THE IMPACT OF THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (2003)
ON IDENTITY THEFT THROUGH THE SITUATIONAL CRIME PREVENTION THEORY
AND PRACTICES
A Thesis
Presented to the faculty of the Division of Criminal Justice
California State University, Sacramento
Submitted in partial satisfaction of
the requirements for the degree of
MASTER OF SCIENCE
in
Criminal Justice
by
Andrey Lesnyakov
SPRING
2013
© 2013
Andrey Lesnyakov
ALL RIGHTS RESERVED
ii
THE IMPACT OF THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (2003)
ON IDENTITY THEFT THROUGH THE SITUATIONAL CRIME PREVENTION THEORY
AND PRACTICES
A Thesis
by
Andrey Lesnyakov
Approved by:
__________________________________, Committee Chair
Sue C. Escobar, J.D., Ph.D.
__________________________________, Second Reader
David H. Swim, D.P.A.
____________________________
Date
iii
Student: Andrey Lesnyakov
I certify that this student has met the requirements for format contained in the University format
manual, and that this thesis is suitable for shelving in the Library and credit is to be awarded for
the thesis.
__________________________, Graduate Coordinator ___________________
Yvette Farmer, Ph.D.
Date
Division of Criminal Justice
iv
Abstract
of
THE IMPACT OF THE FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (2003)
ON IDENTITY THEFT THROUGH THE SITUATIONAL CRIME PREVENTION THEORY
AND PRACTICES
by
Andrey Lesnyakov
Statement of Problem – With the problem of identity theft presenting a significant challenge to
modern law enforcement and considering the impact this crime has had as on individual
consumers, as well as on the field of criminal justice in general, it is not surprising that there has
been an urgent need to develop an approach that would help solve this problem. A lot of
strategies and measures have been developed with the goal to protect consumers and
organizations from identity theft and one of these measures is the Fair and Accurate Credit
Transactions Act that was enacted in 2003. The main goal of this study is to determine the
impact that this very act has had on problem of identity theft. By looking at the total number of
identity theft incidents, fraud incidents, as well as bank and credit card fraud incidents, the
research will determine the impact the legislation has had on the problem of identity theft and
whether or not it is rational to implement similar laws in the future.
Sources of Data – The data that will be used for this research will come from an already
existing database that was created by the Consumer Sentinel Network and that belongs to the
v
Federal Trade Commission. All the statistics and the reports from which the data will be
extracted will come from this database.
Conclusions Reached – The main conclusion of this work is that the Fair and Accurate Credit
Transactions Act of 2003 has had a significant impact on the problem of identity theft. The total
number of incidents, as well as the total number of fraud complaints, has been steadily going up
since the enactment of the law. In the meantime, the number of credit card fraud and bank fraud
incidents has been going down. While, more likely than not, there will be amendments to this
act, this legislation does appear to be an important tool that the system of criminal justice has at
its disposal in its fight against the problem of identity theft.
_______________________, Committee Chair
Sue C. Escobar, J.D., Ph.D.
_______________________
Date
vi
ACKNOWLEDGEMENTS
This thesis would not have been possible if it was not for continuous encouragement and
support from my parents. Thank You!
vii
TABLE OF CONTENTS
Page
Acknowledgements ................................................................................................................ vii
List of Tables............................................................................................................................ x
List of Figures .......................................................................................................................... xi
Chapter
1. INTRODUCTION .............................................................................................................. 1
2. LITERATURE REVIEW .................................................................................................... 7
Introduction .................................................................................................................. 7
Identity Theft Prevention ............................................................................................. 7
Identity Theft .............................................................................................................. 17
Fraud........................................................................................................................... 22
The Fair and Accurate Credit Transactions Act (2003) ............................................ 39
Conclusion.................................................................................................................. 45
3. METHODOLOGY ............................................................................................................ 49
Research Design ........................................................................................................ 49
Data Collection .......................................................................................................... 50
Independent Variable and Dependent Variable ......................................................... 51
Hypotheses ................................................................................................................ 52
Data Analysis ............................................................................................................ 53
Data Analysis – Coding Sheets ................................................................................. 54
Human Subjects......................................................................................................... 56
Strengths & Limitations of the Research................................................................... 57
viii
4. ANALYSIS OF THE FINDINGS ..................................................................................... 58
Introduction .............................................................................................................. 58
Analysis of the Dependent Variables ....................................................................... 59
Total Number of Identity Theft Incidents ................................................... 59
Total Number of Fraud Complaints ............................................................ 67
Misuse of Personal Information .................................................................. 74
Credit Card and Bank Fraud Incidents .......................................... 75
Credit Card and Bank Fraud Rates ................................................ 79
Data Analysis Summary .............................................................................. 84
5. CONCLUSION ................................................................................................................... 88
Introduction .............................................................................................................. 88
Overview of the F.A.C.T.A. (2003).......................................................................... 90
Research Questions, Hypotheses and Variables Examined ...................................... 90
Data Collection ......................................................................................................... 91
Important Findings.................................................................................................... 93
Future Research ........................................................................................................ 98
Conclusion ................................................................................................................ 98
Appendix A. Coding Sheets .................................................................................................. 102
Appendix B. Human Subjects Application ........................................................................... 104
References ............................................................................................................................. 115
ix
LIST OF TABLES
Tables
Page
1.
Total Number of Incidents and Total Number of Fraud Complaints ........................... 60
2.
Total Number of Credit Card Fraud and Bank Fraud Incidents and Percentages of Total
Incidents .............................................................................................................. 76
x
LIST OF FIGURES
Figures
Page
1.
The Total Number of Identity Theft Incidents ............................................................. 64
2.
The U.S. Population (2000-2010) ............................................................................... 66
3.
The Identity Theft Rates ............................................................................................... 66
4.
The Total Number of Fraud Complaints ...................................................................... 70
5.
The Rates of Fraud Complaints .................................................................................... 71
6.
The Total Number of Credit Card Fraud and Bank Fraud Incidents ............................ 79
7.
Credit Card Fraud and Bank Fraud Rates .................................................................... 83
xi
1
Chapter 1
Introduction
The problem of identity theft, which is a relatively new crime, can have a
huge negative impact on its victims when their personal information gets stolen and
used for criminals’ gains. In 2010 alone, about 8.1 million Americans reported
being a victim of identity theft that cost them around $37 billion dollars (Finklea,
2012). However, despite the fact that a lot of research is dedicated to finding out
how the situational crime prevention framework is applied to this type of problem
and what measures are effective, some questions remain unanswered. While it has
been shown that such simple steps as a careful review of monthly banking bills and
statements, anti-virus computer software or not using one’s mail box for outgoing
mail, among many others, can significantly reduce chances of becoming a victim,
there are still some measures that have not been shown to be effective (Dadisho,
2005).
The consensus is that it is all about target hardening and situational crime
prevention. The concept of the situational crime prevention involves “the
manipulation of environmental conditions and situational circumstances to reduce
opportunities to commit crime” (Shukla & Bartgis, 2010, p.340). The uniqueness of
this approach is that it puts the entire emphasis on the criminal event and not the
offender. By taking into consideration all circumstances and factors that led to that
specific crime, the situational crime prevention perspective is trying to identify
2
common patterns and characteristics of that particular type of crime. In the
meantime, it is not concerned with what role an offender played in that offense. The
situational crime prevention model contains such components as theoretical
framework, standard methodology that is based on action-research, techniques and
practices that reduce opportunities for crime, as well as the literature evaluating
what already has been done (Shukla & Bartgis, 2010). Therefore, the main purpose
of this model is to understand what factors lead to a crime, what opportunities are
presented to a criminal and what can be done to eliminate these opportunities
(Shukla & Bartgis, 2010).
There are several strategies and techniques directed at reducing the number
of opportunities with which a criminal is presented when deciding whether or not to
commit a crime. The very first strategy is increasing the risks of crime. This
measure would include such aspects as the introduction of surveillance systems,
along with an increased number of security guards (Shukla & Bartgis, 2010). Any
strategy that can improve the chances of a criminal being apprehended is assumed
to increase the risks of committing that crime for an offender. Thus, when it is more
likely that risks outweigh the crime’s benefits, a potential offender would not
commit that crime (Shukla & Bartgis, 2010). Another strategy would include
reducing the rewards of crime. Decreasing the amount of benefits gained from a
crime can be achieved by identifying/marking one’s property or by simply
3
concealing it. Examples of this can include “removable car radios or graffiti
cleanup” (Shukla & Bartgis, 2010, p.341).
Increasing the efforts of crime prevention and making a potential crime as a
dangerous and risky undertaking can also play a significant role in reducing the
number of opportunities for a criminal. The main logic here is that if you make the
main target too difficult to reach, an offender is less likely to go for it. This strategy
would include such features as increased surveillance through closed-circuit
television systems or increased security staff, electronic access or more
complicated screening processes when trying to reach the target. All of these
features would concentrate on target hardening and good examples would include
physical barriers to parking lots or “placing photos on credit cards” (Shukla &
Bartgis, 2010, p.341). The final strategy is to remove excuses for crime. This can
be achieved through setting and posting specific rules, laws and regulations. Good
examples would include rental and mortgage agreements, speed limit indicators and
other posted signs, such as ‘no smoking’ or ‘no trespassing’ (Shukla & Bartgis,
2010).
However, there is no guarantee that even if the situational crime prevention
model is applied and if a person were to follow all of the ‘how to protect oneself
from identity theft’ instructions, one could still become a victim of identity theft.
Nevertheless, if one takes all necessary precautions, the prospects of having good
protection will definitely be much better (Dadisho, 2005). If there is no opportunity
4
to commit a crime, there probably will not be any crime. If one does not leave
anything in the dumpster, mail box or on the street that has his/her personal
information, a criminal will not be able to steal it and use it for personal gains
(Dadisho, 2005). If one uses proper computer software and is careful when working
online, there are more chances that a computer network will not be breached. If one
does not provide the identifying information to those who do not need it, people
who have no business having it will never end up in possession of it. Therefore, it
is less likely to be lost or misused (Dadisho, 2005). Finally, if one monitors his/her
bank statements and credit score reports, that individual is more likely to notice the
problem in the very beginning. This last point leads to the fact that in order to assist
consumers in their fight against this relatively new crime, several laws and
regulations have been created and their main goal is to stop the identity theft in its
earliest stages (Dadisho, 2005).
Identity theft became a federal crime in 1998 and with the development and
increased use of technology, especially the Internet, this particular problem started
presenting more and more danger to the general public (Finklea, 2012). As a result,
there was an urgent need to have strong legislation in place that would give
consumers protection and certain rights that would ensure their safety against
online criminals. Moreover, a variety of industries that deal with confidential
information of their clientele were strongly recommended to have a set of measures
that would help them to protect this very information (Finklea, 2012).
5
In 1998, the Identity Theft Assumption Deterrence Act was passed and it
made the crime of identity theft a federal offense, while it also established a set of
penalties for those who even tried committing identity theft, as well as for those
who provided assistance in the commission of a crime (Finklea, 2012).
Furthermore, this Act directed the Federal Trade Commission to gather all the
complaints and law enforcement data regarding identity theft. The Identity Theft
Penalty Enhancement Act that was passed six years later strengthened the federal
position in relation to prosecution of identity theft even further (Finklea, 2012). It
also established a new set of penalties that included sanctions for such offenses as
aggravated identity theft, where a criminal could get an additional sentence
depending on that particular offense in relation to other federal crimes (Finklea,
2012).
In 2003, the Fair and Accurate Credit Transactions Act (F.A.C.T.A.)
became a federal law. The main goal here was to “amend the Fair Credit Reporting
Act (F.C.R.A.), to prevent identity theft, improve resolutions of consumer disputes,
improve the accuracy of consumer records, make improvements in the use of, and
consumer access to, credit information” (108th US Congress, 2003). The F.C.R.A.,
which was originally passed in 1970, addressed such issues as dissemination of
consumer information and the ways in which it can be used. In a sense, it represents
the foundation of credit rights granted to the American consumers. The F.A.C.T.A.
legislation was also a response to the increased number of identity theft crimes and
6
was supposed to help alleviate the problem by granting certain rights to consumers.
Among them were the rights to obtain credit reports free of charge, place a fraud
alert on one’s credit history, as well as some others. Nevertheless, it is still not clear
how, despite all these proposed anti-identity theft measures, effective this Act
really is (Holtfreter & Holtfreter, 2006). As a result, this thesis will fill this void
and determine how the problem of identity theft has been impacted since the
implementation of this Act.
Therefore, the main research question is – how has the Fair and Accurate
Credit Transaction Act of 2003 impacted the problem of identity theft? This work
will look at the Federal Trade Commission database and conduct secondary data
analysis in trying to determine how the total number of identity theft incidents and
the number of fraud complaints has changed over the last few years. Additionally,
this study will determine the changes in how personal information has been used by
criminals. More specifically, this study will look at the areas of bank fraud and
credit card fraud. The importance of this study cannot be underestimated, as it will
help to determine the effect of the federal legislation on the problem and what
works and what does not from the letter of the law perspective. It will demonstrate
recent trends in identity theft and will shed more light on the F.A.C.T.A. legislation
and also show if enacting similar laws in the future would make sense.
7
Chapter 2
Literature Review
Introduction
Though the concept of situational crime prevention has been effectively
applied to such areas as auto theft (Linden & Chatuverdi, 2005), crime prevention
through environmental design (Farrington et al., 2007), date/sexual assault
prevention (Parkhill et al., 2009) and drug abuse prevention (Shukla & Bartgis,
2010), this study focuses on identity theft, as well as credit card and bank fraud.
Specifically, this study examines the impact of the F.A.C.T.A. legislation, as a
mechanism of situational crime prevention, on identity theft and bank and credit
card fraud rates. The literature review that follows will address prior studies which
have examined the theoretical framework of situational crime prevention as applied
to identity theft and two types of fraud.
Identity Theft Prevention
The rise of the Internet during the last few years made our lives so much
easier, whether it is how we pay our bills or how we meet new people. However,
this convenience comes at a price. The era of the new technologies brings a new
type of crime – cyber crime, the one that is committed by using the Internet. The
most common cyber crime that we face today is an identity theft (Dadisho, 2005).
Given the unconventional character of this type of a crime, it is very difficult for
law enforcement to prevent it simply by using traditional crime prevention tactics,
8
such as increased patrol of the ‘hot spot.’ As a result, implementation of
nontraditional strategies might help in fighting this invisible crime. These strategies
can include campaigns that would emphasize the importance of cooperation
between law enforcement and public (Dadisho, 2005).
In his work on identity theft and police response, Dadisho (2005) suggests
that the main aspect here is prevention. Prevention, in turn, depends a lot on a
potential victim and precautions that are taken by the victim. The author
recommends a few actions that, if taken, can significantly reduce a chance of
becoming a victim of an identity theft. First of all, it is necessary to protect one’s
own mail and always remove it on time. For outgoing mail, it is safer to use an
official postal service mailbox and not leave it in one’s own mailbox. Since these
mailboxes represent an easy target for thieves, outgoing mail containing some
sensitive material can easily get stolen (Dadisho, 2005). Another necessary action
that has to be taken is to carefully review monthly bills and bank statements in
order to identify any suspicious activities and report them to anti-fraud authorities.
Also, it is very important not to provide any personal information to various offers
made as in person or phone, so online, in regards to claim a prize or to enter a
lottery (Dadisho, 2005). If one has to provide any identifying and personal
information, s/he has to be certain that this information is going to be kept
confidential and that it is actually required by law to present that sort of
information. Other precautions include not using the social security number, unless
9
it is required by law, not carrying more credit cards than is absolutely necessary.
Constant monitoring of credit score reports is also very important and can help in
detecting problems in early stages. Considering that it might be very difficult to
identify the identity theft until it is too late, taking these precautions can help to
stop this crime just in time (Dadisho, 2005).
A study by Holt and Turner (2012) emphasizes the importance of rational
online behavior. They emphasize the idea that is well-known but not well-followed
by everybody – you have to be rational and smart when working online. The riskier
one’s online behavior is, the more chances that person has to become a victim of
identity theft. Also, according to the findings here, potential victims can do a lot in
terms of prevention of the problem by being aware of what is going on when they
are online, what they do and what they should not do. Having proper anti-virus
software should also significantly reduce the risk of victimization. Since so many
identity theft incidents take place via the Internet by criminals breaching computer
systems/networks that might contain such sensitive information as passwords, dates
of birth, social security numbers and so on, having this type of protective program
is a must (Holt & Turner, 2012).
DelGrosso (2001), in his work on identity theft, emphasizes the type of
devastating impact this crime might have on its victim. And the primary reason for
the devastation is the amount of time for which it can go undetected. It might take
on average about 14 months for victims to discover that they had their personal
10
information had been stolen (DelGrosso, 2001). DelGrosso (2001) also emphasizes
the importance of preventive measures. Like Dadisho (2005), DelGrosso (2001)
also states that it is necessary to take proper precautions when dealing with
outgoing mail and be very careful when providing personal identification
information. The author suggests that such information should be provided to only
those entities who are required by law to have it (DelGrosso, 2001). Social security
numbers should not be used for identification purposes unless it is required by law.
Just like Dadisho (2005), DelGrosso (2001) also recommends a careful review of
monthly bills and statements and retaining copies of these documents for at least a
year. All old documents, if no longer needed, have to be either shredded or
otherwise destroyed (DelGrosso, 2001).
Another course of action that DelGrosso (2001) emphasizes is the role of
businesses in identity theft prevention. Companies and organizations can create
special programs that would help employees to learn about “legal, regulatory, and
organizational resources” (DelGrosso, 2001, p.75). Also, it would allow employees
to work closely with the human resources departments and get to know privacy
policies and recommendations on how to prevent an identity theft (DelGrosso,
2001).
Another study by McRae (2003) on identity theft addresses the issue of
students keeping their identities safe when online. But, there is no doubt about that,
these very suggestions can be applicable to all other segments of populations as
11
well. McRae (2003) recommends for students (and presumably the general public
as well) to always carefully monitor their bank accounts and if there are some
questionable transactions on bills and statements, that might be the first sign that
there has been an unauthorized access to that person’s private information. McRae
(2003) emphasizes the importance of signing up for fraud alerts and regularly
checking one’s own credit score. Any abnormalities with a credit score might be a
pretty good indicator that there might be a problem. Just like DelGrosso (2001),
McRae’s (2003) findings suggested to not carry more information than it is
absolutely necessary. For example, one does not have to carry a social security card
on him/her all the time. The same goes for credit cards. Finally, a consumer has to
be aware of to whom s/he provides his/her personal information and why that type
of information is actually requested. In other words, there are people that might not
need the type of information for which they are asking. Therefore, a consumer is
not obliged to give away such facts as his/her date of birth or social security
number (McRae, 2003).
In addition to students, another vulnerable group here would be travelers.
Most of the victims in this category are businessmen who constantly travel and
most of the time they have to rely on such electronic devices as smart phones and
laptops, which, of course, can be easily hacked or simply lost. It has been estimated
that travelers lost more than 11,000 electronic devices last year at US airports
(Trejos, 2011). Lost smart phones and laptops accounted for 40 percent each
12
(Trejos, 2011). For the most part travelers also have to stay at hotels, which
oftentimes have unsecured internet networks and that certainly might contribute to
the problem of identity theft, as it has been shown that about 38 percent of this
crime does take place at hotels (Trejos, 2011).
Trejos (2011) also provides a discussion on how one can maximize his/her
chances of not becoming a victim of identity theft. According to Trejos (2011), as
well as DelGrosso (2001) and McRae (2003), it is very important for a person who
is going on a trip to not take more credit cards than is necessary. It is recommended
to take one primary credit card and another one as a back-up. A wallet can easily be
lost or stolen; therefore, it is more rational to leave as many unnecessary credit
cards at home as possible. Trejos (2011) also suggests that it would be smart to
write down the phone numbers of credit companies and keep them in a secure
location and when paying for airline tickets, to use credit cards instead of debit, as
it will reduce liability, should there be a problem. And a final piece of advice for
travelers is not to announce their trip plans, because it can potentially attract
burglars while that individual is on a trip (Trejos, 2011).
Carrns (2011), who conducted a study on identification information in
banking environments, also points out the idea that banks should not be asking for
customers’ social security numbers whenever a client has a question about his/her
account. There has to be a better way to verify one’s identity without making a
customer provide such sensitive information (Carrns, 2011). Furthermore, the
13
author also suggests that using partial social security numbers is also undesirable
and might lead to problems of keeping too much of sensitive information by the
people who have no business having it. Finally, just like with the general public,
banking institutions have to make sure that their databases are secure and they also
need to have a system that would be able to send out timely alerts when something
suspicious is going on with their clients’ accounts (Carrns, 2011).
Fighting cyber crime depends on various official state laws and regulations
as well. While trying to determine how effective this strategy can be, Holtfreter and
Holtfreter (2006) look at the US legislation that addresses identity theft. The
authors look at different provisions of the Fair and Accurate Credit Transactions
Act (F.A.C.T.A.) and the Identity Theft Penalty Act (I.T.P.E.A.) and try to measure
their effectiveness. The main purposes behind the first Act were to reduce the
number of identity theft incidents, improve conflict resolutions for consumers,
make sure that consumer records and credit information are accurate, as well as to
ensure the ease of access to personal information by consumers (Holtfreter &
Holtfreter, 2006). Meanwhile, the second Act focused on establishing harsher and
stricter penalties for aggravated identity theft. These two Acts led to the
introduction of such aspects as harsher penalties for identity theft criminals, fraud
alerts, ‘red flags’, as well as the mechanisms that would help blocking identity theft
(Holtfreter & Holtfreter, 2006).
14
The introduction of fraud alert systems allowed banking institutions to
inform creditors of possible fraud activities and after confirming the identity of a
consumer, proper measures would be taken. Also, credit score reporting agencies
will be notified that there could be potential fraudulent activities on that particular
person’s account. Holtfreter and Holtfreter (2006) also emphasize the importance
of proper disposal of credit cards and all financial records associated with them.
Moreover, one of the provisions of the F.A.C.T.A. legislation included the
requirement for credit and debit card numbers contained on sales receipts to be
truncated (Holtfreter & Holtfreter, 2006). Moreover, those who make business
transactions using credit cards will not be allowed to indicate when the expirations
dates are. The credit card agencies also cannot use the full social security number;
now, they would have to eliminate the first five digits. This is supposed to lead to
decreased identity theft rates, as a lot less personal information will be available for
thieves. Another change under these new Acts was involvement of all federal
banking and credit score reporting agencies to maintain a list of patterns, practices
and forms of various activities that might indicate fraud. Therefore, a quick
response would be possible and it could minimize the damage and result in
preventing the crime (Holtfreter & Holtfreter, 2006).
When dealing with identity theft, victims also have to know that there are
specific rules and regulations available that deal with this type of problem. The
Statement of Rights for Identity Theft Victims lists a number of federal rights that a
15
person dealing with the problem has to be aware of. They include reasonable and
timely notifications about any public proceedings, protection from the accused, as
well as to what resources are available to victims in case their personal information
had been stolen. A victim of identity theft has to know that s/he is protected by
laws in regards to documenting the theft, communicating with credit agencies,
limiting financial losses and resolving any disputes that were the result of identity
theft. Each law is very specific and covers a lot of issues. Therefore, it is important
for a victim to know that such laws exist and there is someone who can help
(Federal Trade Commission and Department of Justice, 2011).
In another study, White and Fisher (2008) use the situational crime
prevention model and emphasize the importance of creating secure places and
improved guardianship in order to reduce the number of opportunities for the crime
of identity theft (White & Fisher, 2008). They propose such changes as more
security when opening a new account, elimination of blind mailings, increased
police and public education, national uniform definitions and model law, national
uniform reporting system, proper police training and quick response, and a flexible
crime reporting system (White & Fisher, 2008).
Under this framework, the authors propose prohibiting checks, credit card
applications and credit cards themselves to be mailed through blind mailings
(White & Fisher, 2008). Considering that mail theft is a serious problem and that
identity theft oftentimes is what follows it, this step would help to significantly
16
reduce the number of opportunities for a crime to occur and result in fewer identity
thefts. Inventing new procedures for opening new accounts is also very important.
Here, it would be necessary to make it mandatory to implement the system of
callback verification, placing photographs, or involving biometric technologies to
verify an applicant’s or a client’s identity and that the person asking for a service is
in fact who s/he claims to be (White & Fisher, 2008). New emphasis also has to be
directed towards the Internet, as that is the place from where the identification
information can easily be stolen. Police should be educating the public about
dangers and potential ways to avoid an identity theft through community outreach
programs (White & Fisher, 2008).
Clear, standard definitions of both identity theft and identity theft offenses
have to be established. Police departments should be more flexible when working
with identity theft and trying to identify this crime’s patters in their reports of
crimes (White & Fisher, 2008). Police officers need to have special skills and
training to fight cybercrimes, as well as specifically oriented task forces that have
to be organized. So, by proposing these recommendations that address the identity
theft problem by implementing more secure places and improved guardianship, the
authors hope that it will help to reduce the number of opportunities for committing
a crime (White & Fisher, 2008).
17
Identity Theft
Copes et al. (2010), in their study on the problem of identity theft and
profile of victims and offenders, state that the typical victim of identity theft is
more likely to be a white female, college graduate, between the ages of 35 and 54
with an income of more than $50,000 per year (Copes et al., 2010). This individual
is more likely to report a crime and not engage in a behavior that would
significantly differ from other citizens. Also, members of this group do not appear
to be using the Internet more frequently than others. However, individuals who
spend more time online are those ones who became victims of existing credit card
fraud. And those who became victims of existing fraud and new credit card fraud
are more likely to spend less time online than the previous category of consumers
(Copes et al., 2010).
The authors also state that the vast majority of offenders do not actually use
the Internet. Moreover, only about 20 percent used the Internet in some way to
commit crimes, while only about 10 percent used the Internet exclusively (Copes et
al., 2010). In fact, what criminals usually utilize includes dumpsters and mailboxes
that potentially contain personal information. Such information can also be
obtained through places of employment, phishing and hacking. The study
emphasizes the importance of educational programs on protecting one’s identity.
These programs have to be available to the general public and that would help
show all the dangers of identity theft, as well as such aspects as its prevention,
18
consequences and what resources are available to fight this problem. Moreover, the
goal here has to be to reach as many people as possible from as many social
backgrounds as possible because who is more likely to be victimized is going to be
from a low income social status without much educational background (Copes et
al., 2010).
Allison et al. (2005) also point out the importance of the problem of identity
theft and state that the actual crime rates are higher than what they are believed to
be now. Moreover, this crime has been on the rise and its increasing rates are
higher than those of such other crimes as robbery, auto theft, check and card fraud
(Allison et al., 2005). Also, the clearance rates for the crime of identity theft are
much lower than they are for other aforementioned types of crime. As a result,
Allison et al. (2005) point out that it is necessary to be allocating more resources to
this problem, as well as more research is necessary. This crime does not generate as
much attention as do violent crimes where there is a clearly defined victim that
everybody can see. Nevertheless, identity theft does impact lots of lives and close
attention has to be paid to this problem (Allison et al., 2005).
The authors of this study also state that an identity theft offender is more
likely to be an African American female who is either unemployed or working
alone and who does not have any connections to a victim, who, in his/her turn,
tends to be a White male (Allison et al., 2005). In addition to extra resources that
have to be allocated to law enforcement, some resources have to be utilized in order
19
to educate the general public on the dangers of identity theft, both from the
offender and victim perspectives. If utilized properly, there is a good chance that
the arrest clearance rates, as well as the situation in general, will significantly
improve (Allison et al., 2005).
Moon et al. (2010) look at the specific segment of population – youth – and
try identifying who are especially vulnerable to committing online crime.
According to the authors, those with low self-control are more likely to engage in
illegal online activities, such as illegal downloads and using personal information
of others for personal gains. Also, what the study points out is that the number of
hours spent online and membership status in various online computer clubs is
correlated with computer crime (Moon et al., 2010). The more time one spends
online and the more s/he participates in online clubs, the more likely that individual
will be involved in some kind of online illegal activities. This, as speculated by the
authors, might be due to more skills and knowledge that a person gains after having
spent lots of hours online (Moon et al., 2010).
Also, males are more likely to engage in illegal online activities than their
female counterparts (Moon et al., 2010). Moreover, this segment of the population
is more likely to be better educated as computer knowledge does require some
technological knowledge. The authors, however, emphasize that more research is
absolutely necessary in this field in order to better understand what affects youth
20
and who are more likely to offend, as well as what motivational factors are present
that lead to that particular crime (Moon et al., 2010).
Jackson (2004) also emphasizes the importance of research that is
absolutely necessary in order to be able to understand the impact the crime of
identity theft has on victims and offenders, consumer credit system, as well as the
entire criminal justice system. Considering the economic impact of this crime, this
approach has to be prioritized by those in the field of criminal justice. The author
points out that offenders are more likely to be quite intelligent, have the right type
of resources and skills, as well as talent (Jackson, 2004). Moreover, involvement in
this type of crime includes some kind of rational decision-making process where
the benefits outweigh the risks. Consequently, this decision is based on evaluation
of one’s skills, resources, and risks and benefits (Jackson, 2004).
What also makes this problem even worse is that it can be relatively easy
for offenders to get away with their crime due to detection difficulties (Jackson,
2004). Another problem here is that many banking institutions or companies where
fraud can occur decide not to report crimes if losses are insignificant (Jackson,
2004). Prosecution and authorities may also decide not to file charges against an
individual due to a lack of evidence. As a result, this makes the crime of identity
theft an attractive target as more often than not a criminal can get away with it
(Jackson, 2004).
21
Riem (2001) explores the area of fraud and identity theft and the author
points out that there might be several methods through which one’s personal
information can be obtained. One of the most obvious ways is through a hacker
getting access to a secure database that might contain personal information. Also,
personal information might be obtained by deception. Here, for example, a victim
can be promised a trip or an expensive electronic item and asked to provide his/her
personal information in order to be able to claim a prize. Once such information is
provided, a victim never hears back from those who promised a prize and the
information is used for criminals’ gains (Riem, 2001). Other ways might include
mail theft or negligence on the part of organizations that have confidential
information and are supposed to keep it in a secure place (Riem, 2001).
The author also identifies skimming as another very dangerous recent trend
that has resulted in more identity theft incidents (Riem, 2001). Certain employees
in the public sector, especially where an employee has contact with credit cards, get
recruited and are paid for obtaining credit card information (Riem, 2001). This
information is used and copied onto criminals’ counterfeit credit cards and these
cards can be used for a short period of time. A true owner of that account will be
charged with all the purchases. This problem is quite serious and the author points
out that there are no boundaries for this crime, as sometimes entire crime rings are
involved in this and oftentimes personal information is stolen by somebody who
lives on a different continent (Riem, 2001). Moreover, this information is then most
22
likely to be used as a bargaining tool. In a sense, this represents a business machine
on the international scale. Therefore, efforts to stop the crime of identity theft have
to involve a variety of international players and require a lot of cooperation (Riem,
2001).
Fraud
Hunter (2006), in a study about stolen credit cards, also emphasizes the idea
of international crime rings that are responsible for personal information theft and
how it is almost impossible to investigate and prosecute such cases due to victims
and offenders being on different continents and not a lot of cooperation from
foreign nations. Moreover, the author also states that it is a whole new business
nowadays when personal information, such as identifying information and bank
and credit account numbers, gets stolen only to be resold later (Hunter, 2006). As a
result, it might be very difficult to trace who the original offender was and where
the initial theft took place. Another threat of this crime is that a lot of terrorist
organizations are funded through these illegal activities (Hunter, 2006).
The work by Hunter (2006) also points out that as long as payment systems
exist, so will the crime and it is impossible to defeat identity theft. Moreover, some
critics even state that all that is being done is just shifting focus from cardholders to
merchants and by introducing new technologies, such as PIN numbers and
electronic chips, the problem is not taken care of, but now there is a different party
that is held responsible. Nevertheless, the author emphasizes the idea of technology
23
and that its role cannot be underestimated. What also might be helpful is including
various biometric innovations that certainly have a lot of potential to make one’s
personal financial information more secure (Hunter, 2006). However, another
aspect that has to be taken into consideration is the idea of education, and the more
consumers know about all the dangers this crime brings with it, the more prepared
s/he will be, should something like this occur (Hunter, 2006).
A study by Churyk et al. (2008) looked at the problem of fraud and the
authors of this work concentrated on the aspect of fraud detection. It is
acknowledged that the consequences of fraud can be quite devastating and many
large and well-known companies have been recently unraveled by such a problem.
Among them are such companies as Xerox and Enron, just to name a few. As a
result, the authors propose that being able to detect fraud in its early stages is
crucial and, therefore, efforts have to be made in order to come up with strategies
that would enable authorities to detect such a problem early (Churyk et al., 2008).
The study looks at the idea that at the companies where fraudulent activities are
present, the management tends to choose a specific language when providing their
statements and financial information to various auditing entities during mandatory
audits (Churyk et al., 2008).
Churyk et al. (2008) look at a very extensive list of companies and firms
audited by the Accounting and Auditing Enforcement. Moreover, they compare the
language choice among those companies who were audited just once and those
24
companies that were asked to provide their statements with all the required
financial information for the second time. This second time, in turn, is more likely
to mean that there in fact might be something suspicious going on (Churyk et al.,
2008). The findings were quite interesting and those firms that were asked to
provide their restatements, on average, used fewer optimistic words, fewer words in
sentences, more words attributed to downward direction of their respective
company, more words and phrases utilized in past tense and a lot fewer of such
references as I or me; instead, there were more of such words as the company, us
and we. Furthermore, the authors decided to look at the examples of such
companies as Enron and WorldCom and compare the language of their
restatements to statements of those companies that were not asked to provide such
information for the second time (Churyk et al., 2008). The results were compelling
and the difference in the usage of negative words was quite significant (61 vs. 15).
The restatements also contained almost twice as many of the words attributed to
downward direction of the company compared to other companies (Churyk et al.,
2008). According to the authors, the technique of content analysis is not one
hundred percent accurate, but still it is a powerful tool in the hands of accountants
and the financial information provided by companies can reveal a lot of information
that can help to detect fraud in its early stages. Moreover, it will allow professional
accountants to identify information that is misstated and help avoiding much bigger
problems in the future (Churyk et al., 2008).
25
Another type of fraud that has been presenting a pretty serious problem
nowadays is online in-auction fraud, which can consist of such aspects as multiple
bidding or false bids (Dong et al., 2009). With the ever-rising popularity of such
auction websites as Amazon and EBay, the consensus that something has to be
done in regards to online fraud is currently bigger than ever. Dong et al. (2009) take
a look at this problem and try to come up with the solutions that might help to
alleviate this problem. Auction fraud, as described by the authors, can involve pre-,
in- and post-auction fraud (Dong et al., 2009). These categories, in their turn,
include such activities as misrepresentation, black market and non-delivery, among
some others. In-auction fraud can include fraud on both the seller’s and buyer’s
sides and might involve such aspects as false bids, bidding rings or multiple
bidding, to name a few (Dong et al., 2009). Considering the nature of the Internet,
the authors acknowledge that the solution for this problem is not easy to find.
Nevertheless, the authors of this work do propose several computer software and
systems that can make online auctions much safer and more reliable (Dong et al.,
2009).
One of the systems proposed by Dong et al. (2009) should include several
agents in it and each of these agents would be responsible for such areas as
security, bidding, as well as monitoring. This would allow identifying any
suspicious users and activity that are noticed on that particular auction system
(Dong et al., 2009). Other potential solutions might include certain software that
26
would provide cryptographic assistance with locating malicious bidders and
auctions. Also, coming up with effective statistical approach can prove to be very
helpful as well. Various algorithmic equations would be able to, more or less,
accurately tell potential buyers or sellers that a particular account might be
fraudulent. These so-called reputation approaches can be quite complex and do
require analyzing huge amounts of historical data; therefore, they might be very
difficult to create (Dong et al., 2009). In-auction fraud detection is difficult to
achieve and does require some serious and complex mathematical models that
would be able to accurately predict the problem of fraud. Once again, with the
prevalence of the online auction systems nowadays, there is an urgent need to come
up with a model that would be able to effectively protect consumers when shopping
online. It is definitely not easy, but certainly can be done (Dong et al., 2009).
A study on credit card fraud conducted by Slotter (2009) identified several
key areas that are especially problematic nowadays. According to the study, the
vast majority of credit card fraud takes place through mail theft, counterfeiting and
advanced payment schemes. What is usually targeted by mail thieves is financial
information that can contain new credit cards, social security numbers, account
information or credit applications. Once such information is obtained, these
criminals can either use already existing cards or make requests for new lines of
credit with somebody else’s personal information (Slotter, 2009). Another way to
utilize stolen information is by making fake credit cards and considering the type of
27
technology that is available today, such cards can be pretty similar to real ones and
they, as a result, would be very difficult to detect (Slotter, 2009). Advanced
payment schemes can include using more credit than what the line of credit is and
utilizing fraudulent checks. Since it takes time for a check to clear, it might take
some time before such an activity is tagged as suspicious or fraudulent, but at that
point it might be too late (Slotter, 2009).
Nevertheless, there are several things that can be done in order to minimize
the problem of credit card fraud. From the technological perspective, there are
several promising changes that can be introduced and that can have a serious
impact on credit card fraud. One of the changes can be placing photographs on
actual cards (Slotter, 2009). Another innovation can be having computer microchips with personal information inserted into every credit card. Not only will it give
more security and protection to the cards’ owners, but it will give them a chance to
authorize offline transactions and conduct financial activities from remote locations
with more security (Slotter, 2009). Also, the role of law enforcement cannot be
underestimated here, and cooperation among various law enforcement agencies is
very important. Moreover, this problem has to involve agencies on municipal,
county, state and federal levels as this crime does not know boundaries (Slotter,
2009). Credit cards that we know and are familiar with today are more likely to
have some serious changes in the near future, as more and more security features
will be added. However, it will provide for new challenges and opportunities for
28
criminals and more problems for law enforcement when dealing with such crime
(Slotter, 2009).
Sullivan (2008) also looks at the idea of having smart cards implemented.
The author acknowledges the seriousness of the credit card fraud problem and the
impact it has been having on the nation’s economy, as well as its numerous victims
(Sullivan, 2008). Since payment authorization is a pretty efficient step in protecting
a consumer from fraud, it is something that has to be taken seriously. Nevertheless,
since personal information, such as full name, date of birth, social security or home
address, can easily be duplicated and utilized by criminals when using a card for
fraudulent activities, this step has to be taken to the next level (Sullivan, 2008).
Having smart cards with special chips installed that would make copying unique
personal identifiers almost impossible is a great idea (Sullivan, 2008).
However, Sullivan (2008) is concerned that the criminals will shift their
time and efforts towards other types of payments, the ones with weaker security
features. Therefore, according to the author, it would be necessary to ensure that
other payment methods are well protected as well. Furthermore, having a uniform
set of standards can be quite difficult and if there is a complex security system and
if one single authorization process is in place, it is absolutely necessary to have the
standards be clearly laid out and enforced properly (Sullivan, 2008). Even though
the implementation of smart cards do have promising results, it is necessary to
29
remember all the challenges that will arise. Moreover, security measures for other
payment methods have to be improved as well (Sullivan, 2008).
A study done by Barker et al. (2008) on the problem of credit card fraud
also acknowledges
this type of crime and how it is no longer a problem of a
certain region or state, but instead it is now a global phenomenon that affects a lot
of people all around the globe. Furthermore, consequences of this problem can be
very serious and last for a long time after an actual crime takes place. Nevertheless,
certain prevention steps can and have to be taken in order to minimize the impact of
this crime. Barker et al. (2008) also emphasize the importance of computer chips
with personal information being inserted into every credit card. What this means is
that consumers will have much more security as such chips are almost impossible
to duplicate and in order to authorize a transaction, an owner will have to use
his/her PIN number, and not just sign a receipt (Barker et al., 2008).
What also can prove to be helpful is that it might be necessary to introduce
stricter regulations when it comes down to purchasing equipment that is used in
card manufacturing. As a result, if such technology is difficult to obtain, this might
significantly reduce the problem of illegal manufacturing. This step will require a
lot of collaboration on the part of those companies who suffer from this type of
crime, but the final results can be quite good (Barker et al., 2008). The authors also
emphasize the importance of educating merchants to be able to recognize
fraudulent credit cards and any activities that might be suspicious and potentially
30
fraudulent (Barker et al., 2008). Another segment of the population that has to be
educated is consumers. Despite the problem of credit card fraud being so
widespread, many people are still relatively unaware of exactly how serious it
actually is. By educating the general public on such matters as the crime itself and
its consequences and prevention, it would be possible to make the public less
susceptible to becoming victims of the problem of credit card fraud (Barker et al.,
2008).
A study by Levi (1998) also looks at the problem of credit card fraud and
tries to explain how fraudsters tend to adapt to any changes that are being
introduced in order to prevent this problem. The author acknowledges that credit
card fraud usually takes place as a result of a credit card being stolen, either
through mail theft or burglary or robbery, credit application, counterfeit
transactions, manufacturing counterfeit cards or by placing orders using a genuine
card but intentionally indicating a wrong address (Levi, 1998). This study does
acknowledge all the difficulties that law enforcement is facing when dealing with
this problem. Moreover, it states that it is oftentimes the case that criminals are not
caught (Levi, 1998). Also, the author points out that there are several categories of
offenders. Some act on an individual level whereby a person simply uses stolen
cards to buy either a couple of relatively big purchases or several smaller items,
such as groceries or clothes. Others operate on a ‘professional level,’ where they
31
belong to well-organized rings and utilize stolen information for fraudulent
purposes (Levi, 1998).
As a solution for this problem, Levi (1998) suggests that the introduction of
such features as placing fingerprints or pictures on actual credit cards might help in
protecting consumers. Furthermore, adding more and more security features is
more likely to provide more security to credit cards. However, what this will do is
that the crime of credit card fraud is more likely to shift away from the regions
where such cards are widespread to the areas where consumers use cards without
these security features (Levi, 1998). Also, the author suggests that while security
features will keep on developing and improving, so will the criminals’ skills (Levi,
1998). Moreover, certain fraudulent websites can be created with the goal to collect
credit card and PIN number information from their customers. Even though such a
website might look legitimate, in reality it can be a fraud. Therefore, a lot has to be
done in order to develop a security protocol that would provide maximum
protection (Levi, 1998).
A study by Pratt et al. (2010) also looks at the problem of credit card fraud
and tries to integrate the routine activity theory with this problem. According to the
authors, new changes in technology will attract a new segment of potential
offenders, the ones who will be more motivated and who will have more computer
and technology knowledge (Pratt et al., 2010). With the expansion of the Internet,
there has been an increase in the number of a specific sector of criminals –
32
cybercriminals (Pratt et al., 2010). According to the authors, a lot here depends on
how much a person spends time online and whether or not s/he makes any
purchases online and how many. These conditions, in their turn, can predispose one
to becoming a victim of online credit card fraud (Pratt et al., 2010).
The main recommendation the authors are proposing is creating a set of
educational programs that would make sure that the general public is well aware of
all the dangers this problem brings with itself (Pratt et al., 2010). By educating the
public about such aspects as prevention and consequences it would be possible to
ensure that more and more consumers know how to take care of their online
financial business, as well as how to take all the precautionary measures that would
help them keep all the confidential information out of the hands of criminals. A lot
here depends on exposure and target availability. The more time a consumer spends
online and the more financial transactions take place on suspicious websites, the
more exposure there will be and thus, more chances to become a victim of credit
card fraud (Pratt et al., 2010).
Another study by Levi (2008) looks at the types of fraud and how they
change based on various factors, such as economy and age. The author pays special
attention to globalization and it is this phenomenon that brought new types of
fraud, the ones that were not present a couple of decades prior. Such aspects as
business environment as well as how the law is actually enforced oftentimes
dictates whether or not one will engage in fraudulent activities. The study does
33
acknowledge that throughout recent history, not a lot of attention has been given to
the problem of fraud. The author states that the system is more likely to be
interested in more serious crimes and since the victims of fraud are different from
victims of more serious crimes, this crime has not gotten wide recognition until
recently (Levi, 2008).
The problem of fraud and the criminals who are involved in this type of
crime depends on the economic situation inside that particular region. According to
the author, more and more people might be susceptible to committing low-tech
fraud that does not require extensive technological knowledge, which would allow
them to stay afloat and avoid financial crisis (Levi, 2008). They will also be more
likely to take more risks. Moreover, a society can start seeing new types of fraud
due to new industrial or technological innovations. As far as the age factor goes,
those who get involved in technological fraud are more likely to be younger
individuals. The older groups would probably end up committing the type of fraud
that does not require much technological knowledge and that relies on older
programs and innovations, and something that would require engaging in areas that
have been around for quite some time (Levi, 2008).
The aspect of collaboration amongst various entities is also supported by
Greene (2009). In this work, the author once again emphasizes the problems that
credit card fraud and fraud in general bring to American consumers. Moreover, it is
stated that the actual losses associated with fraud are significantly higher than what
34
they are thought to be (Greene, 2009). What is even more problematic is that this
problem is very difficult to fight against, as there has been a shift from one area to
another. In other words, with the development of new technologies and certain
changes in social environment, old methods of fraud get replaced by new types of
fraud (Greene, 2009). However, the main problem stays the same – both the
governmental entities and individual consumers lose many resources as a result of
fraud. Good examples of such changes include relatively new phishing scams or
offshore fraud or even activities associated with recruiting insiders that work in
credit agencies or those organizations that have extensive access to personal
information (Greene, 2009).
The author points out that fraud can have consequences that extend
additional financial losses on individual and organizational levels (Greene, 2009).
Fraud can also present a significant danger to national security and interests abroad.
Therefore, an effective system to combat this problem has to be implemented
(Greene, 2009). The study talks about the special alert programs that would help
banking institutions to receive notifications regarding those credit cards that this
system flags as suspicious. This condition, in turn, might be based on the account
pattern, which can include purchase or withdrawal history, or something that is out
of extraordinary (Greene, 2009). Moreover, the author proposes introducing the
profiling system both for consumers and merchants. This will allow for creating a
consumer profile where data will be stored that would show patterns in one’s
35
purchasing, transaction and withdrawal activities. Therefore, if something unusual
occurs, that particular activity will be tagged and this can potentially result in early
fraud detection (Greene, 2009). But the main aspect that Greene (2009) emphasizes
is collaboration among various industries that is absolutely necessary as the
problem of fraud is simply too big to be fought against separately. Cooperation
from the private sector is also necessary, as new technological developments lead
to new types of fraud. Furthermore, the author refers to the efforts against fraud as
war, and it is impossible to win this war without help from others (Greene, 2009).
A study conducted by Lee et al. (2010) looks at another aspect of fraud –
phantom online credit card transactions. This type of transaction is a fake one and
the key component here is an agreement between a seller and a buyer. The goal
here is to obtain a loan (Lee et al., 2010). The authors acknowledge the importance
of the internet nowadays and how online auctions made everybody’s lives so much
easier when it is almost impossible to find anything that would not be available
online. However, the negative side of all this is that there is plenty of room for
fraud to exist and many criminals take advantage of that (Lee et al., 2010). Despite
all the seriousness that phantom credit transactions mean for auction websites,
detection of this problem has not been easy. Moreover, since it is more difficult to
be detected online, this type of fraud has really blossomed recently, especially on
not-so-well-known auction websites. Lee et al. (2010) developed several strategic
considerations that have to be in place in order to be able to effectively detect
36
online fraud in its early stages (Lee et al., 2010). These considerations are
addressed below.
After having conducted an analysis of online bids for laptop computers, Lee
et al. (2010) had been able to come up with three factors that are present whenever
there is a phantom credit transaction is present. First of all, according to the
authors, the starting bid for that particular item is significantly higher than it is for
the same item on other auctions. Also, such an auction for that item is usually much
shorter as well. And the reason for this is that the goal with a fake transaction is to
close out a deal as soon as possible, as compared to a ‘normal’ auction where the
main priority is to secure the highest payment (Lee et al., 2010). Also, a low
seller’s credit history is a great indicator too. Moreover, the authors state that low
credit is one of the most important signs for the detection of online fraud.
Therefore, credit evaluation systems have to be adopted by auction agencies in
order to be able to get rid of fraudsters (Lee et al., 2010). As a result, all these
factors have to be carefully looked at. Considering that auctions with phantom
transactions on average have 73% of bids that have higher starting prices, 98% of
auctions that are shorter in length and 96% of sellers that have lower credit scores,
these factors have to be examined pretty carefully (Lee et al., 2010). Early detection
might be the key to solution for the problem of online auction fraud (Lee et al.,
2010).
37
Another study on the problem of credit card fraud was done by Prabowo
(2011). According to the author, who also acknowledges all the seriousness of the
problem of fraud, it is very important to come up with effective anti-fraud strategy
and it is absolutely crucial to understand what resources it is necessary to allocate
in order to be able to solve this problem. The author refers to the fight against this
type of crime as when two players are playing chess. In other words, there is a lot
of strategy on both the offenders’ and the law enforcement agencies’ parts. Actions
of one player are in large part dictated by actions of another. And in the end, of
course, the winner will be the player who has a better strategy and who managed to
come up with a more sound strategy (Prabowo, 2011).
The main recommendation that Prabowo (2011) gives is that when
combating the problem of credit card fraud, the aspect of prevention has to be
considered just as important as investigation and prosecution. Also, it is very
important to be able to anticipate future threats and be ready for them. In fact, it has
to have the same priority level as fighting against current and existing threats. Due
to technology that is constantly developing, new types of fraud are evolving as well
and criminals take opportunities to explore new areas that potentially might have
security gaps. As a result, new and previously unseen types of crime appear and
modern law enforcement has to be ready for that (Prabowo, 2011). Also, the author
emphasizes the idea of cooperation among numerous players, such as individual
consumers, merchants, government entities, banks and other financial institutions
38
(Prabowo, 2011). Without such a cooperation and having one goal in common, it
will be very difficult to stop the crime (Prabowo, 2011).
A study by Gates and Jacob (2009) also emphasizes cooperation between
the government and private sector as something that is absolutely necessary.
Moreover, they state that fraud is something that is always going to exist in one
form or another and if we were to get rid of all forms of fraud altogether, it would
be necessary to shut down all payment systems (Gates & Jacob, 2009). Obviously,
this is not going to happen. What can be done, however, is to try maximizing data
security. This, in turn, can be achieved when various players, both from public and
private sectors, buy into this system. What is also necessary is to create some form
of uniformity with a clear set of standards and rules (Gates & Jacob, 2009). The
authors also emphasize that the aspect of innovation cannot be impacted here. Once
again, Gates and Jacob (2009) also acknowledge constantly developing technology
and the problem of fraud that is evolving as well. With so many different
perspectives on fraud, its consequences, and its future, it is very important to find
some form of consensus, which will be absolutely crucial in the future combat
against this problem (Gates & Jacob, 2009).
Caminer (1985) also acknowledges the importance of the cooperation
among various actors in the fight against this problem. The author states that this is
problem is not likely to go anywhere anytime soon. Considering that this crime
actually grows faster than the use of credit cards themselves, certain anti-fraud
39
measures have to be implemented. The fact that fraud is so widespread nowadays is
in large part due to a high number of credit cards that so many consumers possess
(Caminer, 1985). Furthermore, the crime of fraud is not easy to detect and since all
that the criminals need to have is a credit card number and not the actual card, the
crime of fraud is not technologically complicated and does not require extensive
knowledge (Caminer, 1985).
The author states that despite the anti-fraud measures taken by the credit
issuing agencies, they are not likely to have a long-term effect (Caminer, 1985). In
fact, the result is most likely to have a short-term impact. What is necessary,
however, is a strong federal legislation that would thoroughly address this problem.
In addition to cooperation, it is also expected that various governmental entities
will invest a significant amount of resources that would be necessary to not just
combat the crime, but also to understand the nature of the problem. Also, it can
lead to the introduction of a clear set of standards and definitions that would allow
for a more effective implementation of such legislation (Caminer, 1985).
The Fair and Accurate Credit Transactions Act (2003)
The Fair and Accurate Credit Transactions Act of 2003 was created in order
to amend the Fair Credit Reporting Act and add new sections that would make the
legislation stronger in terms of its efforts in combating the problem of identity
theft, as well as give consumers more rights and protection in order to avoid this
very serious problem (Privacy Rights Clearinghouse). Among the new changes
40
were such aspects as how one’s personal information could be shared, privacy,
accuracy, as well as consumer rights. One of the initiatives that was specifically
emphasized by the legislation creators was monitoring, and one of the means
through which a consumer can ensure that his personal information is up to date
and not being used by somebody else is through getting a credit report. Every
consumer has a right to obtain one free credit report per year through all three
major credit reporting agencies – Experian, TransUnion, and Equifax (Privacy
Rights Clearinghouse). Before the F.A.C.T.A. went into effect, consumers had to
pay for such services. Nowadays, however, anybody can order such a report
through a particular website (e.g., annualcreditreport.com or freecreditreport.com)
or by calling a certain number that also can be found there. Also, one is entitled to a
copy of his/her free report even if s/he is unemployed at the time of request.
Therefore, the main idea behind this is that if a consumer can get access to such a
report and be able to monitor his/her credit history, s/he is more likely to notice any
abnormalities with his account and stop the problem of identity theft in its earliest
stages (Privacy Rights Clearinghouse).
Another change that was brought by the implementation of the F.A.C.T.A.
was the fraud alert system. By calling credit reporting agencies consumers now
could place a 90-day fraud alert on their account. While doing this, they also had to
make sure to provide proof of their identity to the agency where they are calling to
make a fraud request. This alert, however, could be extended up to seven years,
41
given that a consumer could provide a reason for such an action, along with a
police report that would justify such a drastic measure (Privacy Rights
Clearinghouse). Also, what was proposed was the ability of military personnel to
place alerts on their account that would warn the credit reporting agencies in case if
there is something suspicious going on with these accounts. In other words, if a
person is out of the country, and yet his/her account is being used or new credit
cards are being requested, that would give something to think about to the credit
agencies and hopefully make an inquiry in regards to what might be going on
(Privacy Rights Clearinghouse).
Also, whenever a fraud alert is placed and a credit reporting agency is asked
to provide additional credit, it is their responsibility to try to contact a consumer
whose name is being used for requesting a new line of credit. This can be done
either through a phone number or regular mail (Privacy Rights Clearinghouse).
Moreover, the agencies also have to make sure that the identity of a consumer is
verified. Furthermore, whenever a fraud alert is requested, a consumer has the right
to obtain a free copy of his credit report. Finally, credit reporting agencies can also
block certain things on one’s credit report history that had been caused by the crime
of identity theft (Privacy Rights Clearinghouse).
Under the F.A.C.T.A., receipts for credit transactions cannot contain more
than the last five account numbers. Moreover, these receipts cannot contain
expiration dates. The intent behind this is to limit the identifying information
42
should a criminal get access to such a document (Privacy Rights Clearinghouse).
Also, whenever a consumer requests a copy of his/her file, s/he may ask for the last
five digits of his social security number to not be included in the paperwork. As far
as victim rights go, a consumer may request transaction records and all the reports
available regarding a crime from the businesses where that consumer’s personal
information had been used. A consumer has to make sure that such a request is
made in writing and that his/her identity is verified. Nevertheless, a business can
still reject the request if they are unable to verify the requesting party’s identity, as
well as if there are some misrepresentations of certain facts (Privacy Rights
Clearinghouse). Furthermore, if a collection agency is contacting a consumer in
regards to a debt that has been the result of the crime of identity theft, then a
collection agency has to clearly state that. Also, a creditor is entitled to get an
activity history that would include prior credit applications, as well as an account
summary (Privacy Rights Clearinghouse).
What also was emphasized by the F.A.C.T.A. legislation is that a lot has to
depend not just on individual consumers, but on the credit reporting agencies as
well, and they are the ones who have to take appropriate steps in making sure that
their clients’ personal information is not being used for criminals’ gains (Privacy
Rights Clearinghouse). As a result, the new system of ‘red flags’ was implemented
to warn these agencies that there could be something suspicious going on with a
particular account. As established with assistance from the F.A.C.T.A. among the
43
most common red flags included the following facts: fraud alerts placed by
consumers, unusual trends and patterns in one’s purchasing and activity history,
documents that appear to be forged or that are inconsistent with what the agency
has on file, suspicious home addresses or phone numbers or if they have been
noticed on prior fraudulent applications, suspicious social security numbers that do
not match a date of birth or a name on file, relatively prolonged inactivity of an
account followed by a series of transactions, mail being returned while the account
is still being used, or if there are notices from an account holder, as well as law
enforcement agencies (Privacy Rights Clearinghouse).
Another significant and quite common red flag is a change of address
followed by a request for a card replacement. As a result, it is the responsibility of
an agency issuing a credit card to take all necessary steps to verify the validity of a
change of address. Moreover, whenever there is a change of address and a request
for a new card, credit issuers have to contact a consumer whose name is being used
to make sure that the requests for changes are legitimate and this has to be done
within the first thirty days upon receiving a request (Privacy Rights Clearinghouse).
Also, whenever there is a request for a consumer report, either through a credit card
application or a rental agreement, the credit reporting agencies have to corroborate
with the entities from where the request for consumer reports have originated and
have to report any discrepancies in such areas as name or contact information.
44
Financial institutions, in turn, have to take all necessary steps to ensure that the
creditor’s information and identity are verified (Privacy Rights Clearinghouse).
Under the F.A.C.T.A., all businesses that deal with consumer reports have
to take all necessary measures to make sure that these very reports or any other
reports that contain personal identifying information are properly destroyed and
thus, will not end up in the hands of criminals. The agencies that fall under the
category of those who have to work with consumer reports the most include
insurance agencies, automobile dealers, landlords, government agencies and
employers (Privacy Rights Clearinghouse). Also, consumers were granted certain
rights by the implementation of the F.A.C.T.A. legislation. Among them are the
rights to block any information that has been the result of identity theft, as well as
to receive copies of all the documents, application or any records that had been
used in the commission of the crime. Finally, credit reporting agencies have to give
the victims of this crime a notice with what specific rights they have (Privacy
Rights Clearinghouse).
Another aspect that is emphasized by the F.A.C.T.A. is accuracy and,
therefore, making sure that all the information contained in the report is accurate is
crucial. Under this new legislation, financial institutions are now obligated to
provide early warnings for consumers whenever there is something suspicious
going on with that particular account (Privacy Rights Clearinghouse). Also, the
aspect of privacy is prioritized as well, and no consumer report can contain any
45
information that would be related to one’s medical records. Moreover, a
consumer’s consent is required if his/her medical information is to be released
either for employment or credit purposes (Privacy Rights Clearinghouse). Other
rights under F.A.C.T.A. include workplace investigations, sharing of information,
as well as how to dispute and resolve certain disagreements which are the results of
inaccurate credit report or findings (Privacy Rights Clearinghouse).
Holtfreter and Holtfreter (2006) looked at the impact of the Fair and
Accurate Credit Transaction Act (2003) in conjunction with the Identity Theft
Penalty Act (2004). The authors acknowledged the importance of similar
legislation and the fact that amendments would be added to both laws in the future.
Nevertheless, the main conclusion of the study was that it would take some time in
order to be able to draw a sound conclusion. More data were needed and also
Holtfreter and Holtfreter (2006) proposed an idea that it could be quite useful,
which was to do a cross-cultural analysis and compare anti-identity theft efforts to
those of foreign nations (Holtfreter & Holtfreter, 2006).
Conclusion
This literature review shows that the main purpose of the situational crime
prevention framework is to identify and implement the ways for reducing the
number of opportunities for a criminal to commit a crime. Target hardening, in
turn, is the central idea. Target hardening can be done through a variety of ways,
starting with not using one’s mailbox for outgoing mail and ending with rational
46
behavior when being online, such as not using suspicious websites or indicate
personal information on those websites that do not have security system installed.
The situational crime prevention perspective is developed separately for every type
of crime and its measures are specific, depending on what they are directed at. In
other words, what can be applied to auto theft prevention is useless in an effort to
reduce the amount of drugs on the streets. What works for preventing an identity
theft would not work for avoiding situations that might result in violent assault.
Despite the specificity and uniqueness of this framework in regards to each separate
type of crime, they, nevertheless, share all the main fundamentals of this model.
Auto theft prevention measures, for example, could involve such strategies
and techniques as making sure that a car is always locked when left unattended and
that the ignition keys are never left in the car and if held at home, be kept in a safe
and secure location. Manufacturers, by introducing new security features, can also
significantly lower the risks of a car getting stolen. In the meantime, increased law
enforcement patrol of the ‘hot spots’ along with implementation of such programs
as the ‘bait car’ can deter potential thieves as well (Linden & Chatuverdi, 2005).
Also, increased patrols of the ‘hot spots’ can be very efficient for reducing the
number of drugs on the streets. Restricting access to the key ingredients, from
which some illicit drugs are made, can reduce the amount of those drugs produced.
New policies and regulations directed at those types of drugs and all associated
penalties can prove to be very efficient as well (Shukla & Bartgis, 2010).
47
Such simple measures as shredding all unnecessary financial paperwork and
not using one’s mailbox for outgoing mail can prevent one from becoming a victim
of identity theft. Numerous laws that target cyber crime can also be very effective.
For example, the Federal Information Security Management Act was implemented
in 2002 that required all federal agencies to develop and implement a security
system that would protect their employees’ personal information. Such a system
was supposed to protect personal information from unauthorized access and use, as
well as guarantee confidentiality. The result was a much better security protocol for
federal employees (NIoSaT). Likewise, a simple change in lighting system and
surveillance system can make a public parking garage much safer, for example. The
introduction of the surveillance system and good locks can also have a positive
effect on safety of convenience stores and apartment complexes (Farrington et al.,
2007). Finally, being rational when it comes to alcohol consumption (i.e., drinking
in moderation) and not use alcohol with strangers at unfamiliar settings and
willingness to have an open and sincere discussion with a partner, along with
various educational programs on sexual assault prevention, can prove to be crucial
in preventing one from becoming a victim of rape (Parkhill et al., 2009).
Despite the fact that each of these types of crime involves different
measures, they all, as it was mentioned previously, share the main fundamentals.
Whatever the particular type of crime might be, the main goal of the situational
crime prevention framework is to make the target as difficult to reach for the
48
offender as possible. Besides making it too difficult, this model focuses on making
it too risky as well. If potential risks outweigh the potential benefits, an offender
would most likely not go for it. Finally, another important detail that one can see
from this literature review is that, whether the crime is identity theft or fraud, crime
prevention depends a lot on a would-be-victim’s behaviors and preventative
actions, as well as the tactics used by would-be criminals. In other words, in most
cases proper and timely precautions can reduce the chances of becoming a victim.
Victims are usually the ones who, due to their lack of attention or just simple
carelessness, provide opportunities for criminals and all that the latter ones have to
do is just to seize the moment. Therefore, by being more careful and aware, one can
significantly reduce the number of opportunities for an offender and that will
demonstrate the main principle of the situational crime prevention perspective at
work.
49
Chapter 3
Methodology
Research Design
In general, this research is designed to be exploratory and descriptive. It
explains how the presence or absence of the F.A.C.T.A (2003) affects identity theft
crimes and fraud complaints. Specifically, the research examines the impact of the
F.A.C.T.A. legislation on the total number of incidents reported, the total number
of fraud complaints, and how personal information is being misused (which will be
represented by the following categories: credit card fraud and bank fraud). The
importance of this analysis cannot be underestimated, as it will help to determine
the effect of this particular federal legislation on the problem and show what works
and what does not from the letter of the law perspective. It will demonstrate how
such protective policies impact the problem of identity theft and how this
legislation might be improved and what amendments might be necessary in order to
make it more effective in terms of lowering identity theft and fraud-type crime.
Therefore, this research will examine how the implementation of the legislation has
impacted the problem of identity theft and fraud.
This study will implement the interrupted time-series design. The
interrupted time-series design demonstrates an effect of a treatment or an
intervention that can be seen through the change in patterns of the pre- and posttreatment/intervention periods of time (Glass, 1997). Such an effect can be seen and
50
measured only if there is a difference in these pre- and post-treatment results
patterns (Lewis-Beck et al., 2004). In other words, if what is being measured does
not differ at all, then it would be very difficult to find any statistical significance in
the introduction of that particular treatment option and make any conclusions. And
on the contrary, if these patterns clearly differ from one another, then it is possible
to demonstrate the effect of that treatment. Moreover, the interrupted time-series
design includes repeated measurements of a dependent variable taken over a certain
period of time both before and after the introduction of an intervention and then,
any changes in these measurements can be compared to one another, as well as
both pre- and post-intervention periods of time can be compared to each other as
well. As a result, any effects of the independent variable (treatment or intervention)
can be observed and recorded (Lewis-Beck et al., 2004).
Data Collection
The data collection strategy for this study is through a primary data source,
which is the database created by the Sentinel Consumer Network and that belongs
to the Federal Trade Commission. The data have already been compiled and
currently exist in the form of several different reports and each report represents a
certain calendar year and consists of numerous sections, among which are fraud
and identity theft complaints, victim characteristics and statistics for every
individual state. Each section has several subsections in it; each of the subsections
provides more details for that particular section covering a specific side of the
51
identity-theft problem. These reports are widely available to the public and are
accessible by going to a Federal Trade Commission website
(http://www.ftc.gov/bcp/edu/microsites/idtheft/ reference-desk/national-data.html),
where one can see a series of PDF files with each report having a proper title.
Therefore, no extensive technological knowledge on part of a reader is required to
be able to access these files.
The database, which comprises the statistical portion of the reports from
where the required data will be extracted, includes national statistics for
consecutive years (2000-2010). These statistics include the number of incidents
reported, fraud and identity theft complaints, crime descriptions, victim
characteristics, amounts of monetary losses, as well as state complaint information
and state and metropolitan areas ranking.
Independent and Dependent Variables
The independent variable (IV) for this research will be the presence or
absence of the F.A.C.T.A. (2003) legislation. The F.A.C.T.A. legislation itself is
fixed and cannot change. Therefore, it is its presence or absence (before and after
the F.A.C.T.A. was enacted) that will be evaluated with respect to how it affects the
dependent variables. The research will be measuring the impact the independent
variable - presence or absence of the F.A.C.T.A. - has had on the problem of
identity theft.
The dependent variables (DV) in this research will be the total number of
52
identity theft incidents reported, the total number of fraud complaints, and how
personal information is being misused. This last dependent variable (‘how personal
information is being misused’) will include the following categories as types of
misuse: credit card fraud and bank fraud. The impact of the IV on the DVs will be
expressed in terms of changes in the number of identity theft incidents reported, the
number of fraud complaints, as well as how personal information is being misused.
In terms of the present research, the dependent variables will be examined
before and after the introduction of the F.A.C.T.A. (2003) legislation. In other
words, the research will be looking at the data for the period of 2000-2002, before
the treatment was introduced, which in the study will be the F.A.C.T.A. (2003), and
the data that will demonstrate what had occurred following the implementation of
this legislation and that will be the period of 2003-2010. The two periods of time
(pre- and post-treatment) are not equal in length; however, this is due to lack of
data availability on identity theft for the period of time preceding 2000. The
statistics were taken for each year separately and comparison will be made on a
year-by-year basis for the two periods of time (before and after).
Hypotheses
H1: Following the implementation of the F.A.C.T.A. legislation, the total number
of identity theft incidents, as well as identity theft rates, will decrease.
H2: Following the implementation of the F.A.C.T.A. legislation, the total number
of fraud complaints, as well as fraud complaints rates, will decrease.
53
H3: Following the implementation of the F.A.C.T.A. legislation, the number of
incidents where personal information is being used for the purposes of credit card
fraud and bank fraud, as well as credit card fraud and bank fraud rates, will
decrease.
Data Analysis
It is expected that with the implementation of the F.A.C.T.A. legislation, the
number of identity theft and fraud incidents cases, as well as their rates, will
decrease. This is thought to be the case because the new legislation, as well as
credit-issuing agencies having stricter monitoring and screening procedures when
issuing a line of credit, will lead to few incidents of identity theft and fraud.
Another aspect that is expected to have changed is how personal information is
being misused. It is expected that the number of the cases where personal
information is being used for the purposes of credit card fraud and bank fraud, as
well as these crimes’ rates, has been decreasing.
For the purpose of data analysis for this research, the Excel spreadsheet
software will be utilized. The statistics used for this research includes the total
number of incidents reported, the total number of fraud incidents reported, as well
as the number of cases where personal information had been used for bank fraud or
credit card fraud. Moreover, for the ‘how personal information is misused’
dependent variable, which includes ‘bank fraud’ and ‘credit card fraud’ as types of
misuse, the statistics also include what the percentages for that particular crime for
54
that specific year are in relation to all other types of fraud for that calendar year.
The statistics used in this work are representing eleven calendar years, 2000-2010,
and the two tables utilized in this study include the names of the dependent
variables, the years that are considered, as well as the numbers for every variable
that this research is looking at for every corresponding year.
Data Analysis – Coding Sheets
Secondary data analysis on a primary data source, which consists of a
series of the Consumer Sentinel Network reports that are publicly available on the
Federal Trade Commission website, was utilized in this research. This study has
two different coding sheets. These coding sheets can be found in Appendix A. The
first coding sheet contains the data for these two dependent variables: the total
number of incidents reported and the total number of fraud complaints. These
statistics will be represented in numbers, and not percentages. The required data
will be extracted from the database and inserted into the appropriate table. The first
coding sheet has three vertical columns (year, the total number of incidents
reported, the total number of fraud complaints) and twelve vertical rows (one for
each year – 2000-2010 – and one for the dependent variables). The second coding
sheet contains the required data from the same database and it will be created for
the ‘how personal information is being misused’ variable. It has twelve vertical
columns (one for each year – 2000-2010 – and one for the type how personal
information is being misused). The numbers in this coding sheet will be
55
representing the number of incidents for the following types of how personal
information is being misused: credit card fraud and bank fraud.
The data have already been compiled and currently exist in the form of
several different reports and each report represents a certain calendar year and
consists of numerous sections, among which are fraud and identity theft
complaints, victim characteristics and statistics for every individual state, as well as
different metropolitan centers. Each section has several subsections in it; each of
the subsections provides more details for that particular section covering a specific
side of the identity-theft problem. Every report also has the list of appendices that a
reader can find throughout the document.
More specifically, the reports are located in the ‘Fighting Back against
Identity Theft’ section. Also, all of them belong to the national data category and
represent formal Federal Trade Commission complaint data. There are eleven
reports for each calendar year starting from 2000 and ending in 2010. Each
reporting year starts in January and ends in December. The national data provided
in this section also includes the 2003 and 2006 identity theft survey reports.
Moreover, one of the files provides the Federal Trade Commission overview of the
identity theft program. Every report consists of numerous charts, graphs, tables and
other visual aids for representing the data. The reports have background
information on the Consumer Sentinel Network, an organization responsible for
creating the database, as well as an overview of the identity theft problem. There is
56
no narrative portion in these reports, but instead, the rest of them consist of
statistical data for a variety of already aforementioned categories.
Human Subjects
Despite the use of secondary data analysis on a primary data source, it was
necessary to submit an application to the Division of Criminal Justice’s Human
Subjects Review Committee for evaluation. A copy of the application submitted for
approval can be found in Appendix B. This research uses data from the Federal
Trade Commission database. Since the data has previously been collected and
published on a publicly accessible website and is deidentified, the research is
considered exempt. No plan for the protection of the data is warranted. Since the
database from which the necessary data will be taken is publicly available, this
study does not need any security measures, data handling procedures, retention
procedures, data destruction date or any other similar aspects. Also, since this
research is relying on secondary data analysis, there are no subjects that will
participate in the study. Therefore, there is no plan for recruiting people and
creating criteria for inclusion or exclusion. Neither are there any inducements for
subjects’ participation. Since the researcher has no affiliations with the Federal
Trade Commission or any legislators and policymakers behind the Fair and
Accurate Credit Transactions Act (2003), the U.S. Congress or any credit reporting
agency, no conflict of interest is expected. The researcher’s role in this study will
be solely to analyze the impact of the F.A.C.T.A. (2003) legislation. The results of
57
this study, regardless whether or not the main hypothesis is supported, will be
recorded and reflected in the ‘analysis’ and ‘conclusion’ sections of this research.
Strengths & Limitations of the Research
This study has its strengths and limitations. The main strength of the
research is that it will provide the latest trends and patterns for this type of crime.
Specifically, it will shed some light on the effectiveness of the F.A.C.T.A. (2003)
legislation and whether or not it would be practical to implement similar types of
laws in the future and, therefore, will help to develop something that would be
more efficient and effective. The implementation of the interrupted time-series
design and looking at any changes bring some advantages, as it is possible to look
at the identity theft situation and how it had been changing from one year to
another. Also, this will illustrate the whole picture for the pre- and post-treatment
periods and would allow comparing them with one another as well.
The main limitations for this study, however, will be the fact that there
might be additional factors responsible for any changes observed and, as a result,
something else in reality might be the biggest contributing factor. Therefore, it is
always important to keep in mind the idea that there might be something else that
could have influenced the final results.
58
Chapter 4
Analysis of the Findings
Introduction
This study implemented the interrupted time-series design, in which the
dependent variables were looked at before and after the introduction of the
F.A.C.T.A. (2003) legislation (treatment). In other words, the research looked at
the data for the period of 2000-2002, before the treatment was introduced, and the
data that demonstrated what had occurred following the implementation of this
legislation and that would be the period of 2003-2010. The two periods (pre- and
post-treatment) are not equal in length; however, this is due to lack of data
availability on identity theft for the period preceding 2000. Once again, the study is
interested in how the problem of identity theft, which was represented in changes in
such characteristics as the number of fraud complaints, the total number of
incidents and how the stolen personal information is being misused, has changed
starting from the aforementioned periods of time before the legislation took effect
and after it was enacted. The statistics were taken for each year separately and
comparison was made on a year-by-year basis for the two periods of time (before
and after). Furthermore, the pre- and post-treatment periods of time were compared
with each other as well.
59
Analysis of Dependent Variables
The Total Number of Identity Theft Incidents and the Rates of Identity
Theft Incidents. The first dependent variable that this study examined was the
‘total number of identity theft incidents’ and the ‘rate of identity theft incidents’ is
the second variable. The data for these two dependent variables were represented
through the actual number of incidents recorded and the rates of identity theft
incidents. The relationship between the independent variable, which is presence and
absence of the F.A.C.T.A. legislation, and these particular dependent variables was
opposite from what was hypothesized. In other words, with the presence of the
treatment (the legislation itself), the total number of incidents, as well as the rates
of identity theft incidents, should have gone down, but instead, the number of
incidents and the rates went up.
Table 1 below presents the data (along with the data for the ‘total number of
fraud complaints’ variable) for the ‘total number of identity theft incidents’
variable. While trying to compare the first three years of the pre-treatment period of
time and how the situation had been changing from one year to another, it can be
seen that the number of incidents had been on the rise throughout that specific
period. The year of 2001 saw an increase of the incidents reported in the amount of
almost 100,000 compared to the year of 2000 (325,519 compared to 230,628).
Furthermore, in 2002, there were more than 551,000 incidents recorded and that
was almost 226,000 more incidents than in the year prior. As it can be seen, the
60
period of time preceding the implementation of the F.A.C.T.A. legislation had
witnessed an increase in the number of incidents reported with an approximately
100,000 increase in 2001 and an approximately 226,000 increase in 2002.
Table 1
Total Number of Incidents and Total Number of Fraud Complaints
Year
Total Number of Incidents
Total Number of Fraud
Complaints
2000
230,628
111,255
2001
325,519
137,306
2002
551,622
242,783
2003
713,657
331,366
2004
860,383
410,298
2005
909,314
437,585
61
2006
906,129
423,672
2007
1,066,150
503,797
2008
1,241,086
609,595
2009
1,377,845
680, 704
2010
1,339,265
725,087
The first year following the implementation of the treatment, the year of
2003, saw 713,657 incidents and that was approximately 160,000 more than what
was recorded in the last year of the pre-treatment period (713,657 vs. 551,622). The
next year, 2004, had more than 860,000 incidents recorded and that represented an
increase by almost 150,000 compared to the previous year. The following year,
however, the year of 2004, also saw an increase in the number of incidents
reported, but compared to 2004, the difference was only about 50,000 incidents
(909,314 in 2005 vs. 860,383 in 2004). Year 2006 shows that the number of
incidents was not rising as it had been in prior years. Moreover, the year of 2006
62
actually saw a decline in the number of incidents and the number dropped by a little
bit more than 3,000 incidents compared to the previous year. However, this trend of
slight rise and even decline in the number of incidents reported was very brief and
the year of 2007 witnessed more than 150,000 incidents compared to 2006
(1,066,150 vs. 906,126). This trend continued in 2008 as there was an increase by
almost 180,000 incidents and the year of 2009 saw another rise when there were
recorded almost 1,378,000 incidents and that was approximately 135,000 incidents
more than in the year prior. Finally, the last year that this research was looking at,
2010, had seen a decline by almost 40,000 in the number of the cases recorded
(1,339,265 vs. 1,377,845).
The relationship between the independent variable (presence or absence of
the F.A.C.T.A. legislation) and this particular dependent variable, the total number
of identity theft incidents, is opposite from what was hypothesized. It is
hypothesized that with the implementation of the F.A.C.T.A. legislation, the
number of incidents and the crime rates would decrease. What this shows is that
this particular hypothesis is not supported. It is necessary to point out that the
number of incidents had been on the rise in the years preceding the treatment.
Moreover, the last year of the pre-treatment period, the year of 2002, saw
approximately 320,000 incidents more compared to the first year of the same
period, the year of 2000. Following the implementation of the F.A.C.T.A., the
number of incidents had been steadily rising and five calendar years (2003, 2004,
63
2007, 2008, and 2009) had witnessed an increase of more than 100,000 incidents
compared to the previous year. There was an interesting trend that was observed
two different times, however very brief, when the number of incidents reported was
on the decline. The year of 2006 saw about 3,000 incidents less than what was
recorded in 2005 and the year of 2010 saw approximately 40,000 incidents fewer
compared to 2009.
The number of the incidents reported had been going up following the
implementation of the F.A.C.T.A. with the exception of the year of 2006, when
there was a relatively small decline in the amount of approximately 3,000 incidents.
However, what followed that year was another three years where the numbers were
once again going up by at least 100,000 incidents until there was a second decline,
in the amount of about 40,000 incidents, in 2010. Figure 1 below shows the trends
observed while conducting this study. Due to data availability limitations, it is
unclear if that was just a one year decline or something that could represent the
beginning of a new trend. Therefore, since there is no data for the years of 2011 and
2012, there is no way to say how the year of 2010 looks like in relation to the
following years.
64
1,600,000
1,400,000
1,200,000
1,000,000
800,000
600,000
400,000
200,000
0
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
Figure 1. The Total Number of Identity Theft Incidents
As far as the rates of the identity theft incidents go, the trend observed here
is very similar to the trends that can be seen when looking at the raw numbers. For
the purpose of this study, the rates are represented by a number of the identity theft
incidents per 100,000 residents of the United States. The formula for calculating
these rates was the total population divided by 100,000, and then number of crimes
for the ‘total number of identity theft incidents’ and the ‘total number of fraud
complaints’ variables was divided by the result from the first equation. The data for
the U.S. population were taken from the U.S. Census Bureau.
The Figures 2 and 3 below show the data for the U.S. population and the
rates of the identity theft incidents, respectively. The very first year that this study
looked at, the year of 2000, had a rate of 81.74 incidents per 100,000 residents.
65
During the year of 2001, this rate went up to 114.23 incidents. The last year of pretreatment period, the year of 2002, saw a rate of 191.78 incidents. As it can be seen
here, these rates had been steadily going up and the last year of the pre-treatment
period, 2002, saw an increase of approximately 110 incidents per every 100,000
residents of the United States.
The first year following the implementation of the F.A.C.T.A., the year of
2003, had a rate of 246 incidents per 100,000 residents. The rate continued to rise
and in 2004 it was 293.84 incidents. Furthermore, this trend continued in 2005 as
well, and it became 307.7 incidents. Just like the total number of identity theft
incidents went down in the year of 2006, the same goes for the rate of the identity
theft incidents, as it went down by almost 4 incidents per every 100,000 (303.68 vs.
307.7). Nevertheless, this trend of the rate going down did not last, and the year of
2007 saw another increase and the rate of identity theft incidents became 353.93
incidents. In 2008, there was another increase of more than 50 incidents per every
100,000 residents and now was 408.13. The year of 2009 saw an increase again,
and the rate for this year was 449.15 incidents. Finally, in 2010, the rate went down
to 432.93 incidents. It is necessary to point out that the total number of identity
theft incidents went down as well.
66
315,000,000
310,000,000
305,000,000
300,000,000
295,000,000
290,000,000
285,000,000
280,000,000
275,000,000
270,000,000
265,000,000
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
U.S. Population (2000-2010)
Figure 2. The U.S. Population (2000-2010)
449.15
432.93
408.13
353.93
293.84
307.7
303.68
246
191.78
114.23
81.74
2000
2001
2002
2003
2004
Figure 3. The Identity Theft Rates
2005
2006
2007
2008
2009
2010
67
Nevertheless, it is safe to say that the total numbers of the incidents reported
after the F.A.C.T.A. got implemented in 2003, as well as the rates of the identity
theft incidents, in fact had been rising. Compared to the very first year that this
research looked at, the year of 2000, the final year of this study, the year of 2010,
saw almost a 580% increase in the number of incidents. It is necessary to
acknowledge that the number and rates of identity theft incidents had been going
up during the pre-treatment period as well. The rate of these incidents per every
100,000 residents had been rising as well, and the last year that this research looked
at, 2010, saw an increase of approximately 351 incidents per 100,000 residents.
This might suggest that there potentially can be additional factors present that were
responsible for this situation. For example, more people could have been reporting
more crimes or the law could have been capturing more crimes. In addition, the rise
in the number of this crime could have been due to the development of new
technologies, which might have created more opportunities of which criminals may
take advantage. The data leave open the likelihood of another factor influencing the
declining rate of the number of identity theft incidents since the enactment of the
F.A.C.T.A..
Total Number of Fraud Complaints and Fraud Complaints Rates. The
third and fourth dependent variables that this research examined were the total
number of fraud complaints and the rates of fraud complaints. The relationship here
is the opposite of what was hypothesized; in other words, with the implementation
68
of the F.A.C.T.A. legislation, the total number of fraud complaints and the rate of
fraud complaints should decrease. The independent variable is the same – it is the
presence or absence of the treatment (F.A.C.T.A.), and these particular dependent
variables involve the total number of fraud complaints, as well as rates of fraud
complaints. All the data are represented through the actual numbers and rates of
fraud complaints. When looking at the pre-treatment period of time, it can be seen
that the number of fraud complaints had been going up. The very first year that this
study was concerned with, 2000, had 111,255 incidents recorded. The following
year saw over 26,000 complaints more (137,306 vs. 111,255). The year of 2002
had experienced a much higher increase in the number of fraud complaints – this
time it was more than 105,000 complaints more compared to 2001. As a result, a
certain trend can be seen for the years preceding the implementation of the
treatment – the number of fraud complaints had been going up. It is also necessary
to point out that compared to 2001, in 2002 the number of complaints went up by
almost four times more than in the previous year.
The first year of the post-treatment period, the year of 2003, had witnessed
an increase in the amount of almost 90,000 complaints compared to the last year of
pre-treatment period (331,366 vs. 242,783). This trend continued in 2004, when
there was an increase in the number of complaints again; however, this time the
total number went up by approximately 80,000 cases. Another increase, although
smaller than for the year prior, was observed for the year of 2005 as well. The
69
number of fraud complaints went up by about 25,000 complaints. However, the
trend of increasing numbers of complaints stopped in the year of 2006 when the
number dropped to 423,672 compared to 437,585 in 2005. That represented an
approximately 14,000 decline in the number of fraud complaints. But that did not
materialize in any kind of trend as the very next year, the year of 2007, saw an
approximately 80,000 increase (503,797 compared to 423,672 in 2006). Moreover,
the very next year, 2008, saw even larger increase as the total number of fraud
complaints went up by almost 106,000 cases (609,595 for the year of 2008). The
year of 2009 saw another increase in the number of complaints and even though it
was not as great as for the year prior, it still represented an approximately 70,000
increase. Finally, the last year of the post-treatment period, the year of 2010, had
witnessed an approximately 45,000 increase (725,087 vs. 680,704 in 2009). The
trends discussed in this part are illustrated in Figure 4, which can be found below.
70
800,000
700,000
600,000
500,000
400,000
300,000
200,000
100,000
0
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
The Total Number of Fraud Complaints
Figure 4. The Total Number of Fraud Complaints
As far as fraud complaints rates go, there had been a trend similar to the
trend observed with the raw numbers of fraud complaints. The very first year that
this research looked at, the year of 2000, saw the rate of 39.43 complaints for every
100,000 residents of the United States. The rate went up by slightly less than 9
complaints during the next year, 2001, and became 48.18 complaints. However, the
following year, 2002, saw an increase that was much larger that what was observed
in 2001 and the rate of fraud complaints for every 100,000 residents became 84.41
complaints.
The first year following the implementation of the F.A.C.T.A., the year of
2003, saw another increase in the rate of fraud complaints and it became 114.22
complaints. In 2004, this trend continued and the rate became 140.12 complaints
71
for every 100,000 residents. The year of 2005 saw the rate of 148.07 complaints
and that was almost 8 complaints more than what was recorded in 2004. The year
of 2006, however, saw a decline in the rate of fraud complaints. This is similar to
the number of fraud complaints, as this number went down as well. In the year of
2006, the rate was 141.99, while the year of 2007 saw another increase and the rate
became 167.25 complaints. The rate continued to go up, and in the very next year,
2008, it was slightly more than 200 complaints per every 100,000 residents
(200.47). The years of 2009 and 2010 saw increases in the rates of fraud complaints
as well, with the rates being 221.89 and 234.39 respectively. Figure 5 below
presents these findings.
The Rates of Fraud Complaints
234.39
221.89
200.47
167.25
148.07 141.99
140.12
114.22
84.41
39.43
2000
48.18
2001
2002
2003
2004
2005
Figure 5. The Rates of Fraud Complaints
2006
2007
2008
2009
2010
72
The relationship between the dependent variable, the presence and absence
of the F.A.C.T.A. legislature, and these particular dependent variables, the total
number of fraud complaints, as well as the rate of fraud complaints, is opposite
from what was hypothesized. It is hypothesized that with the implementation of this
law, the number of fraud complaints and the corresponding crime rates would be
declining. What this data analysis shows is that the main hypothesis in regards to
these particular dependent variables is not supported. It is also necessary to point
out that the number and rates of fraud complaints have been rising during the pretreatment period. Moreover, the last year for this period showed an increase in the
amount of approximately 105,000 reports and compared to the previous year, that
was more than four times greater than what the year of 2001 had experienced.
Therefore, the last year of this period of time saw almost 130,000 complaints more
than what was recorded in the first year.
Following the implementation of the legislation, the number of fraud
complaints had been rising. Furthermore, five different calendar years had
experienced an increase of at least 70,000 complaints compared to the year prior
(2003, 2004, 2007, 2008, and 2009). Also, the very first year following the
implementation of the law had seen an increase in the amount of approximately
90,000 more reports compared to the last year of the pre-treatment period (331,366
in 2003 compared to 242,783 in 2002). Another thing that has to be pointed out is
that one calendar year, the year of 2006, had experienced a decline in the number of
73
fraud complaints. In fact, about 14,000 fewer incidents were recorded in 2006
compared to what was recorded in 2005 (423,672 vs. 437,585). Also, the year of
2005, even though it still had experienced an increase in the number of reports, it
was much smaller than what was observed in the years prior (27,000 in 2005
compared to approximately 80,000 and approximately 90,000 in 2004 and 2003
respectively).
The rates of fraud complaints for every 100,000 residents had been going
up, with the exception of the year of 2006, when the rate dropped from 148.07 in
2005 to 141.99 in 2006. During all other years that this research looked at, the rate
of fraud complaints had been going up. In fact, the last year of this study, the year
of 2010, saw an increase of almost 195 complaints per every 100,000 residents
compared to the year of 2000. Moreover, compared to the last year of the pretreatment period, 2002, the last year of post-treatment period, 2010, saw an increase
of almost 150 complaints. It is necessary to point out that the fraud complaint rates
had been going up during the pre-treatment period as well.
As these results showed, the main hypothesis is not supported. The number
of fraud complaints had been on the rise following the implementation of the
F.A.C.T.A. legislation. Although, it is necessary to point out that during the years
preceding the enactment of the law, there was also an increase in the number of
cases. The year of 2006 saw an approximately 14,000 decline in the number of
fraud complaints; however, this was observed during only one year, and starting
74
with the following year, 2007, the number of complaints started going up again.
Due to data availability limitations following the year of 2010, it is unclear what
the statistics for 2011 and 2012 might be. However, it can be seen that based on the
data in hand, the total number of fraud complaints and the rates of fraud complaints
had been going up, with the exception of the year of 2006. Compared to the very
first year that this research looked at, the last year had an increase of more than
650% in the number of complaints. Another interesting detail that is worth pointing
out is that the ‘total number of incidents and the rates of identity theft incidents’
and ‘total number of fraud complaints the rates of fraud complaints’ variables show
that the calendar year of 2005 showed an increase that was significantly smaller
than what was observed in the years prior. Moreover, the year of 2006 actually
showed a decline in the number of incidents and fraud complaints respectively, as
well as the rates of identity theft incidents and fraud complaints, followed by an
increase the very next year. Nevertheless, this data analysis shows that with the
exception of 2006, the number of incidents and fraud complaints, as well as their
rates, had been rising following the implementation of the F.A.C.T.A. legislation.
Misuse of Personal Information. The fifth, and final, dependent variable
that this research examined is how personal information was being misused. More
specifically, this study looked at two different types of misuse, bank fraud and
credit card fraud, and the findings showed support in terms of what has been
hypothesized. It is hypothesized that with the implementation of the F.A.C.T.A.
75
legislation, the number of incidents where personal information is being used for
the purposes of credit card fraud and bank fraud, as well these crimes’ rates, should
be declining. The data for credit card and bank fraud have been presented together,
however only for purposes of illustrating these data for these crimes’ incidents and
rates. In general, the results presented below in both the narrative and figures show
that, while for a period of time the incidents and rates of credit card and bank fraud
had been rising (therefore, not supporting the hypothesis), after some time, the
numbers of incidents and rates for both credit card and bank fraud eventually went
down, thereby supporting the hypothesis regarding the ‘misuse of personal
information’ dependent variable.
Credit Card and Bank Fraud Incidents. While looking at credit card fraud
and bank fraud incidents, the data, which can be found in Table 2, showed that the
very first year that this study was concerned with had experienced almost 13,000
incidents, which accounted for 41% of the total number of identity theft incidents.
However, this number went up by almost three times during the following year,
2001 (36,190 compared to 12,900 in 2000) and that represented 42% of all
incidents. The last year of the pre-treatment period recorded almost 68,000 of
incidents, an increase by more than 30,000, which accounted for 41% of all
recorded incidents. As it can be seen, the percentage of the credit card fraud side
stayed relatively constant; however, the number of credit card fraud incidents had
been going up significantly, by 23,000 and 31,000 respectively.
76
Table 2
Total Number of Credit Card Fraud and Bank Fraud Incidents and Percentages of
Bank Fraud
Credit Card Fraud
Total Incidents
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
12900
36190
67963
70918
69039
66446
61508
59438
62796
47273
37587
41%
42%
41%
32%
28%
26%
25%
23%
20%
17%
15%
4100
11201
27509
36533
44382
43446
39365
33595
34538
27807
25058
13%
13%
16%
17%
18%
17%
16%
13%
11%
10%
10%
Figure 6 below illustrates the number of credit card fraud as well as bank
fraud incidents. The first year of the post-treatment period recorded more than
70,000 cases involving credit card fraud, but the total percentage dropped to 32%
of all incidents. Compared to the previous year, the year of 2003 had experienced
just approximately 3,000 incidents more. The very next year, 2004, saw something
that had not been seen before – the decline in number of incidents, as there were
69,039 incidents recorded, which was almost 2,000 less than in 2003. Moreover,
that accounted for even smaller percentage number of all incidents compared to the
year prior – 28%. The year of 2005 saw another decline in the number of incidents
77
involving credit card fraud (66,446 compared to 69,039 in 2004). Also, the
percentage of the total number of incidents continued to go down as well (26% to
28% from the year prior). This trend continued in the next two years when, in 2006
and 2007, the numbers of these types of incidents continued to decline (61,508 in
2006 and 59,438 in 2007). Furthermore, the total percentages continued to go down
as well (25% of all incidents in 2006 and 23% in 2007). However, the year of 2008
had experienced 67,796 incidents and that was an increase by more than 3,000
cases where credit card fraud was involved. Nevertheless, the percentage of all
incidents kept on decreasing – 20% for the year of 2008. The year of 2009 and
2010 once again saw the number of incidents on decline, with 47,273 cases being
recorded in 2009 and 37,587 in 2010. The percentage numbers continued to be on
decline as well (17% in 2009 and 15% in 2010).
Bank fraud is another example related to ‘how personal information is being
misused’ dependent variable. Once again, with the implementation of the
F.A.C.T.A. legislature, the number of bank fraud incidents, as well as the rates of
bank fraud, should decrease. The very first year that this study was looking at, the
year of 2000, had recorded a little bit more than 4,000 incidents, which represented
13% of all incidents. The following year saw an increase of more than 12,000;
however, as far as percentages go, there was no increase or decrease compared to
the year prior (16,371 incidents vs. 4,100 incidents in 2000). The last year from the
pre-treatment period had experienced more than 27,000 cases where bank fraud
78
was involved, which represented an approximately 16,000 increase compared to the
year prior (27,509 vs. 11,201). Moreover, the total percentage went up by three
points as well.
The first year, 2003, after the F.A.C.T.A. went into effect had seen another
increase in the number of the incidents that resulted in bank fraud. In fact, 36,533
incidents were recorded that year and the percentage went up to 17% and that was a
1% increase compared to 2002. This trend continued the following year and the
year of 2004 had experienced more than 44,000 incidents, and that was almost
8,000 incidents more than in the year prior. The total percentage again had
increased by 1% and now was 18% out of all incidents. The next year, 2005,
however, saw what had not been seen in the years prior – there was a decline in the
number of incidents. The number dropped by about 1,000 (43,446 in 2005 vs.
44,382 in 2004). The percentage went down by 1% and became 17%. Moreover,
this trend continued for the next two years, as the number of the incidents that
resulted in bank fraud kept going down. The year of 2006 had witnessed 39,365
incidents, while the following year, 2007, had experienced 33,595 cases.
Furthermore, the number of bank fraud incidents in relation to the total number of
incidents continued to go down as well (16% and 13% in 2006 and 2007
respectively). The year of 2008 saw an increase in the number of incidents;
however, 2008 had experienced only about 1,000 cases more compared to the year
prior. Nevertheless, the percentage still continued to go down and became 11%.
79
This increase proved to be a one-year occurrence and the following two years had
witnessed a drop in the number of incidents, as 27,807 cases were recorded in 2009
(7,000 less than in 2008) and 25,058 cases in 2010 (2,000 less than in 2009). The
percentage stayed the same – 10%.
80000
70000
60000
50000
40000
30000
20000
10000
0
2000
2001
2002
2003
2004
2005
Credit Card Fraud Incidents
2006
2007
2008
2009
2010
Bank Fraud Incidents
Figure 6. The Total Number of Credit Card Fraud and Bank Fraud Incidents
Credit Card and Bank Fraud Rates. In the year of 2000, the rate of credit
card fraud for every 100,000 residents of the United States was 4.57 incidents. This
rate went up by more than 8 incidents during the following year, 2001, and became
12.7. Furthermore, the rate increased by another almost 11 incidents and in 2002
the rate became 23.63. The first year following the implementation of the
F.A.C.T.A., the year of 2003, saw a slight increase and the rate became 24.45
incidents. The rate went down during the next year, 2004, and became 23.58
80
incidents. Moreover, the rate of credit card fraud incidents continued going down in
the following three years, 2005, 2006 and 2007 with the rates being 22.49, 20.61
and 19.73 incidents respectively. The year of 2008 saw an increase in the number
of credit card fraud incidents and the rate of this crime also went up from 19.73 in
2007 to 20.68 in 2008. However, this trend did not materialize into a long-term
trend, and in 2009, the rate dropped to 15.41 incidents. In 2010, the rate dropped
down even further and became 12.15 incidents. This shows that the rate of credit
card fraud incidents had been on the rise during the pre-treatment years, as well as
the first year following the implementation of the F.A.C.T.A.. However, starting
with the year of 2004, the rate had been steadily going down with the exception of
2008, when the rate slightly went up by less than on incident (from 19.73 in 2007
to 20.65 in 2008).
What these data demonstrate is that the main hypothesis in regards to the
credit card fraud is supported. What can be extracted is that the number of the
credit card fraud incidents had been on the rise prior to the implementation of the
F.A.C.T.A. when these numbers had been going up by almost 24,000 and more
than 30,000 incidents in 2001 and 2002 respectively. This trend continued in 2003;
however, the increase was only by about 3,000 incidents. From that point on, the
number of incidents had been on decline, with the sole exception being the year of
2008 when the number of the credit card fraud incidents went up by about 3,000.
As the following years had demonstrated, this was just a one-year occurrence and
81
after that year the numbers continued to go down by approximately 15,000
incidents in 2009 and approximately 10,000 in 2010. As far as credit card fraud
rates go, a similar trend can be observed here as well. The rates had been going up
prior to the implementation of the F.A.C.T.A. and one year thereafter; however, as
the data demonstrate, the rates for credit card fraud had been steadily going down
since then, with the exception of the year of 2008, and then started going down
again.
What has been going on with this particular variable following the year of
2010 is unclear due to data availability limitations. Also, the total percentages of
the incidents involving credit card fraud incidents out of all incidents kept declining
steadily through the years that this research had been concerned with. The pretreatment period showed that the number of incidents where personal information
had been used for the purpose of credit card fraud accounted for approximately
41%-42%. However, this percentage started declining steadily following the
implementation of the F.A.C.T.A. legislature. The final percentage was just 15%,
and that was significantly smaller compared to the 41% observed in the very first
year, 2000. Therefore, the main hypothesis is supported, as the number of credit
card fraud incidents was on the decline after the law became enacted. These
findings also suggest that there could be something else going on, and people could
have started being more cautions when it comes down to using credit cards, as well
as the law itself was acting as a deterrent for card fraud criminals. Nevertheless, it
82
does open the likelihood of another factor influencing the declining rate of credit
card fraud incidents since the enactment of the F.A.C.T.A..
In terms of bank fraud incidents, the rate, in the year of 2000, was 1.45. The
following year, 2001, the rate went up to 3.93 incidents. The last year of the pretreatment period saw the rate rise by almost 6 incidents, and the rate became 9.56
incidents. The first two years following the implementation of the F.A.C.T.A. had
experienced the crime rate going up, with the rates being 12.59 and 15.16 in the
years of 2003 and 2004 respectively. Starting with the year of 2005 the rate starting
declining and in 2005 it was 14.7 incidents, while in 2006 and 2007 the rate was
13.19 and 11.15 incidents respectively. The year of 2008 had experienced a slight
rise in the number of bank fraud incidents. The rate of this crime, in its turn, also
went up from 11.15 in 2007 to 11.36 incidents in 2008. However, in 2009 the rate
went down by more than 2 incidents (9.06 in 2009 from 11.36 in 2008). The year of
2010 saw another decrease and the rate was 8.10 incidents. What this shows is that
the bank fraud rate for every 100,000 residents had been steadily going up;
however, starting with the year of 2005 it started going down, with the sole
exception being the year of 2008 where there was a slight increase. The rate
changes for bank fraud, as well credit card fraud, are presented in Figure 7 below.
83
Credit Card Fraud Rates
23.63
24.45
23.58
Bank Fraud Rates
22.49
20.61
15.16
12.7
14.7
12.59
20.65
15.41
13.19
11.15
9.56
4.57
19.73
12.15
11.36
9.06
8.1
3.93
1.45
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
Figure 7. Credit Card Fraud and Bank Fraud Rates
What this data demonstrated is that the main hypothesis in regards to the
bank fraud incidents and the rate of bank fraud is also supported. The numbers of
this type of incident had been going up prior to the implementation of the
F.A.C.T.A. legislation. Moreover, there were increases by more than 7,000
incidents in 2001 and more than 16,000 incidents in 2002. The first year of the
post-treatment period had seen another increase, which accounted for
approximately 9,000 cases. This number continued to increase in 2004 as well.
However, starting with the following year, 2005, the number of incidents where
bank fraud was involved started going down (by approximately 4,000 and
approximately 6,000 incidents in 2006 and 2007 respectively). In 2008 this number
had increased by about 1,000 cases; this number was shown to be just a one-year
84
occurrence and the following two years saw decreasing numbers as well. The rates
of this crime had been going up prior to the implementation of the F.A.C.T.A. and
for two years thereafter; however, starting in 2005, the rates started gradually going
down with the exception of the year of 2008 when there was a slight increase, but
after that, the rates started declining once again.
Also, what can be extracted from this data is that the percent of the bank
fraud incidents, treated as a proportion of the total number of identity theft
incidents, had been going up in the pre-treatment period, as well as the first two
years immediately thereafter. However, starting with the year of 2004, the
percentages had been steadily going down. What has been going on following 2010
is unclear due to data availability limitation. All this leads to a conclusion that the
main hypothesis in regards to the bank fraud incidents is supported, as the number
of incidents had been going down starting with the year of 2004, with the sole
exception being the year of 2008; however, the increase that year was only about
1,000 cases and it did not transform into a long-term trend and was observed for
just one year.
Data Analysis Summary
To summarize the data analysis presented in this section, there were five
different dependent variables that this research was looking at and how they were
affected by the independent variable, which was either the presence or the absence
of the F.A.C.T.A. legislation. The relationships for the first four dependent
85
variables, the ‘total number of identity theft incidents’ and the ‘rates of identity
theft’, as well as the ‘total number of fraud complaints’ and the ‘rates of fraud
complaints,’ were opposite from what was hypothesized. The findings showed that
there was an increase in the number of incidents and rates for each of these four
variables with the implementation of the F.A.C.T.A. In other words, with the
implementation of the law, it was hypothesized that the total number of identity
theft incidents and the total number of fraud complaints, as well as the rates for
these crimes, would be going down. The hypothesis for the ‘total number of
identity theft incidents’ and the ‘rates of identity theft’ dependent variables has not
been supported. The total number of identity theft incidents had been steadily
rising, with the exceptions being the years of 2006 and 2010. However, the 2006
decline was only by about 3,000 incidents while in 2010 it accounted for almost
40,000 cases. It is not clear what this situation looked like following the year of
2010, as there is no available data. The rate of identity theft incidents was also on
the rise with the years of 2006 and 2010 being the only two exceptions. It is
necessary to point out that the year 2006 had experienced only about 4 incidents
less than year 2005.
The total number of fraud complaints had been rising as well and the only
exception where there was a decline was the year of 2006. The same applies to the
crime rates for fraud. For all other years that were looked at during this research,
there was an increase. What is worth pointing out that, for both ‘total number of
86
fraud complaints’ and the ‘rates of fraud complaints’ dependent variables, the year
of 2006 had experienced a decline in both the total number of incidents and fraud
complaints, as well as these crimes’ rates. Also, it is necessary to acknowledge that
these numbers had been on the rise during the pre-treatment period as well.
The fifth dependent variable, ‘how personal information is being misused,’
was represented by bank fraud and credit card fraud incidents and these crimes’
rates. It was hypothesized that with the implementation of the F.A.C.T.A., the
number of incidents where personal information was being used for the purpose of
credit card fraud and bank fraud, as well as these crimes’ rates, should go down.
The main hypothesis in regards to this variable, in terms of the two types of identity
theft, has been supported. Moreover, the number of such incidents had been
steadily declining over the years. Both of these types of misuse had experienced an
increase in the number of incidents during the pre-treatment period and
immediately following the introduction of the law; however, starting with the year
of 2003 (credit card fraud) and 2004 (bank fraud), the number of incidents started
to decline. The same applies to the corresponding crime rates as well. The total
percentages for which these two variables accounted in relation to the total number
of incidents showed a similar trend – they had been steadily going down over the
years that this research has been examining. Also, an interesting detail that has to
be pointed out is that there was a slight increase in the number of both the bank
fraud and the credit card fraud incidents in 2008. Nevertheless, as it can be seen
87
from this data analysis, unlike the first two hypotheses, the main hypothesis for the
dependent variable, ‘how personal information is being misused,’ as illustrated by
two types of misuse (credit card and bank fraud), unlike the first two hypotheses,
has been demonstrated and the expected relationship has been shown.
As a result, since the F.A.C.T.A. legislation was implemented in 2003, there
had been more identity theft incidents and fraud complaints and the rates for these
crimes went up as well. Since the main goal of the legislation was to reduce the
number and rates of identity thefts, questions about its effectiveness and purpose
might arise. However, this increase might be explained by the law capturing more
and more incidents and considering developments in modern technology, there
might be many more areas susceptible to consumers’ information being stolen.
Besides, it also might lead to more opportunities for fraud that criminals can
potentially explore. This trend can also be the result of people being more aware of
the problem of identity theft, as well as credit agencies paying more attention to it,
and this can lead to changes in the reporting patterns as well. Therefore, these data
do not necessarily mean that this legislation has been unsuccessful in terms of its
purpose. It is necessary to take into consideration such factors as changes in
technology and the fact that consumers are more aware about the problem of
identity theft and fraud in terms of which future research could focus.
88
Chapter 5
Conclusion
Introduction
This research started with the description of the negative impact that the
problem of identity theft has on its victims. No wonder that numerous
comprehensive steps have been developed that one has to follow in order to
significantly reduce the chances of becoming a victim. However, these measures do
not have to be very complicated at all and such simple steps as being careful when
providing financial information online, not using one’s mailbox for an outgoing
mail or reviewing monthly statements on a regular basis, among many others, can
provide protection and reduce one’s chances against the criminals responsible for
this type of problem.
Moreover, as the scholarly literature has identified, a lot depends on the
idea of target hardening and if there are no opportunities for a crime to be
committed, that crime is most likely will not take place at all. As a result, the
framework of the situational crime prevention model has been applied to this study.
The main idea behind this model is that by manipulating the surrounding
environment or by creating a certain set of rules, enacting legislation, such as the
F.A.C.T.A., and altering circumstances, it is possible to prevent a certain type of
crime, such as identity theft, which, in its turn, depends on what specific measures
are taken. As it could be seen from this research, the number of identity theft
89
incidents and fraud complaints, as well as the corresponding crime rates, had been
on the rise. From this perspective, it can be said that the legislation has not been
able to reach its goal. However, what also might be going on is that with this law in
place, consumers have a very important tool at their disposal when it comes down
to fighting identity theft, and they may be simply reporting more crimes. Also,
another possibility is that the legislation covers many more incidents than it used to
and there are just more areas where fraudulent activities might take place. As a
result, this leads to larger numbers and higher rates of identity theft and fraud
incidents.
The review of the literature presented in this study demonstrates how the
idea of situational crime prevention can be applied to such fields as identity theft
prevention and fraud prevention. As a result, previous research shows how
numerous situational crime prevention measures, if taken and applied properly, can
reduce one’s chances of becoming a victim of this particular crime. The problem of
identity theft is of a special interest to this study and, of course, the concept of
situational crime prevention is paramount here. As it was mentioned before, a lot of
steps have been developed in order to combat the problem of identity theft and lots
of simple steps can be quite helpful when trying to protect one’s identity. By
adjusting one’s behavior and taking certain actions, a person may be able to
significantly reduce his/her chances of becoming prey to identity theft criminals.
What is also worth mentioning is that the majority of these anti-identity theft
90
measures require individual actions; however, there have been a number of such
measures that actually implement the involvement of various governmental entities,
and it is the latter which has been the central focus of analysis in this thesis.
Overview of the F.A.C.T.A.
The Fair and Accurate Credit Transactions Act, which was passed by the
United States Congress in 2003, was created as a response to the increasing number
of the identity theft incidents and the main goal of this legislation was to prevent
identity theft, improve the accuracy of consumer reports, as well as help to resolve
consumer disputes. Moreover, this Act granted certain rights, among which were
the rights to obtain one free credit report annually and place a fraud alert on one’s
credit history. Nevertheless, there has not been a lot of research done in regards to
how effective the F.A.C.T.A. (2003) really is and it has not been clear how the
problem of identity theft has changed since this law got implemented. As a result,
this research filled this void and showed what effect the new changes had and
demonstrated what the most recent trends in this particular crime were.
Research Question, Hypotheses and Variables Examined
The main question of this study was - how has the Fair and Accurate Credit
Transaction Act of 2003 impacted the problem of identity theft? The independent
variable was represented by either the absence of the F.A.C.T.A. (treatment), which
is the period from 2000 through 2002, or the presence of the treatment, which is the
period starting with 2003 and ending in 2010. The study has five dependent
91
variables, which include the total number of identity theft incidents and the
corresponding crime rates, the total number of fraud complaints and the
corresponding crime rates, and how personal information is being misused (this
particular variable includes two types of misuse: credit card fraud incidents and
bank fraud incidents, as well as the corresponding crimes rates). The research
examined three main hypotheses. With respect to the first two dependent variables,
total number of identity theft incidents and the corresponding crime rates, the total
number of fraud complaints and the corresponding crime rates, it was expected that
with the implementation of the F.A.C.T.A., the total number of incidents and the
total number of fraud complaints should have gone down. For the ‘how personal
information is being misused’ variable, it was expected that with the
implementation of the F.A.C.T.A., the number of credit card fraud and bank fraud
incidents should decrease as well.
Data Collection
This research involved a secondary data analysis. The data were collected
from a primary data source, the database that was created by the Sentinel Consumer
Network, which belongs to the Federal Trade Commission. All of the statistical
components are compiled and currently exist in the form of several reports that can
be found on the Federal Trade Commission website. These reports consist of a
variety of statistics for such aspects as identity theft incidents, victim
characteristics, fraud complaints, amounts of monetary losses, statistics for every
92
different state, as well as metropolitan rankings. The reports, it is necessary to point
out, represent consecutive years (2000-2010). This database and the reports
contained in it are widely available online to the public and no specific knowledge
is required on the part of a user in order to be able to access this information.
This study implemented the interrupted time-series design, in which the
dependent variables were looked at before and after the introduction of the
F.A.C.T.A. (2003) legislation. In other words, the research was looking at the data
for the period of 2000-2002, before the treatment was introduced, which in the
study was the F.A.C.T.A. (2003), and the data that demonstrated what had occurred
following the implementation of this legislation and that would be the period of
2003-2010. The two periods of time (pre- and post-treatment) are not equal in
length; however, this is due to lack of data availability on identity theft for the
period of time preceding 2000. Once again, the study is interested in how the
problem of identity theft, which was represented in changes in such characteristics
as the number of fraud complaints, the total number of incidents and how the stolen
personal information is being misused, has changed starting from the
aforementioned periods of time before the legislation took effect and after it was
enacted. The numbers were taken for each year separately and comparison was
made on a year-by-year basis for the two periods of time (before and after).
93
Important Findings
After having concluded the data analysis, several important findings have
been revealed. The main hypothesis in regards to the ‘total number of incidents’
and the ‘rate of identity theft incidents’ dependent variables is not supported. The
number of the incidents reported had been going up following the implementation
of the F.A.C.T.A. with the exception of the year of 2006, when there was a
relatively small decline in the amount of 3,000 incidents. However, what followed
that year was another three years where the numbers were once again going up by
at least 100,000 incidents until there was a second decline, in the amount of
approximately 40,000 incidents, in 2010. Due to data availability limitations, it is
unclear if that was just a one year decline or something that could represent the
beginning of a new trend. Therefore, since there is no data for the years of 2011 and
2012, there is no way to know how the year of 2010 looks like in relation to the
following years. Nevertheless, it is safe to say that the total numbers of the
incidents reported, after the F.A.C.T.A. got implemented in 2003, in fact had been
rising. Compared to the very first year that this research looked at, the year of 2000,
the final year of this study, the year of 2010, saw almost a 580% increase.
Although, it is necessary to acknowledge that the number of incidents reported had
been going up during the pre-treatment period as well.
The rates of the identity theft incidents had been steadily going up as well.
The last year that this study looked at, 2010, saw a rate of 432.93 incidents for
94
every 100,000 U.S. residents, and that was about 351 incidents more than what was
observed in the very first year of the pre-treatment period, the year of 2000 (81.74).
Compared to the last year of the pre-treatment period, the year of 2002, the rate that
was observed during the last year of the post-treatment period went up by almost
241 incidents (191.78 incidents in 2002). There were a couple exceptions, however,
when in 2006 the rated dropped down by almost 4 incidents (from 307.3 in 2005 to
303.68 in 2006). There was also a decline observed in the last year of the study, the
year of 2010.
The second hypothesis in regards to the ‘total number of fraud complaints’
and the ‘rate of fraud complaints’ dependent variables was also not supported. The
number of fraud complaints had been on the rise following the implementation of
the F.A.C.T.A. legislation. Although, once again, it is necessary to point out that
during the years preceding the enactment of the law, there was also an increase in
the number of reports. The year of 2006 saw a 14,000 decline in the number of
fraud cases; however, this was observed during only one year, and starting with the
following year, 2007, the number of complaints started going up again. Due to data
availability limitations following the year of 2010, it is unclear what the statistics
for 2011 and 2012 might be. However, it is safe to say that based on the data in
hand, the total number of fraud complaints had been going up, with the exception
of the year of 2006. Compared to the very first year that this research looked at, the
last year had an increase of more than 650% in the number of complaints. The rate
95
of fraud complaints had also been going up with the only exception being the year
of 2006, when the rate dropped down by about 6 incidents (141.99 incidents in
2006 compared to 148.07 incidents in 2007). The last year that this study looked at,
2010, saw an increase of almost 195 incidents (234.39 compared to 39.43 in 2000).
Moreover, the year of 2010 saw almost 150 incidents more than the last year of the
pre-treatment period (84.41 in 2002).
Another interesting detail that is worth pointing out is that, for the four
dependent variables—the ‘total number of incidents’ and the ‘rates of identity theft’
and ‘total number of fraud complaints’ and the ‘rates of fraud complaints’—the
findings show that the calendar year of 2005 showed an increase that was
significantly smaller than what was observed in the years prior. Moreover, the year
of 2006 actually showed a decline in the number of incidents and fraud complaints
respectively, as well as these crimes’ rates, followed by a significant increase the
very next year. Nevertheless, this data analysis shows that with the exception of
2006, the number of incidents and fraud complaints, and these crimes’ rates, had
been rising following the implementation of the F.A.C.T.A. legislature. This shows
that something must have occurred in 2006. Perhaps, future research can elaborate
on this topic, as there might be additional factors present that influenced the results
observed during that year.
The ‘how personal information is being misused’ dependent variable was
represented by bank fraud and credit card fraud incidents, as well as the rates for
96
these two types of identity theft. It was hypothesized that with the implementation
of the F.A.C.T.A., the number of incidents where personal information is being
used for the purpose of credit card fraud and bank fraud, as well as the rates for
these crimes, has been going down. This hypothesis in regards to both of these
types of identity theft has been supported. Moreover, the number and rates of such
incidents had been steadily declining over the years. Both of these variables had
experienced an increase in the number of incidents during the pre-treatment period
and immediately following the introduction of the law; however, starting with the
year of 2003 (credit card fraud) and 2004 (bank fraud), the number of incidents
started to decline. The same goes for total percentages for which these two
variables accounted for in relation to the total number of incidents – they had been
steadily going down over the years that this research has been looking at. Also, an
interesting detail that has to be pointed out is that there was a slight increase in the
number of both the bank fraud and the credit card fraud incidents in 2008.
Nevertheless, as it can be seen from this data analysis, this hypothesis for this
particular dependent variable, unlike the first two hypotheses, is supported.
The rates for credit card fraud and bank fraud crimes had experienced
similar trends that can be seen with the raw numbers for these crimes. The rates had
been steadily going up; however, starting with the year of 2004 (for credit card
fraud) and 2005 (for bank fraud), the rates started going down. As a result, the rates
of bank fraud incidents were almost 7 incidents less in 2010 compared to the year
97
of 2004 (8.10 vs. 15.16). For credit card fraud incidents, the rate dropped by more
than 11 incidents (12.15 in 201 vs. 23.58 in 2004).
What the results of this study show is that there have been some
measureable changes in the problem of identity theft since the implementation of
the F.A.C.T.A. in 2003. Moreover, the Fair and Accurate Credit Transaction Act
does represent an important attempt in the war against identity theft and there is
hope that this problem will eventually cease to exist. Nevertheless, as the literature
review presented in this study showed, this problem in large part comes down to
how accurate and diligent consumers are when working with their financial
information both in person and online. Also, no matter what the credit agencies are
or are not supposed to do, there is still some room for mistakes; as a result, it is
crucial for every individual to check the accuracy of his/her credit information
online. Such documents like monthly banking statements and bills have to be
checked for accuracy and any irregularities or suspicious activities have to be
reported to appropriate authorities. These measures can prove crucial as, despite all
the legislation’s intentions, some creditors still do not have to consider fraud alerts
or victim statements when issuing credit scores. Also, there might be some
reluctance on the creditors’ part to add more verification steps and make their credit
issuing procedures more complicated due to time availability limitations.
98
Future Research
However, in order to gain more knowledge and insight into how effective
the legislation is in a really long run, it might be a good idea to explore this topic
and what has been going on with this particular problem beyond the year of 2010.
As a result, future research might involve a more comprehensive study that would
be able to control for such potential factors as the role of the media outlets or
newly-developing technologies that make identity theft and fraud more likely than
ever and shed more light on this problem. Various media outlets may be potentially
be responsible for public outreach campaigns and raising awareness about the
dangers of the problem of identity theft, as well as letting consumers know what
resources are available. Moreover, as a result of media efforts, consumers might be
more aware of what has to be done in order to be able to keep their personal
information safe. Also, new technologies can allow criminals to take advantage of
new opportunities and that can lead to more fraud incidents as well. Therefore, the
future research could potentially explore these areas and if it is able to control these
factors, it can provide even more insight on the F.A.C.T.A. legislation.
Conclusion
There is no doubt that the F.A.C.T.A. has been a very important step in the
fight against identity theft. As the number of credit card and bank fraud incidents,
as well as the rates for these crimes, show, there has been a decline in both the raw
numbers and the corresponding crime rates since the F.A.C.T.A. got implemented
99
in 2003. Both the raw numbers and the rates started declining in 2004 for credit
card fraud, and 2005 for bank fraud. The numbers of the identity theft incidents and
fraud complaints had been on the rise. The same goes for the corresponding crime
rates. This might be the case of the legislation capturing more incidents, or more
people reporting more incidents. Nevertheless, the problem of identity theft is an
important issue and, unfortunately, it is not going away in the near future. With this
in mind, having strong legislation in place that would give consumers extra
protection would be beneficial. Additionally, the role of public education cannot be
underestimated here and the aspect of prevention of identity theft in large part does
depend on individual actions. As a result, various outreach campaigns educating
public on the nature of the crime of identity theft, as well as its dangers,
consequences and prevention measures, are important too. There is also no doubt
that more research regarding the effectiveness of this legislation is necessary. Not
only will it allow for better understanding of what such a law has done to identity
theft, but also will show if it would be rational to create similar laws in the future.
This study has looked at a ten-year timeframe that included three years
preceding the introduction of the F.A.C.T.A. legislation and a seven-year frame
that followed it. It is necessary to acknowledge that there might be additional
factors partially responsible for the results observed in this course of this study. For
example, the decreasing numbers of the incidents involving credit card fraud and
bank fraud might be due to more knowledge that the general public has been able to
100
obtain as a result of more public outreach campaigns providing information about
the problem of identity theft, thereby making consumers more aware of the
problem and pay more attention to the monitoring of their banking documents.
These public outreach campaigns might be playing an important role in the case of
identity theft incidents and fraud complaints as well. With consumers being aware
of what resources are at their disposal, more and more individuals could be
reporting any suspicious activities observed on their accounts. It is also possible
that credit agencies have changed their practices as a result of the implementation
of the F.A.C.T.A and this had led to increased numbers of identity theft incidents
and fraud complaints.
As far as this research goes, the results have created a picture that shows
that the Fair and Accurate Credit Transaction Act of 2003 does appear to have an
effect on the problem of credit card and bank fraud. Since the number and the rates
for identity theft incidents and fraud complaints had been rising, there may be more
amendments to this act, which likely will make this legislation more effective.
Moreover, with new developments in modern technology, there will be more areas
for fraud that criminals can potentially explore. Therefore, new amendments will
more likely be designed in such a way that would allow the legislation to capture
these new types of fraud. Nevertheless, this law does represent an important
resource for credit agencies, as well as for individual consumers in terms of
granting certain rights and making agencies be more responsive to their clients’
101
needs. With this in mind, it would be safe to say that the F.A.C.T.A. has been an
important piece of legislation in the fight against the problem of identity theft and
fraud. Since this issue does not appear to be going away any time soon, this law
will be a very important tool that the criminal justice system has at its disposal.
102
Appendix A
Coding Sheets
Coding Sheet 1: Total Number of Incidents and Total Number of Fraud Complaints
Year
Total Number of Incidents
Total Number of Fraud
Complaints
2000
2001
2002
2003
2004
2005
2006
103
2007
2008
2009
2010
Coding Sheet 2: Total Number of Credit Card Fraud and Bank Fraud Incidents and
Percentages of Total Incidents
2000
Credit
Card
Fraud
Bank
Fraud
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
104
Appendix B
Human Subjects Application
105
Human Subjects Protocol Application
Request for Review by the Sacramento
State Institutional Review Board (IRB)
(Revised 11/2012)
1.
2.
Describe the following:
A. What is the purpose of the study?
The research will determine the impact the Fair and Accurate Credit
Transactions Act (2003) has had on the problem of identity theft.
B. What is the main research question or study hypotheses?
The main question that this research will concentrate on will be ‘what
impact has the Fair and Accurate Credit Transactions Act (2003) been
having on the problem of Identity Theft?’ The problem of identity theft,
which is a relatively new crime, can have a huge negative impact on its
victims when their personal information gets stolen and used for criminals’
gains. However, despite the fact that a lot of research is dedicated to finding
out how the situational crime prevention framework is applied to this type
of problem and what measures are effective, some questions are still
waiting to be answered. While it has been shown that such simple steps as
careful review of monthly banking bills and statements, anti-virus computer
software or not using one’s mail box for outgoing mail, among many others,
can significantly reduce chances of becoming a victim, there are still some
measures that have not been shown to be effective.
The consensus is that it is all about target hardening and situational crime
prevention. However, there is no guarantee that even if one follows all of
the ‘how to protect oneself from identity theft’ instructions, one still will not
become a victim of identity theft. Nevertheless, if to take all necessary
precautions, the prospects to have a good protection will definitely be much
better. If there is no opportunity to commit a crime, there probably will not
be any crime. If one does not leave anything in the dumpster, mail box or on
the street that has his/her personal information, a criminal will not be able to
steal it and use it for personal gains. If to use proper computer software and
be careful when working online, there are more chances that a computer
network will not be breached. If one does not provide the identifying
information to those who do not need it, people who have no business
106
having it will never end up in possession of it. Therefore, it is less likely to
be lost or misused. Finally, if one monitors his/her bank statements and
credit score reports, that individual is more likely to notice the problem in
the very beginning. This last point leads to the fact that in order to assist
consumers in their fight against this relatively new crime, several laws and
regulations have been created and their main goal is to stop the identity theft
in its earliest stages.
In 2003, the Fair and Accurate Credit Transactions Act (FACTA) became a
federal law. The main goal here was to “amend the Fair Credit Reporting
Act (FCRA), to prevent identity theft, improve resolutions of consumer
disputes, improve the accuracy of consumer records, make improvements in
the use of, and consumer access to, credit information” (108th US Congress,
2003). This legislature was a response to the increased number of identity
theft crimes and was supposed to help alleviate the problem by granting
certain rights to consumers. Among them were the rights to obtain credit
reports free of charge, place a fraud alert on one’s credit history, as well as
some others. Nevertheless, it is still not clear how, despite all these
proposed anti-id theft measures, effective this act really is (Holtfreter and
Holtfreter, 2006). As a result, this project will fill this void and determine
how the problem of identity theft has been impacted since the
implementation of this act.
The independent variable for this research will be the presence (2003-2010)
and absence (2000-2002) of the F.A.C.T.A. (2003) legislation itself. The
research will be measuring the impact the independent variable – before and
after the law had been enacted - has had on the problem of identity theft.
The dependent variables in this research will be the total number of id theft
incidents reported, the total number of fraud complaints, and how stolen
personal information is being misused. The ‘how stolen personal
information is being misused’ variable is represented by the following
categories: credit card fraud, government documents or benefits fraud,
employment fraud, phone and utilities fraud, loan fraud, bank fraud, other
types of fraud, attempted fraud). The impact of the IV on the DVs will be
expressed in terms of changes in the number of id theft incidents reported,
the number of fraud complaints and how the personal information is being
misused. The expected relationship between the independent and the
dependent variables is a positive one; in other words, following the
enactment and of the F.A.C.T.A. (2003) legislation, the number of incidents
reported has gone up. According to existing literature, although it has not
been definitively shown, the consensus in regards to the F.A.C.T.A. (2003)
legislation is that with the implementation of such a law, the number of id
107
theft incidents and fraud complaints should be on the rise, primarily due to
credit score checking system, along with the alert features.
Another aspect that is expected to have changed is the number of fraud
complaints, as well as how the stolen information is actually being misused.
It is expected that the number of fraud complaints has gone up. The
expected trend for how the personal information is being misused is that the
number of cases where one’s information has been used for the purposes of
bank and credit fraud has been on the rise as well.
C. What is the design of the study? (i.e., explain the qualitative,
quantitative or mixed method type of design).
This research will explain how the independent variable, the
presence or absence of the F.A.C.T.A. (2003), affects the dependent
variables, which will be the total number of incident reported, the total
number of fraud complaints, and how personal information is being misused
(which will be represented by the following categories: credit card fraud,
government documents or benefits fraud, employment fraud, phone and
utilities fraud, loan fraud, bank fraud, other types of fraud, attempted fraud).
The importance of this evaluation cannot be underestimated, as it will help
to determine the effect of this particular federal legislation on the problem
and show what works and what does not from the letter of the law
perspective. It will demonstrate how such protective policies impact the
victim side of the problem and how this legislation might be improved and
what amendments might be necessary in order to make it more effective in
terms of lowering identity theft and fraud-type crime. Therefore, this project
will evaluate how the implementation of the legislature has impacted the
problem of identity theft.
Also, this study will implement the interrupted time-series design, in which
the dependent variables will be looked at before and after the introduction
of the F.A.C.T.A. (2003) legislation. In other words, the research will be
looking at the data for the period of 2000-2002, before the treatment was
introduced, which in the study will be the F.A.C.T.A. (2003), and the data
that will demonstrate what had occurred following the implementation of
this legislation and that will be the period of 2003-2010. The two periods of
time (pre- and post-treatment) are not equal in length; however, this is due
to lack of data availability on identity theft for the period of time preceding
2000. Once again, the study is interested in how the problem of identity
theft, which will be represented in changes in such characteristics as the
number of fraud complaints, the total number of incidents and how the
108
stolen personal information is being misused, has changed starting from the
aforementioned periods of time before the legislation took effect and after it
was enacted. The statistics were taken for each year separately and
comparison will be made on a year-by-year basis for the two periods of time
(before and after).
D. What are the procedures of the study? (i.e., include the sample type,
information on how the data is being collected); the data collection
method (i.e., survey, in-depth interviews, focus groups, etc.), and who
is collecting the data?
The data collection strategy for this study is through a secondary data
source, which is the database created by the Sentinel Consumer Network
and that belongs to the Federal Trade Commission.
The data have already been compiled and currently exist in the form of
several different reports and each report represents a certain calendar year
and consists of numerous sections, among which are fraud and identity theft
complaints, victim characteristics and statistics for every individual state.
Each section has several subsections in it; each of the subsections provides
more details for that particular section covering a specific side of the idtheft problem. These reports are widely available to the public and are
accessible by going to a Federal Trade Commission website
(http://www.ftc.gov/bcp/edu/microsites/idtheft/reference-desk/nationaldata.html), where one can see a series of PDF files with each report having
a proper title. Therefore, no extensive technological knowledge on part of a
reader is required to be able to access these files.
The database - the statistical portion of the reports from where the required
data will be extracted - that will be used for this study includes national
statistics for consecutive years (2000-2010). These statistics include the
number of incidents reported, fraud and identity theft complaints, crime
descriptions, victim characteristics, amounts of monetary losses, as well as
state complaint information and state and metropolitan areas ranking.
E. What is the plan for data analysis?
The independent variable for this research will be the presence or absence
of the F.A.C.T.A. (2003) legislation. The F.A.C.T.A. legislation itself is
fixed and cannot change. Therefore, it is its presence or absence (before and
after the F.A.C.T.A. was enacted) that will be evaluated with respect to how
it affects the dependent variables. The research will be measuring the
109
impact the independent variable - presence or absence of the F.A.C.T.A. has had on the problem of identity theft. The dependent variables in this
research will be the total number of id theft incidents reported, the total
number of fraud complaints, and how personal information is being
misused. This last dependent variable (‘how personal information is being
misused’) will include the following categories: credit card fraud,
government documents or benefits fraud, employment fraud, phone or
utilities fraud, loan fraud, bank fraud, attempted fraud and all other fraud.
The impact of the IV on the DVs will be expressed in terms of changes in
the number of id theft incidents reported, the number of fraud complaints,
as well as how personal information is being misused. The expected
relationship between the independent and the dependent variables is a
positive one; in other words, with the implementation of the F.A.C.T.A.
(2003) legislation, the number of id theft incidents reported has gone up.
The same relationship is expected for the total number of fraud complaints.
Another aspect that is expected to have changed is how personal
information is being misused. It is expected that the number of the cases
where personal information is being used for the purposes of credit card
fraud and bank fraud has been rising.
Comparison will be ‘before vs. after’ and will include such variables as the
total number of incidents reported, the total number of incidents reported
claiming fraud, and how personal information is being misused (credit card
fraud, government documents or benefits fraud, employment fraud, phone
and utilities fraud, loan fraud, bank fraud, other types of fraud, attempted
fraud). The study will look at the two different periods of time – the one
before the law got created and the one after, and, therefore, this research
will concentrate on the 2000-2002 and 2003-2010 periods and the
comparison will be done on a year by year basis. After having looked at the
first period of time, the overall picture will emerge and the same will be
done for the second time period. As a result, the study will compare these
two periods, as well as how the problem has been changing one year after
another. For the purpose of data analysis for this research, the Excel
spreadsheet software will be utilized.
F. What is the plan for the protection of the data obtained? (i.e., include
the security measures, data handling procedures, retention procedures,
data destruction date and who has access to the data).
110
There is no plan for the protection of the data obtained. Since the
database from which the necessary data will be taken is publicly
available, this study will not have any security measures, data handling
procedures, retention procedures, data destruction date or any other
similar aspects.
Do not attach lengthy grant proposals. Be brief but complete.
2.
Who will participate in this research as subjects (e.g., how many people,
from where will you recruit them, what are the criteria for inclusion or
exclusion)? How will you engage their participation (e.g., what
inducements, if any, will be offered)? How will you avoid any real or
perceived conflict of interest as a researcher (e.g., role, power
relationships, monetary)?
Since this research is relying on secondary data analysis, there are no
subjects that will participate in the study. Therefore, there is no plan for
recruiting people and creating criteria for inclusion or exclusion. Neither
are there any inducements for subjects’ participation.
Since I, the researcher, do not have any affiliations with the Federal Trade
Commission or any legislators and policymakers behind the Fair and
Accurate Credit Transactions Act (2003), the US Congress or any credit
reporting agency, no conflict of interest is expected. My role in this
project will be solely to research and analyze the impact of the F.A.C.T.A.
(2003) legislation. The results of this study, regardless whether or not the
main hypothesis is supported, will be recorded and reflected in the
‘analysis’ and ‘conclusion’ sections of this research.
3. How will informed consent be obtained from the subjects? Attach a copy
of the consent form you will use. If a signed written consent will not be
obtained, explain what you will do instead and why. (See Appendix C in
Guidance and Procedures for examples of consent forms, an example of
an assent form for children, and a list of consent form requirements. Also
see the section on Informed Consent in Guidance and Procedures.)
The research is going to rely on secondary data analysis and no subjects
are expected to participate in this project. As a result, there will not be a
need to create a consent form or anything similar. Since the data used for
this study are publicly available and there are no subjects that are
mentioned by name and since there are no personal identifiers
whatsoever, there is no plan to have any type of consent form.
111
4. How will the subjects’ rights to privacy and safety be protected? (See the
section on Level of Risk in Guidance and Procedures. For online surveys,
answer the checklist questions at the end of Appendix B in Guidance and
Procedures.)
The already existing database that is going to be used for this research
does not have any personal identifiers whatsoever. All the information is
publicly available and anyone can obtain a copy of the reports provided
on the Federal Trade Commission website. Therefore, this study is not
concerned with the subjects’ rights to privacy and safety, as this issue was
taken care of by the Consumer Sentinel Network, an organization
responsible for the original collection of data.
5. Describe the content of any tests, questionnaires, interviews, surveys or
other instruments utilized in the research. Attach copies of the questions.
What risk of discomfort or harm, if any, is involved in their use?
For the purpose of this research, there will be a secondary data analysis.
Therefore, this project is not going to utilize any types of tests,
questionnaires, interviews, surveys or any other similar instruments.
Instead, I, the researcher, will rely upon a series of the Consumer Sentinel
Network reports that are publicly available on the Federal Trade
Commission website.
However, this study will have two different coding sheets, which will be
attached to this application. The first coding sheet will contain the data for
these two dependent variables: the total number of incidents reported and
the total number of fraud complaints. These statistics will be represented
in numbers, and not percentages. The required data will be extracted from
the database and inserted into the appropriate table. The first coding sheet
will have three vertical columns (year, the total number of incidents
reported, the total number of fraud complaints) and twelve vertical rows
(one for each year – 2000-2010 – and one for the dependent variables).
The second coding sheet will contain the required data from the same
database and it will be created for the ‘how personal information is being
misused’ variable. It will have twelve vertical columns (one for each year
– 2000-2010 – and one for the type/way how personal information is
being misused). The numbers in this coding sheet will be representing the
number of incidents for the following types/ways of how personal
information is being misused: credit card fraud, government documents or
benefits fraud, employment fraud, phone and utilities fraud, loan fraud,
112
bank fraud, other types of fraud, attempted fraud.
The data have already been compiled and currently exist in the form of
several different reports and each report represents a certain calendar year
and consists of numerous sections, among which are fraud and identity
theft complaints, victim characteristics and statistics for every individual
state, as well as different metropolitan centers. Each section has several
subsections in it; each of the subsections provides more details for that
particular section covering a specific side of the id-theft problem. Every
report also has the list of appendices that a reader can find throughout the
document.
More specifically, the reports are located in the ‘Fighting Back against
Identity Theft’ section. Also, all of them belong to the national data
category and represent formal Federal Trade Commission complaint data.
There are eleven reports for each calendar year starting from 2000 and
ending in 2010. Each reporting year starts in January and ends in
December. The national data provided in this section also includes the
2003 and 2006 identity theft survey reports. Moreover, one of the files
provides the Federal Trade Commission overview of the ID-theft
program. All of the reports are in PDF format, but vary in their sizes.
Every report consists of numerous charts, graphs, tables and other visual
aids for representing the data. The reports have background information
on the Consumer Sentinel Network, an organization responsible for
creating the database, as well as an overview of the identity theft problem.
There is no narrative portion in these reports, but instead, the rest of them
consist of statistical data for a variety of already aforementioned
categories.
6. Describe any physical procedures in the research. What risk of
discomfort or harm, if any, is involved in their use? (The IRB will seek
review and recommendation from a qualified medical professional for any
medical procedures.)
N/A
7. Describe any equipment or instruments that will be used in the research.
What risk of discomfort or harm, if any, is involved in their use?
N/A
8. Will any devices, drugs or pharmaceuticals be used in the research? If
113
so, describe their use and any possible risk or discomfort. (If so, the IRB
will seek review and recommendation from a qualified medical
professional.)
N/A
9.
Taking all aspects of this research into consideration, what risk level
do you consider this study to be?
Taking all aspects of this research into consideration, the researcher
considers this study to have the ‘exempt’ risk level.
Check only one: Exempt X
Minimal Risk_____
Minimal Risk_____
Greater than
If you believe this project is exempt under 45 CFR 46.101(b) then you
must choose the exemption category from those listed below and
explain your reasoning by referring to the exemption decision chart:
http://www.hhs.gov/ohrp/policy/checklists/decisioncharts.html)
Does Exemption 45 CFR 46.101(b)(1) (for Educational Settings) Apply?
Does exemption 45 CFR 46.101(b)(2) or (b)(3) (for Tests, Surveys, Interviews, Public
Behavior Observation) Apply?
Does Exemption 45 CFR 46.101(b)(4) (for Existing Data, Documents, Records and
Specimens) Apply?
Does Exemption 45 CFR 46.101(b)(5) (for Public Benefit or Service Programs) Apply?
Does Exemption 45 CFR 46.101(b)(6) (for Food Taste and Acceptance Studies) Apply?
Exemption 45 CFR 46.101 (b) (4) (for existing data, documents,
records and specimens) applies to this research.
________________________________________________________
114
Explain your reasoning based on the information you have provided in this
protocol. (See the section on Level of Risk in Guidance and Procedures.) For
protocols approved as “Greater than Minimal Risk,” the researcher is required to
file semiannual reports with the committee that describe the recruiting of subjects,
progress on the research, interactions with the sponsor, and any adverse
occurrences or changes in approved procedures. In addition, the committee
reserves the right to monitor “Greater than Minimal Risk” research as it deems
appropriate. Failure to file the required progress reports may result in suspension
of approval for the research.
Exemption 45 CFR 46.101(b)(4) (for Existing Data, Documents, Records and
Specimens) applies to this research, as it involves the collection and study of existing
data and the source where these data come from is publicly available and can be found
on the Federal Trade Commission website (http://www.ftc.gov/bcp/edu/
microsites/idtheft/reference-desk/national-data.html). Moreover, the information is
recorded in such a manner that subjects cannot be identified, as there are no personal
identifiers whatsoever.
115
References
Allison, S.F.H., Schuck, A.M., & Lersch, K.M. (2005). Exploring the Crime of
Identity Theft: Prevalence, Clearance Rates, and Victim/Offender
Characteristics. Journal of Criminal Justice, 33, 19-29.
Barker, K.J., D’Amato, J., & Sheridon, P. (2008). Credit Card Fraud: Awareness
and Prevention. Journal of Financial Crime, 15(4), 398-410.
Caminer, B.F. (1985). Credit Card Fraud: the Neglected Crime The Journal of
Criminal Law and Criminology, 76(3), 746-763.
Carrns, A. (2011). Id Security in Banking. The New York Times, December 10th, p.
4.
Churyk, N.T., Lee, C.C., & Clinton, D. (2008). Can We Detect Fraud Earlier? A
Technique Called ‘Content Analysis’ Raises the Possibility. Strategic
Finance, IMA, 90(4), 51-55.
Copes, H., Kerley, K.R., Huff, R., & Kane, J. (2010). Differentiating Identity Theft:
an Exploratory Study of Victims Using a National Victimization Survey,
Journal of Criminal Justice, 38, 1045-1052.
Dadisho, Ed. (2005). Identity Theft and the Police Response. The Police Chief,
Alexandria: February, 72(2), 17.
DelGrosso, R. (2001). How to Avoid an Identity Crisis. Security Management,
December, 72-79.
Dong, F., Shatz, S.M., & Xu, H. (2009). Combating Online in-Auction Fraud:
Clues, Techniques and Challenges. Computer Science Review, 3, 245-258.
Farrington, D., Gill, M., Waples, S., & Argomaniz, J. (2007). The Effects of
Closed-Circuit Television on Crime: Meta-Analysis of an English National
Quasi-Experimental Multi-Site Evaluation. Journal of Experimental
Criminology, 3, 21-38.
116
Federal Trade Commission & U.S. Department of Justice (FTC and DoJ) (2011).
Statement of Rights for Identity Theft Victims. National Criminal Justice
Reference Service, 1-2.
Finklea, K. (2012). Identity Theft: Trends and Issues. Congressional Research
Service. CRS Report for Congress, 1-32.
Gates, T., & Jacob, K. (2009). Payments Fraud: Perception versus Reality – a
Conference Summary. Economic Perspectives, Federal Reserve Bank of
Chicago, 1st Quarter, 7-13.
Glass, G.V. (1997). Interrupted Time Series Quasi-Experiments. Complementary
Methods for Research in Education, 2nd Edition, Washington D.C.:
American Educational Research Association, 589-608.
Greene, M.N. (2009). Divided We Fall: Fighting Payments Fraud Together.
Economic Perspectives, Federal Reserve Bank of Chicago, 1 Quarter, 3742.
Holtfreter, R.E., & Holtfreter, K. (2006). Gauging the Effectiveness of US Identity
Theft Legislation. Journal of Financial Crime, 13(1), 56-64.
Holt, T. & Turner, M.G. (2012). Examining Risks and Protective Factors of Online
Identity Theft. Deviant Behavior, 33(4), 308-323.
Hunter, P. (2006). Relentless Pace of Internet Trade in Stolen Credit Card Details
Continues. Computer Fraud and Security, 2, 14-16.
Jackson, J.E. (1994). Fraud Masters: Professional Credit Card Offenders and
Crime. Criminal Justice Review, 19(1), 24-55.
Lee, B., Cho, H., Chae, M., & Shim, S. (2010). Empirical Analysis of Online
Auction Fraud: Credit Card Phantom Transactions. Expert Systems with
Applications, 37, 2991-2999.
Levi, M. (1998). Organizing Plastic Fraud: Enterprise Criminals and the SideStepping of Fraud Prevention. The Howard Journal, 37(4), 423-438.
117
Levi, M. (2008). Organized Fraud and Organizing Frauds: Unpacking Research on
Networks and Organization. Criminology and Criminal Justice, 8(4), 389419.
Lewis-Beck, M.S., Bryman, A., & Liao, T.F. (2004). The SAGE Encyclopedia of
Social Science Research Methods. Thousand Oaks, CA: Sage Publications
Inc.
Linden, R., & Chaturvedi, R. (2005). The Need for Comprehensive Crime
Prevention Planning: The Case of Motor Vehicle Theft. Canadian Journal
of Criminology and Criminal Justice, 47(2), p. 251.
McRae, S. (2003). Identity Theft on Campus. Campus Safety Journal, 11(4), 28-29.
Moon, B., McCluskey, J.D., & McCluskey, C.P. (2010). A General Theory of
Crime and Computer Crime: an Empirical Test. Journal of Criminal
Justice, 38, 767-772.
National Institute of Standards and Technology, Information Technology
Laboratory (NIoSaT). (2013). Federal Information Security Management
Act. Computer Security Division, Computer Security Resource Center, 172.
One Hundred Eighth Congress of the United States of America. (2003). Fair and
Accurate Credit Transactions Act. H.R. 2622, 1-61.
Parkhill, M.R., Abbey, A., & Jacques-Tiura, A.J. (2009). How Do Sexual Assault
Characteristics Vary As a Function of Perpetrators’ level of intoxication?
Addictive Behaviors, 34(3), 331-333.
Prabowo, H.Y. (2011). Building Our Defense against Credit Card Fraud: a
Strategic View. Journal of Money Laundering Control, 14(4), 371-386.
Pratt, T.C., Holtfreter, K., & Reisig, M.D. (2010). Routine Online Activity and
Internet Fraud Targeting: Extending the Generality of Routine Activity
Theory. Journal of Research in Crime and Delinquency, 47(3), 267-296.
118
Privacy Rights Clearinghouse (PRC). (2013). Facts on F.A.C.T.A., the Fair and
Accurate Credit Transaction Act. Privacy Rights Clearinghouse, 1.
Riem, A. (2011). Cybercrimes of the 21st Century. Crimes against the Individual.
Computer Fraud and Security, 2001(4), 12-15.
Shukla, R., & Bartgis, E. (2010). Responding to Clandestine Methamphetamine
Manufacturing: A Case Study in Situational Crime Prevention. Criminal
Justice Policy Review, Indiana: September, 21(3), 338.
Slotter, K. (1997). Plastic Payments: Trends in Credit Card Fraud. The FBI Law
Enforcement Bulletin, 66(6), 1-7.
Sullivan, R.J. (2008). Can Smart Cards Reduce Payments Fraud and Identity Theft?
Economic Review, Federal Reserve bank of Kansas City, 3rd Quarter, 35-62.
Trejos, N. (2011). Identity Theft a Big Risk on the Road; Travelers’ Use of Gadgets
Makes Them a Target. USA Today, December 13th, p. 58.
United State Census Bureau. U.S. Department of Commerce (2013). Population:
Estimates and Projections by Age, Sex, Race/Ethnicity. The 2012 Statistical
Abstract. The National Data Book.
White, M.D., & Fisher, C. (2008). Assessing our Knowledge of Identity Theft: The
Challenges to Effective Prevention and Control Efforts. Criminal Justice
Policy Review, 19(1), 3-24.