9.8 Identity Crimes

Previous page
Table of content
Next page

9.8 Identity Crimes

A study of identity theft conducted by the National Fraud Center found the following patterns in these crimes:

  1. Identity theft is no different from any other type of crime when committed by the professional perpetrator.

  2. Identity theft is difficult to track because it is a tool used for committing numerous other types of crimes, such as credit-card, bank, Internet, and telecommunications fraud.

  3. The growth of identity theft appears to be tied to technology, particularly the Internet and the wireless industry.

  4. Identity theft, largely as a result of the Internet, is rapidly developing internationally.

For wireless carriers, an applicant's good credit rating is the equivalent of a "bearer" financial instrument. Potential creditors are willing to hand over thousands of dollars in goods and services based upon a verbal promise to pay. All they require is someone who is the bearer of an acceptable credit history; this is really what an identity broker is stealing. In truth, most wireless service providers are more interested in verifying available credit rather than identity. This is a mistake, but in the highly competitive marketplace, it is a fact of survival and doing business.

Credit-card purchases rarely require identification, but verification of a credit balance is standard. Government regulations require financial institutions to check identification, but in the nonregulated private sector, the rules are generally lax, especially for wireless services. As a rule of thumb, businesses usually align their identification policies with their fraud and bad-debt experience.

Most wireless carriers verify the legitimacy of new customers with a credit check. If the credit history comes back as acceptable, it is assumed that the person is who they say. Since 99% of the time the assumption is correct, rarely is additional verification, such as photographic identification requested. However, the increasing use of telephonic "sign-up" for service makes photographic identification impractical.

One of the problems with detecting identity fraud for most wireless carriers is the length of time between activation and the realization that a crime has been committed, which is typically three to four months. Absent suspicious or unusual conditions, the account will not attract attention until a payment is sufficiently overdue. Generally, the initial bill is due about 60 days after activation. An additional 30 to 45 days will pass before the account is treated as seriously overdue. Meanwhile, collection notices of overdue payments will have begun. Telephone contact will be attempted and disconnect notices sent. Typically 120 days elapse before the service is actually deactivated.

For the telecommunication service provider, as with the credit-card issuer, a crime-detection system must be designed and developed by professionals who are very knowledgeable about industry practices. The statistical models developed and deployed must be dynamic and fast. They must be able to flag alerts directly to the fraud analyst within seconds after a suspected call is completed. The detection system must be customizable, because no two carriers' infrastructures are alike. In addition, their customers' demographics will likely be somewhat different; the types of services sold and their equipment will also be different. Reliability and security are essential. The system must be at least 99.9% reliable and secure with little or no maintenance downtime. Most importantly, the crime detection system must be designed to be self-learning, using multidimensional data mining models, as well as responsive to human experts.

Some of the larger telecommunications carriers have developed in-house fraud-detection systems based on each of their customers' signatures of usage, using a stream of transactions about each consumer yielding acceptable false-alarm rates. They create a signature of predicted usage behavior for each customer and update it with each nonsuspicious transaction that the customer makes. They next score transactions for fraud using predicted behavior for the customer as the baseline, and then accumulate translation scores into account fraud scores that are updated with each new transaction that the customer makes.

They create and maintain usage and fraud signatures for each customer, which they update with each transaction that the customer makes. They used periodic timing variables, such as day of week or hour of day, to construct these customer signatures. However, no information is available on what percentage of actual fraud even these high-end systems are able to detect. The AT&T network alone handles over 350 million long-distance calls and over 75 million wireless calls each day. Their InfoLab, which is responsible for mining their toll-usage data, has over 50 individuals working not only on identifying signatures, but also on squashing the data into an approximation format suitable for modeling, a major task in view of the high volume of data involved.



Previous page
Table of content
Next page
Investigative Data Mining for Security and Criminal Detection
Investigative Data Mining for Security and Criminal Detection
ISBN: 0750676132
EAN: 2147483647
Year: 2005
Pages: 232
Authors: Jesus Mena
BUY ON AMAZON
Qshell for iSeries
Inside Network Security Assessment: Guarding Your IT Infrastructure
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Sap Bw: a Step By Step Guide for Bw 2.0
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy