal was to use all available means to reproduce the real user environment for which the tested security product is intended. This becomes more and more important as completely new properties appear in the security tools that cannot be implemented in a classic test environment. Such a test was the closest to real conditions, and, as it became clear, the ability to counteract malware in many products turned out to be lower than their detection level when simply checking infected files on demand. The dynamic testing data were also recorded as primary statistical material, and checked for reliability and completeness.

Interviews

As part of the practical part of the study, interviews were conducted with information security specialists working in the fields of electronic commerce. During the interview, it was found out which security systems they prefer for specific enterprises, how they prevent the leakage of bank data. The interview was conducted in order to answer questions such as the method of information risk analysis, the degree of complexity of installation, configuration and maintenance of technical means of information protection.

Any online trading company has a staff of employees related to information technology. Depending on the type of activity of a particular company, its specialization and the tasks they face, they can perform different functions. In this regard, among the respondents there were employees of various fields of computer security, carrying out various activities. A security engineer is a kind of provider to the world of security for the whole company. They develop trainings and recommendations on security issues for internal groups of employees, evaluate security tools, provide assistance in personnel selection, and are engaged in administrative work in the field of information security. A cybersecurity specialist is responsible for ensuring that the organization’s software protection tools work efficiently and reliably. A cloud security engineer is well versed in digital cloud platforms, specializing in protecting databases stored on them. An information security auditor is a pro for checking various systems that may be under attack.

Operational security workers were asked about the preferred organization of the safety of banking information and the processing of data assets. Network and Internet security specialists provided answers to questions about methods of ensuring protection against various viruses and malware of all enterprise computers. Application security professionals were of particular interest: they provided information about establishing invulnerability in working with applications created for mobile devices. An important part was an interview with recovery staff; specialists in this field are called upon to provide assistance after the attack. They shared the value of speed when choosing a method of data protection, the preferred tools for suppressing espionage, stopping data leakage and destroying the virus.

The general section of the interview, applied to all information security specialists working in the fields of electronic commerce, was to determine the preferred tools in the fight against hacking. It was also mandatory to establish the direction and specifics of the place of work. Then it was found out how frequent the use of certified and licensed programs is. In addition, motives and criteria were calculated when choosing a mechanism for protecting client information. As leading questions, the interview included a section with questions about the weak points of the client part of the browser, vulnerabilities of web applications.

The final part of the interview with information security specialists working in the fields of electronic commerce was devoted to the real experience of eliminating threats. The first section dealt with unwanted content: a collection of materials and tools that are used to gain access to information. Such tools include malware, as well as unsafe links. Then there were questions about the experience of combating unauthorized access: hacking, interception of messages and theft of information. At the same time, both a fraudster resorting to hacking and a victim who accidentally provided this access could act as a conductor of unauthorized access. The most detailed section was the experience of dealing with fraud, which includes the use of technology for the purpose of embezzlement of funds. The questions in this part concerned fishing – obtaining personal data, usernames and passwords, and carding – stealing information about plastic cards.

Surveys and Questionnaires

Nowadays, the notion that an online store is one of the components of a commercial company is relevant. According to the data provided by Iavich et al., more than 40% of hacker attacks are on the websites of small businesses; dozens of hacks are registered every day (Iavich et al., 2019). Many companies pay special attention to security issues, as the modern progressive pace of development and activities in a competitive environment leave no other choice.

In this regard, after an interview with information security specialists, a survey of the heads of employer companies was conducted to collect data. This survey was conducted to determine the least effective ways to protect security, which should not be included in the final rating (Torten et al., 2018). The managers were asked if they were satisfied with the existing set of measures to protect the online store. The owners of online stores were also asked how ready they are for the fact that the tools of attackers are constantly increasing, and whether they are worried about attacks in the near future. They were asked questions about the experience of stealing confidential information (especially personal data), as well as penetration into their company’s information systems. Both hacker attacks on corporate web applications and mobile applications were considered.

The negative consequences of security problems experienced by e-commerce business leaders were also calculated. For example, the loss of access to the site was regarded when attackers install a malicious script that replaces the content of the page. A text in a different language appears instead of the product catalog. The next point in the survey was a drop in the number of orders: while the team was engaged in restoring the site after hacking, customers refused orders, and potential buyers went to competitors. It was also found out whether there was an outflow of the audience: if information about security problems gets into the network, it spreads with great speed. Trust in the brand is falling for a while and it is difficult to restore it (Wilis et al., 2020). Users place an order in an online store only if they are sure of its safety. As soon as information about security problems appears, some users flow to competitors. Therefore, during the survey, information was obtained as to how much the respondents’ stores enjoy the unconditional trust of the target audience.

The survey results were also aimed at establishing the necessary level of information security that would suit managers in terms of price and quality. In order to clarify these data, it was found out by whom the functions of ensuring information security in the organization are carried out (Norbekov, 2020). As the first answer option, it was proposed to specify a specially created full-time structural unit of an information security organization. The second answer was an employee (several employees) outside of a special unit that is assigned information security functions. The third answer option had to be chosen by managers whose electronic store security is provided by a third-party organization specializing in information protection. The study did not involve managers whose organizations do not work to protect information.

Next, the managers had to choose the professional standard of information security employees working in their company from the provided list. Automation of information analysis activities in the field of security, security of computer systems and networks, information protection in automated systems were proposed as possible answers. In addition, the list of options included such items as detection, prevention and elimination of the consequences of computer attacks and technical protection of information, technologies and labor organization, or to carry out changes in the economic conjuncture or other geopolitical and social processes. If the respondents chose an affirmative answer, they were asked to presume what new positions in the field of information security might appear in the organization.

Next, the managers had to determine whether they planned to update the equipment in the coming year. In order to simplify the task, a list of potential positions was attached to this issue, including various kinds of analysts: on the security of big data technology, detection of cyberattacks of increased complexity, system security. Experts in the field of information security were also included in possible answers: an expert in data analysis for fraud detection, the security of artificial intelligence and distributed registry technologies, or an expert in computer incidents. This question was included in the survey to identify protection mechanisms that are in demand among managers, high indicators for which will play the most important role.

Document Analysis

The analysis of the data conducted by Liu et al. was carried out through penetration tests and an information security audit (Liu et al., 2021). He showed that errors in the protection of web applications are still one of the most common shortcomings of information security. Moreover, vulnerabilities of web applications are one of the most common ways for attackers to implement attacks on web applications in order to steal information and then penetrate into corporate information systems. According to Nirmal’s statistics, the most common threats to the security of web applications are: cross-site scripting (XSS attacks), SQL injections, calling exceptional situations, forgery of cross-site requests (CSRF), threats of infection with malicious software (Nirmal et al., 2021).

Analysis of the next literature source shows that when ensuring the protection of web applications, it is necessary to take into account a number of features directly related to the process of their functioning (Kim et al., 2021). Thus, the website of the online store and the corresponding web applications (including for payment) should be available to users, customers and partners 24 hours 7 days a week. Abideen et al. claim that firewalls and the use of SSL do not provide protection against hacking of web applications (Abideen et al., 2019). This is because access to the site from external networks should always be open.

Li et al. claim that manual detection and elimination of vulnerabilities in the application itself, website or web portal also often does not give positive results (Li et al., 2020). Developers can find and fix thousands of vulnerabilities, but for an attacker to carry out an effective attack, it is enough to detect just one. The document analysis allows to conclude that the main provision of protection on the website of the online store should be carried out both at the design stage and the development of the payment application itself. However, making timely adjustments during its operation is also a necessity.

Based on the analysis of the functioning of the online store, vulnerabilities, and major threats, Bavel et al. propose an approach to the protection of a web application, implemented on the example of an online store model (Bavel et al., 2019). Since any online store is a web application related to an e-commerce system, the developed model of a secure online store should provide a solution to the problems of protection against threats of fraud and unauthorized access to users’ payment data. To do this, it is necessary to implement the following methods: fraud protection method, payment data protection method, and web vulnerability protection method.

Two experiments were conducted in the next study (Zeng et al., 2020). The first experiment was to assess the impact on the online store of an attacker when trying to inject malicious javascript code through a CSS attack in order to obtain a cookie of the administrator / manager of the online store. During the second experiment, which is of interest for this paper, the effectiveness of the payment data protection module was evaluated by modeling user registration and specifying payment data. Each experiment was carried out first with the protection modules turned off, then these experiments were repeated with the protection modules turned on.

During the second experiment aimed at evaluating the effectiveness of the payment data protection module, the registration of users in the online store and their input of their payment data, which were stored in the database of the online store, was simulated. When the payment data protection module was disabled, the payment data of the online store customer was stored in the database in an open form. Thus, if an attacker can gain unauthorized access to the database, he will be able to take possession of the payment data of the online store’s customers.

With the payment data protection module enabled, the payment data of the online store’s customers were stored in the database in encrypted form. Thus, if an attacker can gain unauthorized access to the online store’s database (for example, using server vulnerabilities), then they will have users’ payment data in encrypted form at their disposal. They will not be able to use them for their own purposes without the use of cryptanalysis tools.

Focus Groups

The focus groups included 5 of the most popular security applications for each of the categories highlighted in the Sampling Procedure chapter.

Antivirus Software

The antivirus software market is extremely extensive today, but some programs have firmly established themselves on the market. Avast antivirus has been in the top of free malware protection software for several years (Nurhayati, 2019). It has a high level of protection, is equipped with a built-in VPN and game mode, is able to create boot copies and assess the vulnerability of Wi-Fi networks. Antivirus Plus is one of the most popular antiviruses in the world, developed by the Romanian company Bitdefender (Shedid et al., 2019). In its arsenal there is a complete set of tools to prevent any virus attacks. At the same time, a special software core minimizes the load on the processor, preventing performance degradation during operation.

Dr.Web CureIt works quickly and efficiently, being able to find even those viruses that a regular antivirus may miss (Uchenna et al., 2018). The program will quickly scan any drive, its partition or directory, allowing the user to independently select objects to check. Kaspersky Lab consistently receives some of the highest scores in antivirus tests. This study examines Kaspersky Security Cloud, which is presented by the company as a new word in protection, combining all the achievements over the 20 years of Kaspersky Studio’s existence (Tchernykha et al., 2018). Considering that in recent years there have been many more different malware than other types of threats, one of the best means to combat it is MalwareBytes (Pisula, 2019). It allows to check the system for various malware and remove it in simultaneously with the operation of the site without violating it.

Firewalls

According to Movahedi’s et al. report, Windows is the most vulnerable operating system, so built-in protection makes sense (Movahedi et al., 2019). In addition to the well-known antivirus, Avast also releases a firewall, which is included in the paid set of Avast Premium Security programs (McIntosh et al., 2019). It comes in addition to an antivirus, an anti-spam module, a wireless network protection module and a set of other functions. PeerBlock is slightly different from all the other firewall programs listed in the paper. Instead of blocking programs, PeerBlock blocks a list of IP addresses belonging to certain categories (Abdi et al., 2020). For example, it can download and block a list of IP addresses that have been marked as business providers, advertising, spyware, etc.

pfSense is one of the leading network firewalls with a commercial level of functionality. It is an open-source security solution based on the FreeBSD (Wada et al., 2021). Sophos is a rising star in the cybersecurity industry, and its software is a great option for protecting businesses. The XG Firewall Business Edition security system is extremely advanced compared to standard firewall software (Stoynov et al., 2021). ZoneAlarm is a well-known firewall with an easy-to-use interface (Muzammil et al., 2019). Behind the user-friendly interface there are many functions, including the choice of the level of protection that can meet the requirements of any business.

Tools to Prevent Network Attacks

In the space of intrusion prevention solutions, the product of the manufacturer Positive Technologies is presented (Arefin et al., 2020). The program can perform all functions in real time, without affecting the network activity of the business in any way. Next-Generation Firewall is an evolution of typical firewalls with the ability to monitor the status of connections. The leading manufacturer of NGFW solutions that will be used in this work is UserGate (Anlei et al., 2020). The paper also presents a proxy server with information security functions, also known as a web filter. Smart-Soft is designed and optimized to comply with the company’s web security policies and control user access to websites (Mimura et al., 2018).

To defend from threats targeting vulnerabilities for which protection has not yet been developed, there is a category of network security solutions. Therefore, the main task of Cisco is to check the file sent through the network device for the presence of malicious code (Alfarsi et al., 2019). The InfoWatch data leak prevention system is the final one in this focus group. It is designed to detect and prevent potential violations of the confidentiality of data and personal information: for example, credit card numbers (Shabalin et al., 2020).

Scanners of Potential Vulnerabilities

Vulnerability scanning tools are one of the most important tools in information security departments, as vulnerabilities appear every day and thus leave a loophole for the organization. The OpenVAS Vulnerability Scanner is a vulnerability analysis tool that will allow scanning servers and network devices due to its complex nature (Dissanayaka et al., 2020). This scanner searches for an IP address and checks for any open services by scanning through open ports, misconfiguration, and vulnerabilities in existing objects. F-Secure Radar is a product of the company F-Secure, which is actively working in the antivirus market (Karantzas et al., 2021). Radar is a cloud-based solution that is not only a vulnerability scanner, but also a platform for vulnerability and asset management.

Astra is a full-featured cloud-based VAPT tool with a special focus on e-commerce (Sodhi, 2020). It comes with a set of applications, malware and network tests to assess the security of a web application for accepting payment orders. W9scan is a free console vulnerability scanner with more than 1200 built-in plugins (Muliński, 2020). They can detect fingerprints of web pages, ports, analyze the structure of a website, find various popular vulnerabilities, scan for SQL Injection. Sn1per is a powerful framework for automatic target security analysis (Li et al., 2021). This work will involve its extensions such as Findsploit (to quickly find exploits to vulnerabilities) and PrivEsc (to search for local bugs).

Observations

The test was conducted on a specially prepared stand running VMware Workstation. For each antivirus product, a clean virtual machine with the Microsoft Windows XP SP2 operating system was cloned (Singh et al., 2018). When installing antiviruses, all the actions recommended by the program were performed (system reboot, update, etc.). The antivirus settings were not changed and remained set by default. A separate clean virtual machine was allocated for each antivirus program. The collection recorded on an external hard disk was scanned. In each tested antivirus, the task of scanning a catalog with virus instances aimed at stealing bank data was launched on demand. The selected 5 antiviruses showed the following results in malware detection: Avast: 95, 52%; Plus: 78, 27%; Dr.Web CureIt: 89, 46%; Kaspersky Security Cloud: 96, 49%; MalwareBytes: 56, 02%.

Then a firewall test was conducted, during which a security testing program was launched, which checked the correctness of the firewall software. The firewall test involved analyzing a set of rules, which is the process of checking manual rules in a firewall. During testing, the program tried to penetrate through ports using certain network protocols to gain access to banking data. After the program was completed, a report was generated indicating the ports and protocols vulnerable in the network. Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and money transfer protocol (MTP) were tested (Akanji et al., 2012). This process was designed to completely check all open ports on the network, which can be several thousand ports. As a result, the number of used ports scanned by each firewall was obtained: Avast: 863; PeerBlock: 874; pfSense: 812; XG Firewall Business: 844; ZoneAlarm: 930.

The third step was testing tools to prevent network attacks. During the inspection, controlled penetrations were carried out in order to verify the completeness and reliability of the intrusion report. The detectors collected event data and used various metrics to determine that the analyzed activity deviated from normal. 10 controlled attacks were carried out by 5 different methods used in attacks on remote bank payment systems. Each of the tools counted the number of unauthorized login attempts. Then it was calculated how many times out of 10 the tools were able to interrupt the interception of access to mobile banking. The following results were observed: Positive Technologies: 9; UserGate: 7; Smart-Soft: 7; Cisco: 9; InfoWatch: 8.

In the final part of the observation stage, a test procedure was carried out to compare the work of vulnerability scanners of e-commerce sites. Previously prepared necessary test content for functional verification of all technical requirements contained various vulnerabilities. The entire class of equivalent vulnerabilities that can be found in the test site was considered as one vulnerability. Scanners with the selected settings were launched on the tested site and a set of functional tests was passed. Next, the web objects found by the scanner (unique links, vulnerabilities, attack vectors, etc.) were calculated and classified. As a result of observations, the following data on the number of identified vulnerabilities were obtained: OpenVAS Vulnerability Scanner: 75, 20%; F-Secure Radar: 79, 27%; Astra: 94, 24%; W9scan: 88, 46%; Sn1per: 90, 14%.

Data Analysis

All the selected tools showed a fairly high level of protection. The first position in the rating is occupied by Kaspersky Security Cloud and ZoneAlarm, the results of which are 96, 49% and 930, respectively. The second position in the rating is occupied by both Avast products that have shown high results. The antivirus software MalwareBytes and OpenVAS Vulnerability Scanner were the last in the ranking and the least effective: their results did not reach 80%. Thus, four levels of control were identified; then the programs and tools involved in the study were distributed among them. Focusing on software and hardware, three main levels of protection can be distinguished. The tools of the first level cope with the search and destruction of known viruses. Second-level programs are successfully working with the search and destruction of unknown viruses, and blocking the manifestation of viruses is a built-in function of the third level of protection.

With the search and destruction of known viruses, it is best possible to cope with using the scanning method. It consists in detecting computer viruses by their unique fragment of program code (signature, program strain). To do this, F-Secure Radar, Astra, W9scan and Sn1per have successfully created some scanning database with code fragments of known computer viruses. Virus detection was carried out by them by comparing the data in the computer’s memory with the fixed codes of the scanning database. Astra and Sn1per were the most successful in identifying and identifying the code of the new virus. They entered the largest number of virus signatures into the scan database. The peculiarity of F-Secure Radar was that it was possible to correctly restore and disinfect infected areas of the electronic payment system. The following feature of W9scan should be noted: the application system does not store the signatures themselves, but checksums or signature extensions. The identified shortcomings of the first-level tools (in particular, scanners) were attributed to the fact that they allow detecting viruses that have already penetrated computer systems, have been studied and a signature has been determined for them. For their effective operation, it is necessary to promptly replenish the scanning database.

Detection and elimination of unknown viruses are necessary to protect against viruses missed at the first level of antivirus protection. The most effective method is system integrity monitoring (change detection), which most of the tools present in this study work with. Both antiviruses and firewalls were able to successfully check and compare the current parameters of the computing system with the reference ones corresponding to its uninfected state. 80% of the studied tools successfully ensured the protection of the information resource from unauthorized modification and deletion as a result of various kinds of illegitimate influences, and failures of the system and environment. Therefore, all tools to prevent network attacks (Positive Technologies, UserGate, Smart-Soft, Cisco and InfoWatch) coped with their task at about the same level, which allows them to be attributed to the second level. In addition, without exception, all antiviruses and brandmasters also coped with the above-mentioned tasks of the second level.

The highest level of protection, consisting in blocking the manifestation of viruses and protection against destructive actions and reproduction of computer viruses, which managed to overcome the first two levels of protection, can be attributed to more than half of the studied antiviruses and firewalls. The methods of Avast, Dr.Web CureIt and Kaspersky Security Cloud antiviruses, as well as Avast, PeerBlock, XG Firewall Business and ZoneAlarm firewalls are based on the interception of virus-specific functions. Dr.Web CureIt and XG Firewall Business work on the principle of filter programs, so they are slightly less effective than other tools that work as hardware controls. When working in global public networks (in particular, when receiving payment from customers), third-level security programs performed antivirus control of all passing traffic. It could be carried out in various ways: by implementing an antivirus proxy server or by integrating an antivirus component with a firewall. The disadvantages of these controllers include the lack of an autoconfiguration system. As a result, there is a possibility of conflicts with other system programs, including other safety protection tools.

Summary

The chapter on procedures and methodology began with an introduction outlining the intended purpose of the research. The background of the complexity of the processes is provided during which the operation of tools to ensure the confidentiality of personal data of the client and the seller will be measured and tested. After the introduction, the research project design was presented. This section contains a description of research methods and algorithms for solving the tasks set in the paper. In addition, it also includes a description of the organization and content of the study: research procedures, and criteria for evaluating the results of the study that will be used.

Then follows a description of sampling procedures necessary for analyzing the quality of research objects, determining their properties by reliability indicators. It describes how the selected samples will present the analyzed composition indicators for the current period of time with the most possible completeness. In addition, the main requirements for sampling used when writing paper are argued. After the description of the sampling procedure, data collection sources are presented. Since the statistical method is used in this work, the proposed process of direct observation is given. The methods of measurement and counting, according to which the registration of the studied units is carried out, are explained. In addition, this section contains details about a documented observation involving obtaining information based on an analysis of the literature.

Then followed a description of a formalized interview with open questions conducted with security specialists in the field of e-commerce. The mandatory plan of the interview, the sequence of questions and their formulations in an open form were described. The answer options and the principles of dividing the interviewees into groups were normalized. In addition to interviews, such a method of collecting primary information as a survey of e-commerce business leaders was also used. It provided for a written appeal to a set of people (respondents) using information security tools in their application or on their website. It was also determined how the statistical processing and interpretation of the responses received would be carried out.

The next part of the third chapter was the collection of theoretical information about the phenomena and processes of data protection using documentary sources. Information from the documents was extracted and recorded, which was later used to study the research problem. The subject of the analysis of the documents included such characteristics and properties of the security content in the field of electronic commerce as the main criteria for assessing the level of protection of bank data.

The study presents four focus groups, the first of which is antivirus software. The five most common antivirus software for the installation of information security of IT infrastructure in the corporate e-commerce sector are described. Then follows a focus group of five firewalls, recognized during the interview as the most powerful means of traffic control. The general functions performed by the firewalls involved in this paper are described. The tactics and advantages of each of the five presented software are described.

The importance of using tools for preventing network attacks in corporate networks has appeared for a long time, and therefore five similar programs are included in the third focus group. The article names the manufacturers that were identified by the interview participants as the most effective. In addition, the interview participants confirmed that data leakage occurs more often than money theft. This demonstrates the fact that The diamond fraud theory modifies the motivation factor for offline scammers.Small details are provided about how a particular program copes with bypass methods, and a brief description of attack prevention systems. One of the most important stages of ensuring information security is the identification of potential risks. Therefore, based on the responses of the interviewed IT specialists, a focus group of five scanners of potential vulnerabilities was compiled. A small summary of each of the network scanners has also been prepared, describing the tasks they are aimed at solving.

Further observations on the testing of the selected programs were presented. The process of checking each of the focus groups is described, and the obtained indicators are given. This section presents all the statistical data received during the work with the four categories of protection. In the final part of the third chapter, an analysis of the data obtained during the observation of testing was carried out. Despite the fact that many of the selected programs showed a very high, third level of data security protection, none of them turned out to be 100% effective. In this connection, it can be concluded that it is most reliable to combine several bank data protection programs at once.

References

Abdi, A., & Singh, G. (2020). Opportunities and challenges of implementation of peer-to-peer block chain technology in the higher educational institutions. International Journal of Engineering Research & Technology, 9(5), 348-358. doi: 10.5860/crl.81.1.43

Abideen, M. Z., Saleem, S., & Ejaz, M. (2019). Advanced data security and its applications in multimedia for secure communication. Security and Communication Network, 9(15), 312-316. doi: 10.1155/2019/7924690

Akanji, O. S., Abisoye, O. A., & Iliyasu, M. A. (2021). Mitigating slow hypertext transfer protocol distributed denial of service attacks in software defined networks. Journal of Information and Communication Technology, 20(3), 277-304. doi: 10.32890/jict2021.20.3.1

Alfarsi, G., Tawafak, R. M., Alsidiri, A., Jabbar, J., Malik, S. I., & Alsinani, M. (2019). Using Cisco packet tracer to simulate smart home. International Journal of Engineering Research & Technology, 8(12), 670-674. doi: 10.1007/s10586-017-1298-1

Ali, N. I., Samsuri, S., Seman, M. A., Brohi, I. A., & Shah, A. (2018). Cybercrime an emerging challenge for internet users: An overview. Sindh University Research Journal: Science Series, 50(3D), 55-58. doi: 10.1016/j.procs.2015.08.443

Anlei, W., Zhaoshun, W., & Shuwang, L. (2020). A fast-single pattern matching algorithm of next generation firewall. International Journal of New Developments in Engineering and Society, 4(1), 33-40. doi: 10.25236/IJNDES.040106

Arefin, T., Uddin, R., Evan, N. A., & Alam, R. (2020). Enterprise network: Security enhancement and policy management using next-generation firewall (NGFW). Computer Networks and ISDN systems, 25(5), 280-310. doi: 10.29145/sir/22/020204

Baldassarre, M. T., Barletta, V. S., Caivano, D., & Scalera, M. (2020). Integrating security and privacy in software development. Software Quality Journal, 28(14), 987-1018. doi: 10.1007/s11219-020-09501-6

Bavel, R. V., Rodríguez-Priego, N., Vila, J., & Briggs, P. (2019). Using protection motivation theory in the design of nudges to improve online security behavior. International Journal of Human-Computer Studies, 123(6), 29-39. doi: 10.1016/j.ijhcs.2018.11.003

Becerril, A. (2018). The value of our personal data in the Big Data and the Internet of all Things Era. Advances in Distributed Computing and Artificial Intelligence Journal Regular Issue, 7(2), 71-80. doi: 10.14201/ADCAIJ2018727180

Bertrand, Y., Boudaoud, K., & Riveill, R. (2020). What do you think about your company’s leaks? A survey on end-users perception toward data leakage mechanisms. Frontiers in Big Data, 8(5), 1-13. doi: 10.3389/fdata.2020.568257

Clifford, D., & Ausloos, J. (2018). Data protection and the role of fairness. Yearbook of European Law, 37(6), 130-187. doi: 10.1093/yel/yey004

Deng, M. I. (2019). Regulation and protection of personal data in the context of big data. Journal of Beijing University of Posts and Telecom, 21(1), 19-25. doi: 1019722/jcnki1008772920180176

Dissanayaka, A. M., Mengel, S., Gittner, L., & Khan, H. (2020). Security assurance of MongoDB in singularity LXCs: An elastic and convenient testbed using Linux containers to explore vulnerabilities. Cluster Computing, 23(2), 1955-1971. doi: 10.1007/s10586-017-1511-2

Dmitriev, D. D. (2020). Software and hardware complex for the development and research of methods for broadband access to multimedia resources and the Internet. Journal of Physics: Conference Series, 5(15), 1-7. doi: 10.1088/1742-6596/1515/3/032041

Eslamkhah, M., & Seno, S. A. (2019). Identifying and ranking knowledge management tools and techniques affecting organizational information security improvement. Knowledge Management Research & Practice, 26(3), 1-30. doi: 10.1080/14778238.2019.1599495

Fabiano, N. (2019). Ethics and the Protection of Personal Data. Systemics, cybernetics and informatics, 17(2), 58-64. doi: 10.1145/3309772.3309787

Ghanem, M. C., & Chen, T. M. (2019). Reinforcement learning for efficient network penetration testing. Information, 11(6), 1-23. doi: 10.3390/info11010006

Guzairov, M., Gvozdev, V., Davlieva, A., & Teslenko, V. (2018). Analysis of properties hardware-software system in efficiency index under uncertainty component structures. Advances in Intelligent Systems Research, 6(4), 19-25. doi: 10.2991/iwci-18.2018.13

Harvey, L. A. (2018). REDCap: Web-based software for all types of data storage and collection. Spinal Cord, 56(625), 1282 -1288. doi: 10.1038/s41393-018-0169-9

Hirsch, P.B. (2018). The goose that laid the golden eggs: personal data and the Internet of Things. Journal of Business Strategy, 40(1), 48-52. doi: 10.1108/JBS-10-2018-0176

Hou, H., Yua, J., & Hao, R. (2019). Cloud storage auditing with deduplication supporting different security levels according to data popularity. Journal of Network and Computer Applications, 134(4), 26-39. doi: 10.1016/j.jnca.2019.02.015

Iavich, M., Gnatyuk, S., Iashvili, G., & Fesenko, A. (2019). Cyber security European standards in business. Scientific and Practical Cyber Security Journal, 3(2), 36-39. doi: 10.1007/s11042-016-3495-y

Ivanov, V., Reznik, A., & Succi, G. (2018). Comparing the reliability of software systems: A case study on mobile operating systems. Information Sciences, 423(4), 398-411. doi: 10.1016/j.ins.2017.08.079

Kamalieva, L. A., Kazakova, I. A., Nikonovich, S. L., Goncharov, V. V., & Livson, M. (2020). Improving information security: Criminal-legal means of counteracting digital data leakage. Laplage em Revista, 6(1), 222-229. doi: 10.24115/S2446-622020206

Kaplan, D. E., & Rajendran, S. (2019). Firewalls in general relativity. Physical Review, 99(4), 1-8. doi: 10.1103/PhysRevD.99.044033

Karantzas, G., & Patsakis, C. (2021). An empirical assessment of endpoint detection and response systems against advanced persistent threats attack vectors. Journal of Cybersecurity and Privacy, 1(6), 387-421. doi: 10.3390/jcp1030021

Kim, Y., Wang, Q., & Roh, T. (2021). Do information and service quality affect perceived privacy protection, satisfaction, and loyalty? Evidence from a Chinese O2O-based mobile shopping application. Telematics and Informatics, 56(39), 568-575. doi: 10.1016/j.tele.2020.101483

Kodapanakkal, R. I., Brandt, M. J., Kogler, C., & Beest, I. V. (2020). Self-interest and data protection drive the adoption and moral acceptability of big data technologies: A conjoint analysis approach. Computers in Human Behavior, 108(2), 10-16. doi: 10.1016/j.chb.2020.106303

Kuner, C., Cate, F. H., Lynskey, O., Millard, C., Loideain, N. N., & Svantesson, D. J. (2018). Expanding the artificial intelligence-data protection debate. International Data Privacy Law, 8(4), 289-292. doi: 10.1093/idpl/ipy024

Kurpayanidi, K. I. (2019). Theoretical basis of management of innovative activity of industrial corporation. International Scientific Journal of Theoretical & Applied Science, 69(1), 7-14. doi: 10.15863/TAS

Laptiev, O., Savchenko, V., Kotenko, A., Akhramovych, V., & Samosyuk, V. (2021). Method of determining trust and protection of personal data in social networks. International Journal of Communication Networks and Information Security, 13(1), 15-21. doi: 10.54039/ijcnis.v13i2.5034

Latchoumi, T. P., Reddy, M. S., & Balamurugan, K. (2020). Applied machine learning predictive analytics to SQL injection attack detection and prevention. European Journal of Molecular & Clinical Medicine, 7(2), 3543 – 3553. doi: 10.23919/INM.2017.7987433

Li, X., Wang, L., Xin, Y., Yang, Y., & Chen, Y. (2020). Automated vulnerability detection in source code using minimum intermediate representation learning. Applied Sciences, 10(16), 1-16. doi: 10.3390/app10051692

Li, Y., Cheng, J., Huang, J., Chen, Z., & Niu, W. (2021). NEDetector: Automatically extracting cybersecurity neologisms from hacker forums. Journal of Information Security and Applications, 169(58), 80-90. doi: 10.1016/j.jisa.2021.102784

Liu, S., Reviriego, P., Montuschi, P., & Lombardi, F. (2021). Less-is-Better Protection (LBP) for memory errors in kNNs classifiers. Future Generation Computer Systems, 117(22), 401-411. doi: 10.1016/j.future.2020.12.015

Mamonova, G., & Maidaniuk, N. (2020). Mathematical tools for the internet of things analysis. Cybernetics and Systems Analysis, 56(15), 621-627. doi: 10.1007/s10559-020-00279-w

Mariania, M. M., Styven, M. E., & Teulon, F. (2021). Explaining the intention to use digital personal data stores: An empirical study. Technological Forecasting and Social Change, 166(2), 12-16. doi: 10.1016/j.techfore.2021.120657

McIntosh, T., Jang-Jaccard, J., Watters, P., & Susnjak, T. (2019). Masquerade attacks against security software exclusion lists. Australian Journal of Intelligent Information Processing Systems, 16(4), 1-8. doi: 10.1007/978-3-030-66218-9

Mimura, M., & Tanaka, H. (2018). Leaving all proxy server logs to paragraph vector. Journal of Information Processing, 26(38), 804-812. doi: 10.4018/978-1-4666-5888-2

Morse, W. C., Cox, C., & Anderson, C. J. (2020). Using public participation geographic information systems (PPGIS) to identify valued landscapes vulnerable to sea level rise. Sustainability, 12(6), 1-34. doi: 10.3390/su121767

Movahedi, Y., Cukier, M., Andongabo, A., & Gashi, I. (2019). Cluster-based vulnerability assessment of operating systems and web browsers. Computing, 101(4), 139-160. doi: 10.1007/s00607-018-0663-0

Muliński, T. (2020). ICT security in tax administration – Rapid7 Nexpose vulnerability analysis. Studia Informatica: Systems and Information Technology, 2(24), 37-51. doi: 10.34739/si.2020.24.03

Muzammil, A. C., & Nandan, R. (2019). Comparative analysis of packet filtering firewall. International Journal of Scientific Research in Computer Science Applications and Management Studies, 8(5), 1-4. doi: 10.5334/dsj-2018-032

Nirmal, K., Janet, B., & Kumar, R. (2021). Analyzing and eliminating phishing threats in IoT, network and other Web applications using iterative intersection. Peer-to-Peer Networking and Applications, 14(4), 2327-2329. doi: 10.1007/s12083-020-00944-z

Noeiaghdam, S. (2019). A novel technique to solve the modified epidemiological model of computer viruses. SeMA Journal, 76(8), 97-108. doi: 10.1007/s40324-018-0163-3

Norbekov, J. (2020). Ensuring information security as an ideological problem. Mental Enlightenment Scientific-Methodological Journal, 1(39), 56-65. doi: 10.1002/ett.3815

Nurhayati, A. (2019). Mapping perception of consumer antivirus software with multidimensional scaling method. Journal on Computer Science and Information Technologies, 4(3), 91-95. doi: 10.11591/APTIKOM.J.CSIT.13

Panchekha, P., Ernst, M. D., Tatlock, Z., & Kamil, S. (2019). Modular verification of web page layout. PROC Acm. Programming Language, 3(151), 1-26. doi: 10.1145/3360577

Park, S. (2019). Software requirement specification based on a gray box for embedded systems: A case study of a mobile phone camera sensor controller. Computers, 8(20), 1-11. doi: 10.3390/computers801002

Pisula, A. (2019). Enigma software group USA. Federal Communications Law Journal, 72(2), 272-275. doi: 10.1109/VTCSpring.2015.7146058

Pérez-González, C. J., Colebrook, M., Roda-García, J. L., & Rosa-Remedios, B. (2019). Developing a data analytics platform to support decision making in emergency and security management. Expert Systems with Applications, 120(7), 167-184. doi: 10.1016/j.eswa.2018.11.023

Shabalin, A. M., & Kaliberda, E. A. (2020). Building a virtual model for corporate information protection using InfoWatch traffic monitor system. Proceedings in Cybernetics, 67(1), 35-42. doi: 10.34822/1999-7604-2020-1-35-42

Shah, H., & Comissiong, D. M. (2021). Computer virus model with stealth viruses and antivirus renewal in a network with fast infectors. SN Computer Science, 407(3), 34-39. doi: 10.1007/s42979-021-00780-9

Shedid, M., Abdelmonem, M., Boraik, A., Elmetwalli, A., & Hassan, D. (2019). Safety parameters throughout the first month of direct-acting antivirus. American Journal of Technologies, 152(1), 16-19. doi: 10.1016/j.jss.2020.110609

Sing, P., & Kottath, R. (2021). An ensemble approach to meta-heuristic algorithms: Comparative analysis and its applications. Computers & Industrial Engineering, 162(48), 1-13. doi: 10.1016/j.cie.2021.107739

Singh, H., & Kumar, A. (2018). A review on Windows update, security patch and issues. International Journal of Emerging Technologies and Innovative Research, 5(10), 701-712. doi: 10.5120/ijca2015907209

Sodhi, H. S. (2020). An investigation for prioritizing industry 4.0 tools using analytic hierarchy process. International Journal of Advance Science and Technology, 29(10S), 5619-5629. doi: 10.1016/j.jisa.2021.102752

Stoynov, S., & Nikolov, B. (2021). Approach to SHIP’S IT and OT systems cybersecurity improvement. Pedagogika-Pedagogy, 93(7s), 185-196. doi: 10.53656/ped21-7s.16appr

Sun, W., Cai, Z., Li, Y., Liu, F., Fang, S., & Wang, G. (2018). Data processing and text mining technologies on electronic medical records: A review. Journal of Healthcare Engineering, 14(3), 1-9. doi: 10.1155/2018/4302425

Taylor, R. D. (2020). “Data localization”: The internet in the balance. Telecommunications Policy, 44(8), 132-135. doi: 10.1016/j.telpol.2020.102003

Tchernykha, A., Babenko, M., Chervyakov, N., Miranda-López, V., Kuchukov, V., Cortés-Mendoza, J., & Deryabin, M. (2018). AC-RRNS: Anti -collusion secured data sharing scheme for cloud storage. International Journal of Approximate Reasoning, 45(4), 1-16. doi: 10.1108/ILDS-07-2016-0026

Torten, R., Reaiche, C., & Boyle, S. (2018). The impact of security awareness on information technology professionals’ behavior. Computers & Security, 79(4), 68-79. doi: 10.1016/j.cose.2018.08.007

Uchenna, C. C., Roslee, M. B., & Nmenme, P. U. (2018). Android anti-virus system for malware mutation in networking. Engineering International, 6(2), 63-78. doi: 10.1007/978-3-319-39510-4_25

Wada, I., Dawakinkudu, A. M., & Saka, K. A. (2021). Usability and challenges of pfSense deployed for management of library networks, servers and users in State University of Science and Technology, Wudil. Jewel Journal of Librarianship, 16(3), 71-90. doi: 10.1016/j.acalib.2019.01.001

Wagner, J. (2018). The transfer of personal data to third countries under the GDPR: When does a recipient country provide an adequate level of protection? International Data Privacy Law, 8(4), 318-337. doi: 10.1093/idpl/ipy008

Walters, R., Zeller, B., & Trakman, L. (2018). Personal data law and competition law: Where is it heading? UNSW Law Research Journal, 18(73), 1-20. doi: 10.2139/ssrn.3275832

Wang, X., Continella, A., Yang, Y., He, Y., & Zhu, S. (2019). Leakdoctor: Toward automatically diagnosing privacy leaks in mobile applications. Proceedings of the ACM on Interactive Mobile Wearable and Wearable Ubiquitous Technologies, 3(28), 1-25. doi: 10.1145/3314415

Wang, Y., Xu, G., Liu, X., Mao, W., Si, C., Pedrycz, W., & Wang, W. (2020). Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic analysis. Journal of Systems and Software, 167(4), 16-19. doi: 10.1016/j.jss.2020.110609

Whitty, M. T. (2019). Predicting susceptibility to cyber-fraud victimhood. Journal of Financial Crime, 26(1), 277-292. doi: 10.1108/JFC-10-2017-0095

Wilis, R. A., & Nurwulandari, A. (2020). The effect of e-service quality, e-trust, price and brand image towards e-satisfaction and its impact on e-loyalty of Traveloka’s customer. Jurnal Ilmiah Manajemen, Ekonomi, dan Akuntansi, 4(3), 1061-1099. doi: 10.1016/j.apmrv.2015.03.005

Wilson, D., Roman, E., & Beierly, I. (2018). PCI DSS and card brands: Standards, compliance and enforcement. Cyber Security: A Peer-Reviewed Journal, 2(1), 73-82. doi: 10.1145/3314415

Yartey, D., Omojola, O., Amodu, L., Ndubueze, N., Adeyeye, B., & Adesina, E. (2021). Personal data collection and usage for mobile marketing: Customer awareness and perception. WSEAS Transactions on Business and Economics, 18(5), 42-50. doi: 10.37394/23207.2021.18.5

Zadereyko, O. V., Trofymenko, O. G., & Loginova, N. I. (2019). Algorithm of user’s personal data protection against data leaks in Windows 10 OS. Informatics, Control, Measurement in Economy and Environmental Protection, 1(5), 41-44. doi: 10.5604/01.3001.0013.0905

Zeng, W., Bashir, R., Wood, T., Siewe, F., Janicke, H., & Wagner, I. (2020). How location-aware access control affects user privacy and security in cloud computing systems. EAI Endorsed Transactions on Cloud Systems, 6(18), 1-11. doi: 10.4108/eai.13-7-2018.165236

The Problem of the Identity Theft

Introduction

The Internet and other emerging technologies have revolutionized the way people, government departments, and corporations pursue their goals. More individuals are relying on such innovations to engage in activities that can generate income. However, hackers, phishers, and cyber-terrorists are relying on these advancements to engage in criminal behaviors. One of the outstanding challenges affecting many stakeholders in different parts of the world is that of identity theft. This discussion examines this problem, why people need to remain worried, and the most appropriate mitigation strategies.

Defining Identity Theft

The forces of innovation, globalization, and immigration have presented additional challenges that individuals and government agencies should not ignore. Identity theft is a unique problem that is presently affecting the experiences and goals of many individuals in different parts of the world. Sovern identifies it as “the appropriation of someone else’s identity to commit fraud or theft” (223). This kind of consumer predicament is linked to the loss and use of another person’s information to impersonate. Most of the victims will end up losing their savings and even be featured in pornographic materials and fake news. The offenders tend to have diverse expectations and goals, such as the desire to commit fraud, damage another individual’s image, or steal funds.

Information technology (IT) specialists have presented phishing as a new form of identity theft. Stafford indicates that the malpractice usually takes people when hackers send fraudulent e-mails to different Internet users and subscribers impersonating merchants, banks, and Internet service providers (202). The primary aim is to steal confidential financial data (Stafford 202). Individuals should be aware of all forms of attacks and understand how they can affect their experiences. The seriousness of this predicament, therefore, explains why different stakeholders have been on the frontline to address it and protect more unsuspecting customers and citizens.

Why People Should Remain Worried

The issues associated with identity theft explain why citizens should be worried and consider evidence-based ways to protect themselves against any form of abuse or defamation. Several case studies and scenarios have emerged in the recent past that highlight the dangers of this malpractice. For instance, Stafford reveals how a student realized that someone had succeeded in renting an apartment in the same city under his name (201). Another individual had also realized with shock that another person had accessed and used his credit cards to view pornographic content on the Internet (Stafford 201). Within the past two decades, the media has reported numerous cases whereby unsuspecting people had lost their identities under unfamiliar circumstances (Stafford 201). These cases reveal that identity theft is a major problem that is capable of affecting any individual irrespective of financial status, age, and gender.

This malicious act continues to remain troublesome since the Internet is available to more people than ever before. A report by the FTC in 2003 revealed that around 9.9 people had become victims of this problem within the last 12 months (Stafford 201). Consumers whose visas and information had fallen in the hands of phishers had recorded losses “estimated at $5 billion” (Stafford 201). Additionally, the report indicated that many citizens would spend around 30 hours trying to analyze and solve some of the issues arising from identity theft (Stafford 202). These observations indicate that the consequences and predicaments associated with this form of malpractice will continue to grow.

Established corporations, emerging firms, and government agencies are relying on interconnected systems that are intended to transform the level of information sharing. Individuals will receive paperwork and digital tools that can guide them to pursue their aims. Unfortunately, most of these resources and systems tend to increase the risk for identity theft. The globe has become a small village whereby people are capable of communicating instantly, sharing information, and engaging in strategies that can promote economic performance (Sovern 235). These developments present additional loopholes and opportunities for individuals with negative intentions to pursue their goals.

The issues many people experienced before the end of the 20th led to new strategies to deal with this security threat. For example, the government passed the Identity Theft and Assumption Deterrence Act (ITAD) that redefined identity theft as a serious offense that would attract legal proceedings in 1998 (Stafford 201). In 2003, Present Bush went further to sign the Fair and Accurate Credit Transaction Act of 2003 (FACTA) to make it a law (Stafford 201). The purpose of this legislation was to protect all users of consumers relying on credit cards to complete their transactions successfully. More people were also willing to get credit card numbers. The policy requires merchants and businesspeople to omit some of the credit cards digits printed on the issued receipts. These decisions explain why all citizens in the United States and across the globe should be worried about the problems of identity theft.

Protecting Personal Identity from Theft

Scholars and researchers have presented various initiatives that individuals and organizations can consider to protect themselves against any form of identity theft. The first one could entail the use of purely online bill processing and banking processes. This initiative is capable of minimizing the chances of attacks since hackers and criminals will be unable to access paper trails (Stafford 202). Due to the nature of digital processing, specialists and technicians will be in a position to identity actions that are suspicious and capable of affecting the integrity of a person’s credit card or banking information.

Corporations can cooperate with different agencies, citizens, and departments to identify possible sources of threats and mitigate them accordingly. Stafford explains how a report by the Federal Trade Commission supported cooperation as a powerful strategy that was capable of fighting some of the challenges associated with identity theft (203). The concept of teamwork allows government groups, government departments, and business entities to form teams that can combat this challenge efficiently. This initiative has worked effectively in the past to address the predicament and take more people closer to their goals.

Prudent customers have a role to play if they are to address this issue. Such stakeholders can engage in activities that make it easier for them to preserve their documents and identities. They can achieve their aim by ensuring that their credit cards and documents are inaccessible to unauthorized persons. Banks and other financial agencies should be part of the process and provide timely instructions to their clients (Sovern 236). These coordinated efforts will reduce the risks of phishing and identity theft. Additionally, citizens should be keen to identify spam e-mails and avoiding opening them since they usually contain suspicious malware and viruses intended to capture or steal confidential information. This strategy will make it easier for more people to deal with this problem at a personal level and eventually protect themselves against any form of attack.

New suggestions have emerged in the past that can support the ongoing fight against identity theft. For instance, Sovern argues that Congress should employ a strategy that is flexible and capable of involving all key partners (239). This move means that lenders and credit bureaus should be liable for any form of identity theft. These stakeholders should also be on the frontline to identify evidence-based measures to prevent this malpractice. Actors in the credit card industry can go further to implement powerful mechanisms to improve the level of security. Such an initiative will ensure that all customers receive additional instructions to improve the level of security (Sovern 238). Finally, users of the Internet, social media platforms, and websites should avoiding visiting suspicious links and sites that might contain harmful content. The inclusion of anti-viruses and firewalls will minimize the possibility of identity theft and minimize the challenges associated with this malpractice.

Conclusion

The above discussion has identified identity theft as a major security concern that is associated with numerous challenges, such as loss of financial resources and defamation. Individuals should be concerned about this malpractice because I can affect their life experiences and achievements. The problems associated with it explain why all key stakeholders should collaborate and find evidence-based solutions to minimize chances of identity theft. Citizens can benefit from additional instructions and ideas intended to protect their browsing experiences and credit cards. The combination of these measures will reduce the possibilities of this malpractice and safeguard people’s confidential data.

Works Cited

Sovern, Jeff. “Stopping Identity Theft.” The Journal of Consumer Affairs, vol. 38, no. 2, 2004, pp. 233-243.

Stafford, Marla R. “Identity Theft: Laws, Crimes, and Victims.” The Journal of Consumer Affairs, vol. 38, no. 2, 2004, pp. 201-203.

The New Kinds of Identity Theft

Identity theft is defined as the acquisition of a person’s financial and personal information without his or her permission for a criminal’s benefits. This means that names, surnames, Social Security numbers, addresses, bank account or credit card numbers, and the account numbers of medical insurance may be stolen. They are traditionally used for buying things, stealing tax refunds, receiving health care, getting new credit cards, and opening gas, electricity, or phone accounts in a victim’s name. According to a 2019 Internet Security Threat Report prepared by Symantec, 1 in 10 people currently become victims of identity theft every year, while 21% of them have been victimized more than one time (Steinberg par. 1). At the same time, this issue will be more disturbing in the future as criminals are constantly discovering stealthier and more efficient ways of fraud.

Although the tendencies of identity theft cannot be clearly predicted, it goes without saying that they will be directly connected with technologies due to their constant development. From a personal perspective, new kinds of identity fraud will refer to information acquisition through mobile phones and tablets and high-quality copying of the company’s websites that deal with purchasing. In the present day, identity theft with the use of public USB charging stations and wi-fi, software, spyware, and specific applications may be already observed, and in the future, these methods will be developing. In addition, the education sector and medical industry will be more affected by cyberattacks as success, in this case, will result in the acquisition of considerable amounts of personal information.

Finally, in the future, it will be necessary to deal with the consequences of current identity thieves, especially child identity thieves, in combination with synthetic ones. In other words, fraudsters may open credit accounts in children’s names undetected, combining fake and real information. As the majority of children under sixteen years old do not have credit reports, criminals’ activity may remain unknown until victims apply for a job or a student loan.

Work Cited

Steinberg, Scott. “The Latest Ways Identity Thieves Are Targeting You — and What to Do if You Are a Victim.” CNBC, 2020, Web.

Identity Theft and Protective Tactics for Children

Summary

Identity theft is a serious issue that affects millions of people worldwide. While it is not a new concept, the progressively increasing use of the Internet and global digitalization have created additional risks. Identity theft is described as the malicious use of personal information by another individual (Irshad & Soomro, 2018). According to the Internet Crime Report of 2016, in the US alone, identity theft is responsible for the loss of over 50 million US dollars (Soomro & Hussain, 2019). In 2017, 17 636 individuals self-reported being victims of identity theft (Soomro & Hussain, 2019). While identity fraud affects many people financially, the mental and emotional sides of such crimes are often overlooked.

Today, social media such as Snapchat, Instagram, and TikTok are largely focused on adolescents are their primary users. Although many websites and Apps require a minimum age to register, there is often no age verification that ensures the users are, in fact, above the age cut-off. Therefore, there are many potentially easily influenced and naïve young users that are prone to identity theft and other cyber-crimes.

Problem Statement

While identity theft is a vast issue that consists of many intricacies and variations, this research project focuses on social media. Furthermore, as mentioned in the introduction, adolescents are likely to use social media often with no parental supervision and are particularly prone to cyber crimes due to naivety. Therefore, the problem that is to be researched in this project is the possible protective tactics against identity theft targeted at children and adolescents. Since younger individuals are more likely to be affected by such crimes mentally in the long term as well as short term, it is vital to implement preventive and corrective tactics.

Relevance and Significance

As technology advances worldwide, children and adolescents today have increasingly more access to not only phones and tablets but social media and the Internet. Although there are many advantages to being more adept at using such technology in the digitalized world, the many downsides include cybercrime, such as identity theft. On the Internet, identity theft can take a number of forms, including catfishing, financial gain, and privacy invasion.

Research Plan

Data to be Used

Since identity theft, alongside other cyber crimes, is a serious and prominent issue, there are many statistics available online that can be used for consideration of the scope of the problem. Furthermore, there are various preventive tactics that have been discussed in previous papers, such as in Soomro and Hussain’s paper (2019). Other sources to be used include Ahmad and colleagues’ advisory paper for parental awareness on cyber threats (2019) and the advice given by the Federal Trade Commission (“Report identity theft and get a recovery plan,” n.d.). Furthermore, research on the detection of identity fraud using behavioral semantics by Wang, Yang, and Luo (2017) will be used. The variety of sources included in the research, although focused on the US and children and adolescents, allows for a broader scope of the problem consideration.

Analyzing the Data

Analysis of the data will be conducted by comparing the different methods offered by previous studies and their effectiveness. Furthermore, various new solutions will be discussed in the further parts of the paper, which will integrate parts from previous research. Although it is difficult to create a rubric that would assess the effectiveness of the programs and tactics, the main objective metric considers the satisfaction level of those affected directly.

How Data and Analytics Answer the Question

The data, both statistical and tactical, will be used to determine the best plans of action in the case of identity theft and for its prevention. Since it might not always be possible to prevent the scam from occurring, it is important to consider not only avoidance tactics but how to deal with the consequences of identity theft. This research paper aims to be educational for parents and other individuals so as to minimize the risks for children and adolescents on the Internet.

Summary of Ethical Issues

Firstly, since the research is concerned with mostly underage children and adolescents and their personal information, it might be ethically problematic to gather sufficient information. Furthermore, it is unlikely that the tactics can be tested, hence the research must rely primarily on secondary sources. Lastly, it is unclear how the effectiveness of the tactics can be measured and whether it can be measured objectively and fairly.

Limitations of Research

As mentioned above, there is little to no age verification on social media and other Internet websites today. Therefore, it can be difficult to track every single user and their demographic, meaning that the study of frequency, type, and effects of identity theft in children and adolescents might be compromised. Furthermore, many incidents of identity theft, especially those that do not end up in a financial loss, might not be reported for various reasons. Lastly, since technological advances are happening at a rapid speed, it is difficult to compare and study the long-term effects and consequences of virtual identity theft. Some of the data available might be outdated already, therefore, there is a possible lack of sufficient information.

References

Ahmad, N., Arifin, A., Asma’Mokhtar, U., Hood, Z., Tiun, S., & Jambari, D. I. (2019). Parental awareness on cyber threats using social media. Jurnal Komunikasi: Malaysian Journal of Communication, 35(2).

Irshad, S. & Soomro, T. R. (2018). Identity theft and social media. International journal of computer science and network security, 18(1), 43-55.

(n.d.). Federal Trade Commission. Web.

Soomro, T. R. & Hussain, M. (2019). Social Media-Related Cybercrimes and Techniques for Their Prevention. Applied Computer Systems, 24(1), 9-17.

Wang, C., Yang, B., & Luo, J. (2017). Identity theft detection in mobile social networks using behavioral semantics. IEEE International Conference on Smart Computing, 1-3.

Identity Theft and Red Flags Rule in the US

According to “What Compliance Looks Like,” What 4 basic elements of the Red Flags Rule must one include in their Identity Theft Prevention Program?

For elements that must be included in the identity theft prevention program:

  1. Descriptions and features helping to identify suspicious operations and harmful activities that can be recognized as identity theft attempts and called Red Flags.
  2. Activities listed as red flags.
  3. Instructions explaining how to act after a red flag is detected.
  4. Improvements that are needed for the program to remain effective with the newly appearing threats.

Who must comply with the Red Flags Rule?

The Red Flags rule is designed for financial institutions and some of the creditors and only should be implemented in cases when covered accounts are detected.

What is a “financial institution?”

Financial institutions can be a state or federal credit union, savings, and loan association, a state, national, or mutual savings bank, or a person that, directly or indirectly, owns a transaction account that belongs to a client.

What is a “creditor?”

A creditor is a business or organization that defers payments and grants or arranges credits, can set the terms of credits, extend or renew them. A creditor also receives credit reports and provides finds for the clients who are obliged to repay later.

What is a “covered account?”

The Red Flags Rule is implemented when an organization or a business has covered accounts. The Red Flags Rule differentiates between two types of covered accounts. The first type includes consumer accounts created for personal purposes such as saving and checking accounts, mortgage or automobile loans. The second type includes any other counts that a creditor institution may hold, which can be under a risk of identity theft harmful for the customers of the institution; such accounts are a small business or sole proprietorship accounts.

What staff members must be trained?

To administer the program, the organization managers are to train the staff relevant to the practices covered by the Red Flags Rule. This means that all of the service providers who perform practices and tasks identified by the Rule (for example, operations involving granting and arranging credits) should be appropriately trained.

What are the penalties for non-compliance with the Red Flags Rule?

The responses to the non-compliance with the Red Flags Rule may include such actions as changing security codes and passwords of the affected accounts, contacting services such as law enforcement, notifying the customer of the account, checking the activities of the account for proofs of identity theft, closing the account altogether, reopening the affected account under a different number.

List 3 types of Identity Theft?

Three types of identity theft are:

  1. Tax-related identity theft (includes frauds with stolen social security numbers)
  2. Child identity theft (represents manipulations with stolen social security numbers of children)
  3. Medical identity theft (covers activities under stolen names or medical insurance numbers)

What can you do to help fight Identity Theft?

To help fight identity theft and to protect themselves, one must never reveal their security codes or passwords to strangers over the internet or phone. Besides, one must not open untrustworthy emails or be intimidated by them. Scammers may call the consumers, telling them they represent a certain financial institution and ask to confirm secret information and name. Whenever such accidents happen, the consumer must immediately report the numbers or emails of such scammers and inform the institution they pretend to work for. Moreover, the holders of accounts must often check the activities there to see if all the payments are correct.

When dealing with credit reports, how many consumer reporting companies are there and what are their phone numbers?

There are three main national credit reporting organizations. They are Experian (1 888 243 6951), TransUnion (877-322-8228) and Equifax (1-800-685-1111). These organizations provide one free credit report every year.

Criminal Law: Identity Theft

Introduction

As the information technology is making great strides and is expeditiously turning the world into an inter-networked village, it is also opening avenues for invasion of privacy. On of the various forms of pilferage of personal information is identity theft. This is perhaps one of the most heinous crimes arising due to the lapse of security and privacy particularly in the cyberspace. However, the crime of identity theft has been devastating the personal and the professional lives of many since the past several decades. This evil is increasingly rising with the passage of time especially with the electronic mode of communication.

California was the sole state to take the initiative of tackling the issue of identity theft. The state incorporated laws on the crime in its legislation. The law required the different organization keeping personal information of customers to be careful regarding when and how to use the data without any unnecessary disclosure. The other states followed the footsteps of California and implemented similar litigation on identity theft. (Schneier, 2006).

Critics argue that the crime of identity theft is fundamentally a serious offence of impersonation. The thief or the criminal obtains the personal information of the victim and impersonates himself to be him. The actual identity of the victim, if viewed in the literal sense, is not “stolen” rather it is all the relevant and confidential information of the unfortunate individual or individuals which is being misused (Schneier, 2006).

Elements of Identity Theft Under Historical Common Law

As the crime of identity theft is being committed since a long time, there were laws already in place to combat and reduce the crime. These legislative policies also determined the treatment to be meted out to the offenders as well as the victims. The laws traditionally dealt with the issues of impersonation. Later, more emphasis was placed on transfer of personal information among different state-owned and private organizations.

According to a survey conducted by Privacy and Human Rights (n.d), “Multi-media fuse many forms of transmission and expression of data and images so that information gathered in a certain form can be easily translated into other forms”. This is a source of pilferage of information. Data is more susceptible to get into wrong hands.

It is seen throughout history that California is a “trend-setter” in promulgating laws on the crime. The state has been a “first-adopter of new types of laws” which are promulgated later by other states of United States (Hirsch, 2007).

Under common law, the crime of identity theft was defined more as an offence of impersonation or fake identity. The clauses in the rulings were general compared to the clauses in the current state statute. The incidence of identity theft was not as common in the past although many individuals suffered a lot because of it and there are a number of popular cases based on identity theft in the state of California.

Elements of the Current State Statue for Identity Theft

There has been an increase in the number of cases of identity theft over the years. Therefore, more specific laws and rulings have been devised and promulgated. California has, as usual, been a pioneer in taking steps forward towards curbing the rising incidence of identity theft and has recently passed some newer and more specific laws on the crime.

The very infamous case of ChoicePoint in 2005 led to the promulgation of stringent laws on identity theft. The Federal Trade Commission fined ChoicePoint with $15 million “for a high profile security breach that occurred in 2005”. (Milewski, 2006). It is learnt from the case of ChoicePoint that “approach privacy and security compliance” is compulsory particularly for organizations which store personal information of customers or clients in large databases. The identity thieves have found more “sophisticated” means of spoofing into confidential personal data of customers and are very likely to cause them “damages” in the form of such as “class action litigation”, “stock price”, “reputation” and credibility (Hirsch, 2007).

Three main laws have been passed to protect the residents of California against identity theft. Two laws more specifically protect the personal information of people from being misused. The first law requires the organizations providing personal information of individuals to third parties must inform their concerned clients when doing so. The second law asserts those who feel vulnerable to identity theft have a right to order” freeze” of their personal information. When a “freeze” is implemented, the chances of identity theft are minimized to almost zero. (Sathish, 2006).

Change in Elements of Identity Theft from Historical Common to Current State Statute

Changes in laws on identity theft in California have been absolutely imperative. The case of ChoicePoint opened the eyes of policy makers and drawn their attention towards promulgation of stricter litigation. Providing protection to the public is a responsibility of, both, the law enforcing elements of state as well as the governmental and privately-owned organizations (Gerard, Hillison & Pacini, 2004).

The two new rulings have unambiguous clauses which are specific to the leakage of confidential and personal information of customers to third parties. Some organizations have been selling customer information to third parties.

Possible Reasons for Changes

The growing incidence of and the large-scale loss caused by identity theft has been a major driver of the change in the legislation. It is a positive step taken towards curbing identity theft and relieving the society of this evil crime.

The unobvious reasons could be related to the credibility of the state government and the organizations having personal information of customers. The state authorities might have felt that the society would start distrusting them for the kind of protection they provide and this would earn a bad name to the state in the eyes of the entire nation. The organizations would lose their customers and their loyalty. At the same time, their reputation and the financial worthiness of their assets and liabilities would be at stake.

Recommendations for New Changes in the Statute Based on Society’s Needs

As the business environment becomes increasingly competitive and the needs of the society change, there would come a time in the near future when the recently passed would have to be altered or new ones would have to be announced. With the growing virtual industry and several business transactions and dealings being carried out electronically, there is a rising chance of identity theft occurring. As the technology becomes more sophisticated and the world progresses, the evils in the society also increase. The threat of identity theft is among them. In order to prevent heinous crimes of identity theft, newer laws would have to be promulgated.

The laws recently announced can be made more specific by elaborating on under what conditions or circumstances can organizations pass on the personal information of customers to third parties. The customers or the society also has a responsibility to fulfill. The people should be careful when providing personal information and avoid public online platforms where such information can be viewed by globally without restriction. The customers should only provide information which is absolutely necessary.

Conclusion

The crime of identity theft is rising. It is causing great concern for the society and authorities. New, stringent laws have been passed to curb this evil. Organizations having customer data are accountable and responsible for the information they hold. They cannot pass on or sell information without the consent of the customers. The customers are custodians of their information and required in their best interest to provide only essential information.

References

Hirsch, Reece (2007). Overview of California Overview of California

Privacy Laws Privacy Laws.

Gerard, Gregory J., Hillison, William & Pacini, Carl (2004). Identity Theft: the US Legal Environment and Organisations’ Related Responsibilities. Journal of Financial Crime, 12(1), 33-43.

Milewski Jr., Anthony D. (2006). . Web.

Sathish, Phuspa. (2006). Congress Trying to Dilute Laws Against ID Theft. Web.

Schneier, Bruce. (2006). . Web.

(n.d.). P. Web.

Identity Theft as a Problem of Future

Introduction

Identity theft refers to stealing of other individuals’ personal and financial information and consequently using it for monetary gains Federal Trade Commission. Criminals stealing such information intend to impersonate their victims, so they can access databases containing financial information and private data. Fact that regaining access to the information that was stolen is very difficult has resulted to identity theft victims loosing their identity completely (Garfinkel 256). The lucky few have been able to salvage their identities form their attackers. The aftermath of this crime should convince potential victims that only by aggressively protecting their identities that could lead that they can be assured of private information’s safety.

Advancement of information technologies have heightened the crime in United States and globally. This is because criminals can now access personal and financial information of their victims with more ease than before. Despite the increase of information regarding self protection, criminals have been getting smarter and have thus embarked on attacking victims’ identities from various corners as indicated in Figure 1, below:

Avoid Unsolicited Emails

The above scenario means that it is up to individuals themselves and merchants holding client information to ensure that criminal do not gain access at all. Reinforcing ways to efficiently protect consumers from this crime, which could completely tarnish their credit histories for many years, is a matter of great importance? The next will extrapolate on several measures that should be undertaken at both individuals and institutional level to ensure that personal information is always safe and out of reach from criminals. Several key measures (Stancil and Parkes) are detailed below; a conclusion entailing on vital points made in the paper shall follow.

The use of unsolicited emails in collecting victim’ information, also called ‘phishing’, is rapidly becoming a technique of choice for many criminals (OnGuardOnline). This is because many people easily fall victim to email ploys: information requests and URLs are designed to resemble those of credible financial institutions. Victims should understand that financial institutions would hardly ask for their personal information through emails. If anything, institutions already have all the necessary need in their databases. In addition, some of the information requested in the emails is too sensitive; thus more appropriate to be asked during one-on-one meetings in institutions’ branch offices. Individuals should at all costs avoid clicking on hyperlinks integrated unsolicited emails.

Indeed, links included therein lead to websites that depict those of credible institutions, especially those that the affected victims happen to deal with. What is different between both websites is the URL address, whose little alterations could easily be overlooked by victims. Criminal websites could even be spruced to look more professional and attractive than those of credible institutions—this convinces victims that they are dealing with regular institutions. In addition, criminal websites have a tendency to provide too-good-to-be-true offers that entice culprits, who end up leaving their personal and financial information in hope of qualifying for the offers being made therein. But little do they know that they are performing actions which could be regretted in later days. To avoid this scenario, people must avoid responding to such emails. Potential victims should consider contacting their institutions should it appear that some information could have originated from there. Only then can they be sure of protecting personal and financial information.

Invest in a Shredder

Individuals should consider investing in a shredder so they can destroy documents with personal information. It is vital to go through all paperwork before disposing to the garbage or recycling bins. Consequently, documents with personal information such as name, phone number, address, banking and insurance information as well as social security number should be fed to the shredder right away (Foley & Foley 41). Indeed, individuals should consider destroying all paperwork after reading and taking note of information contained in them—this would be the most favourable preventative measure. It is important to remember that some criminals happen to study their prey and thus collect personal and financial information in bits; today they much collect address, tomorrow telephone number, and the next day something else.

All these data is then combined to provide a victim profile, which is further followed by the actual attack. Other than waiting for the day of collecting garbage to collect all the paperwork together and start shredding the, individuals could protect themselves better by reading their mails and other documents upon receipt and shredding them immediately. This will ensure that no papers are left lying somewhere. As a result, individuals will be sure that their information is perfectly safe, that is out of criminals reach. As another measure of reducing the amount of paperwork that people have to deal with, individuals should consider enrolling onto online account management systems. This shall enable them to view and manage banking, insurance, social security and other accounts on the internet rather than relying on mail that get into contact with many individuals. Passwords regarding these accounts can easily be kept safely at home, as well as in individuals’ memories.

Make Copies of Wallet Documents

Individuals should ensure making copies of all the documents (credit/debit cards, work IDs, and driver’s licences) carried on their wallets. These copies should be kept on safe places. In case wallets or purses get stolen, it shall be easier for the victims to report to the relevant authorities for quicker replacements. The speed by which cases of stolen documents are reported to the authorities makes it hard for the criminals to have tempered with the documents. Individuals should thus consider reporting quickly so documents like credit and debit cards are cancelled (California Department of Justice). This greatly reduces chances of having ones identity stoles.

Making copies of the documents and keeping them safe is not enough; individuals must take utmost care in protecting documents they travel with. In addition, social security card or its copy should never be carried on wallets or purses. The same applies to the social security number itself (individuals must never-ever write the number down and put it in their wallets either). In any case, the number should be kept in their memories, which is the safest place. In addition, the social security card, its copy or the number itself should never be given to anyone; the number is not a yours-for-the-asking matter which is why it should be guarded jealously. It has to be considered that the number alone can provide criminals with easier access to other information. As a precaution measure, individuals must ensure to destroy documents that happen to have their social security numbers. Employers and other institutions that happen to have this sensitive number should also ensure that documents and databases are safe from criminals’ access.

Read through all statements

Individuals must ensure to read through all bank, insurance and other monthly statements. Any information that is not inline with what was expected should be communicated to the relevant institutions as soon as possible. Some individuals do not bother to read their statements in full, which make it hard for them to notice whether their information is being tempered-with. They instead get to understand what is going on with their information when it is too late. Reporting early to the relevant institutions could even lead to successful apprehension of the criminals. Individuals should also remember to report to their institutions should their monthly statements fail arrive in mail. This could help reduce the chances of having important mails being redirected to another address without addressee’s knowledge. Rather than waiting till month end to read their statements, it is important that individuals consider enrolling in online accounts. This is because accounts based on the web could be reviewed on a regular basis, like daily or several times a week. When this happens, it becomes easier to see any problem because individuals’ minds can still remember whether they are the ones who performed certain transactions. Waiting till month end could lead to forgetting whether certain transactions took place, especially the little ones.

Although institutions storing personal and financial information have to ensure security of their databases, consumers’, too, have to take some necessary measures that include: avoiding unsolicited emails, shredding documents, keeping copies of documents carried in wallets and purses, and reading through all statements. In addition to these measures, individuals should also consider enrolling in online accounts that reduce the number of paperwork to be dealt with. This however needs the institutions providing online account services to invest in systems that will protect against identity theft. The above analysis has shown that the best way to protect ones’ private and financial information is by ensuring that paper trails are eliminated at all costs. Running to the authorities and relying on the upcoming privacy protection firms would not take victims very far.

Works Cited

California Office of the Attorney General. Tips for Victims. 2007. California Department Of Justice, Office of the Attorney General. Web.

Federal Trade Commission. Identity Survey Report, 2006. Washington, DC: Federal Trade Commission, 2007.

Foley, Linda & Foley, Jay. Aftermath of Identity Theft. San Diego, CA: Identity Theft Centre.

JB MacLean Consulting. Forms of Identity Theft. 2007. JB MacLean Consulting. Web.

Garfinkel, Simson. Commerce, Privacy and Web Security. Cambridge, MA: O’Reilly, 2002.

OnGuardonline. Phishing. 2008. United States Government. Web.

Stancil, Radon & Parkes, Rick. Identity Theft: Four Steps of Self Protection. 2007. Carolina Newswire. Web.