Identity Theft in the Banking System

1. Introduction

The issue of identity theft on social media, particularly within the banking system, is a major concern in today’s modern world. With the widespread use of social media, individuals often tailor their online activities to their professional needs, especially in fields like IT and banking, where the stakes are high. This chapter examines the phenomenon of identity theft through social media, employing scientific methods to analyze potential factors, propose solutions, and anticipate future developments. Specifically, it explores financial scams, cybercrimes, organized identity theft schemes, and the victimization of individuals within the banking sector. By addressing these issues, the chapter aims to provide insights and guidance, particularly for professionals working in IT and banking, to safeguard against identity theft and its repercussions.

In the twenty-first century, rapid technological advancements are reshaping nearly every industry, including the banking sector. One notable development is the integration of nanotechnology into banking practices, particularly in credit card technology. Nanotechnology allows for the storage of large amounts of data in compact memory spaces. While this innovation offers benefits in data storage capacity, it also presents challenges in data security.

Identity theft has emerged as a significant concern within the banking sector, demanding concerted efforts to safeguard sensitive information. Banking professionals face various threats, including fake accounts, online transactions, and money laundering schemes orchestrated by hackers utilizing sophisticated techniques to access data illicitly. Unfortunately, insufficient attention has been given to addressing these issues in recent years, with limited public awareness and a lack of clear definitions for prosecuting identity theft cases in banking courts.

Criminals employ various tactics to perpetrate identity theft, such as obtaining confidential information for fraudulent activities like debit and credit card forgery, as well as perpetrating portal fraud by exploiting personal data for unauthorized online transactions. Recognizing the gravity of these threats, modern governments prioritize identity theft issues, implementing policies and guidelines to bolster security measures across academic and organizational settings.

Personal information held by banks and financial institutions includes a range of sensitive data, such as customer names, identification numbers, passport details, contact information, family information, addresses, income sources, and account details, including credit card and debit card information, as well as online banking credentials. Safeguarding this information is paramount to ensuring the trust and security of banking systems in the digital age.

In the past century, the IT sector has experienced a remarkable surge, particularly with the proliferation of Internet websites and social media platforms. This rapid development has ushered in an era of global connectivity, often referred to as the Global Village, which has sparked a resurgence of interest in social interactions and personal information sharing. However, alongside these advancements, there has been a concerning trend towards the unauthorized acquisition of private information and identities.

As technology has advanced, so too has the accessibility of personal information online. Unfortunately, this increased availability has created opportunities for malicious actors to exploit this data for identity theft purposes. Over the past four decades, the Internet has become a vast repository of personal information, accessible to millions worldwide. This accessibility has heightened the risk of identity theft, as individuals with nefarious intentions can easily misuse this data for their own gain.

According to the researcher, identity thieves are offenders who “knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law”.

Identity theft involves the unauthorized use of someone’s personal information to commit fraudulent activities or crimes. While it may not always be considered a standalone crime, identity theft encompasses a wide range of other criminal acts. Common financial crimes associated with identity theft include check and credit card fraud, as well as various forms of scams conducted through telemarketing and the Internet [1].

In recent years, researchers have shown an increased interest in understanding identity theft, particularly how offenders exploit both new and traditional methods of conducting business and managing daily affairs.

2. A definition of identity theft

Over the past 30 years, there has been a significant increase in cases of identity theft. In 1998, the United States Congress passed the Identity Theft Assumption and Deterrence Act, which makes identity theft a federal crime. Identity theft occurs when someone unlawfully acquires and utilizes your personal information to perpetrate criminal activities, leading to the destruction of your credit history and tarnishing of your reputation. The terms “identity theft” and “identity fraud” encompass a wide array of financial crimes wherein personal information is illicitly obtained for monetary gain.

Acts of identity theft include the unauthorized use or attempted use of an existing account, the opening of new accounts using stolen personal information, or the misuse of personal data for fraudulent purposes. Offenders are individuals who transfer or utilize funds without legal authorization, or who exploit any information that can be used to identify specific individuals, often using the Internet to facilitate their crimes.

Customers should remain vigilant and take proactive steps to protect themselves against identity theft. This includes promptly reporting any unauthorized activity or suspicious charges on their accounts, questioning any unexpected credit card issuances, clarifying errors on credit statements, rejecting unsolicited credit card applications, and refusing to make payments for unrecognized debts as requested by the bank. Such proactive measures are crucial in safeguarding against the devastating consequences of identity theft.

3. Types of identity theft

Previous research has identified four primary types of identity theft: financial, medical, criminal, and child identity theft. Medical identity theft involves individuals posing as others to obtain medical services without paying. According to research [2], the most common types of identity theft involve stealing money, accessing medical facilities without paying any charges, and online fraud. There is a total of 20 different types of identity theft, which are listed below: (1) Facilitating other crimes, (2) Repeating Victimization, (3) Financial scams, (4) Serving as a motive for other crimes, (5) Organized identity theft, (6) Phishing: A scam involving emails and spoof websites designed to trick individuals into providing personal or financial information [3], (7) Smishing, (8) Vishing, (9) Fake websites, (10) Confidence fraud, (11) Data breaches, (12) Skimming, (13) Exploitation of public Wi-Fi and USB charging points, (14) Exploiting weaknesses in specific technologies and information systems, (15) Misuse of Social Security numbers, (16) Fraudulent address changes, (17) Stolen checks and (18) Phone service fraud.

Highly confidential data used in banking includes transactional data, credit card numbers [4], bank account numbers, social security numbers [5], business-related information, phone numbers, personal details (such as full name, mother’s maiden name, job and salary details), physical and virtual addresses, medical histories, trade secrets, and financial and accounting information.

4. Financial crimes

Previous research shows that financial crimes in the banking sector, particularly identity theft, are carried out with advanced technical methods. Identity theft undermines consumer trust in open markets, making it particularly harmful. Credit card fraud is a prime example of this type of identity theft. Offenders steal credit card or debit card numbers using specialized devices during card processing. They may also impersonate banks or financial institutions through spam or pop-up messages to obtain personal data. Electronic databases containing customer information are another common target for identity theft. Various scams are employed to extract personal information from victims, often exploiting specific technologies and information systems. Identity theft can occur in numerous ways, typically involving the theft of important personal information such as names, account numbers, credit card numbers, or other identification numbers.

The distinction between theft and identity theft lies in the nature of the crime. When a credit card is stolen, it constitutes theft or consumer fraud but not identity fraud. Identity fraud occurs when someone illicitly obtains your personal information to open new credit accounts in your name without authorization. The motivation behind identity theft, like other white-collar crimes, is primarily financial gain. Access to your account details is typically restricted to law enforcement professionals and legal representatives without your consent. However, scammers may exploit stolen bank account numbers to gain unauthorized access to your online banking accounts.

5. Credit and debit cards

Debit and credit cards are issued by banks to individuals or businesses through contractual agreements. These cards enable holders to make purchases without immediate payment, with the transaction amount being billed to the cardholder at a later date. Counterfeiting involves illegally obtaining a card’s information, including its magnetic strip data and PIN code, to withdraw cash from ATMs or make fraudulent purchases both locally and internationally.

Financial institutions such as Visa Inc. and MasterCard Inc. try to mitigate risks in the card industry. However, rapid technological advancements have provided fraudsters with opportunities to exploit vulnerabilities in international markets. The Association of Certified Fraud Examiners (ACFE) characterizes counterfeiting as a cybercrime facilitated by modern technology, allowing perpetrators to skim or duplicate card data from the magnetic strip.

6. Nanotechnology

Identity theft facilitated by nanotechnology has become a prominent concern, particularly in credit card scams, account theft, and unauthorized access to private information. While there is no universally accepted definition of identity theft, there is a generally acknowledged concept of what it involves.

Identity theft is widely recognized as a serious criminal act and a distressing experience, capable of causing significant damage to an individual’s financial wellbeing and credit standing. It occurs when an unauthorized party unlawfully obtains and utilizes someone else’s personal information without their consent.

Interest in identity theft research has increased in recent decades, driven by the proliferation of digital technologies and the increasing prevalence of fraudulent activities in the banking sector. Countries around the world have been grappling with issues such as fake account takeovers and the digital opening of new accounts for illicit money laundering schemes orchestrated by suspicious individuals or organizations exploiting social media platforms and online hacking websites.

Due to the growing threat of identity theft and the need for enhanced cybersecurity measures, there is a pressing need to develop a conceptual framework for understanding and addressing these challenges. Through this research, the author seeks to shed light on the complexities of identity theft in the digital age and pave the way for more effective strategies to combat cybercrime and safeguard sensitive personal information.

More recent studies have confirmed that there are a total of three types of identity theft of personal information which are used for particular crimes of identity theft; one of them is the acquisition of Identity theft through theft fraud, trickery, and force redirecting or buying the information through the internet. Secondly, to avoid or hide any individual identity from court proceedings and law enforcement agencies, the same as using personal information for financial benefits.

7. The role of a bank is to protect data

Banks are supposed to be among the most trusted and reputable organizations globally. Most banks, financial institutions, and credit card companies have implemented customer data protection plans to safeguard against identity theft and to facilitate the recovery of funds in cases of fraudulent purchases. Additionally, private insurance and credit reporting companies offer fee-based identity theft protection plans, although these may receive mixed reviews regarding their effectiveness.

Furthermore, banks have implemented biometric authentication systems as a security measure. Biometric data, such as fingerprints or facial recognition, cannot be easily stolen, forgotten, or lost, making it a popular choice for enhancing security in financial institutions.

Identity theft is a serious crime that results in financial losses for customers, stakeholders, and banks alike. Both banks and customers share responsibility for preventing this crime. Banks have a duty to protect customers’ financial data and account details by implementing clear and documented data management processes, setting up secure Internet systems, using secure data storage, and conducting regular security checks. Verification checks should be user-friendly yet difficult for criminals to replicate. Additionally, banks should incorporate fingerprint (biometric) authentication into their mobile banking applications, as this provides an extra layer of security along with one-time passwords (OTPs) [6].

Furthermore, banks should utilize the latest technology for account verification and funds transfer services. Customers also have responsibilities in preventing identity theft. They should choose strong and unique passwords for their accounts, use trustworthy financial applications, activate SMS alerts for payment transfers, and avoid using public Wi-Fi for sensitive transactions. In the event of a scam on their credit card or bank account, customers should promptly report it to the bank. Banks typically reimburse customers for stolen funds within seven working days and often use tracking devices to trace the stolen money, enabling authorities to recover it in real time.

Sometimes, banks call customers to encourage them to purchase insurance policies for protection against identity theft. These insurance policies provide financial protection for victims of identity theft and are offered by insurance and credit card companies. In some cases, banks may analyze the cardholder’s claim and provide a provisional credit limit while the claim is under investigation, even before a chargeback is approved. The bank is responsible for safeguarding its customers’ personal information, including their fund transactions and online data, using encryption software to convert sensitive information into a code that only the bank can decipher.

In physical branches, banks employ various security measures such as security cameras (both audio and video), security alarm systems, and other precautions to lessen the risk of robberies and other crimes. To further lessen operational risks, banks implement robust internal controls, conduct routine risk assessments, and provide comprehensive training to staff [7].

Security alerts are automated notifications sent by the bank to keep customers informed about any changes or updates to their personal information or account details. Whenever there is an update to your account information, the bank sends you an alert message to ensure you are aware of the changes.

A customer PIN, typically a four-digit identification number, is chosen by the account holder to be used during cash access transactions. This code is used at ATMs or when sending money to family members abroad using, for example, services like Western Union.

8. How offenders steal identities

There are two types of identity theft offenders: (1) low-frequency offenders and (2) high-frequency offenders. Both types of offenders steal personal information in several ways, including physical theft of purses and wallets or rummaging through vehicles. They also steal information from insecure mailboxes, by submitting false changes of address with the post office to direct someone’s mail to themselves, or by colluding with postal employees to steal mail. Mail that is useful to offenders includes pre-approved credit card applications, energy or telephone bills, bank or credit card statements, data from driver’s licenses, mobile SIM card data, and so on. Typically, offenders use the stolen information to obtain financial benefits. Sometimes hackers get the data from malicious applications that can steal personal information from your devices, and sometimes cybercriminals set up fake public Wi-Fi networks to attract people and redirect them to malicious websites where they can steal their personal information.

The impact of identity theft on society is significant and negative. Identity theft operates through various methods to obtain and misuse an individual’s personal information. This includes accessing discarded personal documents, intercepting emails and phone calls, theft and robbery of personal belongings, providing false information to unsuspecting individuals, tampering with court records, and hacking into government websites such as motor vehicle departments to alter or remove records [8].

9. Types of victims

Identity theft is a serious “dual crime,” that is, it usually affects two victims: the individual whose identity was stolen and the business whose service was stolen. Some studies identify other types of victims, including account holders, credit card victims, children, institutional victims, business victims, and the elderly.

10. The role of technology in identity theft

As shown, most studies of identity theft find that technology has a big role in providing opportunities for offenders to use stolen information but also techniques to thwart them. Offenders take advantage of the opportunities afforded them by the information age. If there are any weaknesses in information systems, offenders will take advantage of those weaknesses.

11. Identity theft and social networking websites

Over the past 40 years there has been a rapid increase in identity theft on online platforms such as Facebook, Twitter, MySpace, LinkedIn, and YouTube. These websites have become prime targets for identity theft, with criminals exploiting them to obtain and misuse personal information for fraudulent activities. Social media platforms like Facebook [9] and Twitter have emerged as major sources for acquiring personal information, leading to various criminal activities such as identity counterfeiting, human trafficking, and terrorism. While these illicit activities are not new, their prevalence has increased with the widespread use of stolen information. One significant challenge is the difficulty faced by law enforcement agencies In identifying victims, particularly in cases involving credit card fraud perpetrated by companies issuing credit cards [10].

12. Reasons for identity theft

Several studies have found that there are two major reasons for identity theft: the Internet and the weakness of technologies. The Internet is one of the major sources of identity theft; nowadays 1.5 million pages are working on the Google search engine, and these pages are a big source of stolen information.

13. Digital banking system

Banks, as the primary financial institutions for accepting deposits and providing lending services, have expanded their offerings to cater to consumers’ diverse needs, including consumer banking, corporate banking, and branchless banking. Consumer banking, which directly serves customers, encompasses services such as credit cards, debit cards, and consumer loans. Recent years have witnessed the advent of digital banking, characterized by a series of technological advancements. Digital products like ATMs, telebanking, Internet banking, credit cards, and debit cards have emerged as efficient channels for delivering traditional banking services worldwide. International banks were pioneers in introducing ATMs and credit cards in the mid-1990s, with local banks following suit. Cash deposit machines (CDMs) are also available in major cities to enhance customer convenience.

14. Cybersecurity systems

Cybersecurity depends on three key pillars: process, technology, and people, which work in combination to secure a company’s data protection. Previous research has outlined five principles of the Cyber Security system, these are; govern, protect, detect identify, respond, and recover. Governance involves identifying and managing security risks [11], while protection entails implementing controls to mitigate these risks. Detection is crucial for understanding cybersecurity events and identifying incidents promptly. Moreover, banks must prioritize cybersecurity training for their staff to mitigate risks of cybercrimes, breaches, and financial losses.

15. Role of the international community

Globally, many countries have recognized the importance of addressing identity theft and have taken steps to address it. Media campaigns have been launched with the aim of raising awareness about identity theft, particularly targeting individuals who frequent digital platforms. In today’s digital age, people spend a significant amount of time online, making digital platforms a crucial focus for spreading information about identity theft.

This research draws upon existing scientific studies and various resources to evaluate our current understanding of identity theft and identify areas for further study and improvement.

16. Previous studies

Serious discussions and analyses of social networking communities began in 2006 with the International Digital Media and Association. Since then, a significant body of literature has explored the use of social networking platforms by college graduate students, undergraduate students, and professionals in various fields. Among these platforms, Facebook emerges as the most commonly used, where individuals often share their identity information.

This shared information includes crucial details such as relationship status, full name, date of birth, credit card numbers [4], account numbers, personal and official email IDs, phone numbers, and complete addresses. Some individuals also disclose particularly sensitive information such as sexual orientation and political ideologies on these sites. As such, it is strongly suggested that people refrain from sharing personal information online.

There is a significant relationship between college students and social media [1], and government efforts to safeguard students’ personal information from theft or misuse by offenders on these platforms have been made. In 1998, the US Congress passed the Identity Theft and Assumption Deterrence Act. This legislation defines identity theft as knowingly using or transferring someone’s personal information without lawful permission, emphasizing its seriousness as a punishable offense under both federal and local laws. While identity theft and identity fraud are often used interchangeably, they represent distinct legal concepts but are both treated as serious crimes.

According to the researchers Ganesh and Zhao [12] and [13] the topic of natural convection in enclosures is one of the most active areas in research today of identity information sharing on social media and online websites. A lot of conferences have been held at the global level regarding identity information sharing, in the current study the writer has investigated that the structured peer-to-peer relies on consistent and robust key-based which helps to large-scale network applications similarly multicast and global scales. In his study, the researchers identified the common attack in these networks as a form of peer-to-peer identity theft. The researchers found out that the attackers can hijack the routes and destroy the data for the distrust applications, after this investigation, It has been suggested by the researchers that there should be solutions that permanently save the data from hackers.

According to Button et al. [14] in recent years, there has been an increasing amount of literature on the topic of Fraud and Victims in the world. The researchers have discussed the four major categories of fraud and victims in their dynamic research focusing on the UK-based study including the USA and Australia. The writers investigate that the frauds belonging to other countries can’t apply directly to the United Kingdom without the changing of situations. They have reviewed the available literature on fraud and victims to give a brief overview of the fraudsters and also discussed the techniques that are used. In the second part of the review typologies of victims has been discussed by the researchers here including the impact of fraud upon the victims, individuals, and small businessman. The writers also explore that some people are not reporting against the fraud and scam in media and police.

Roberts et al. [15] highlighted that cyber theft is facilitated by the gray areas inherent in online systems, providing hackers with opportunities to exploit vulnerabilities. They assert that another contributing factor is the readily available customer information on online platforms, such as data shared on web forums. Customers often provide personal details like usernames and basic information, which hackers can utilize for their malicious purposes. This accessible information, coupled with hackers’ technical skills, enables them to exploit data effectively.

Furthermore, the researchers argue that cyber theft often involves a combination of both new and old information, yielding varying outcomes for users. They also identify the introduction of new products like credit cards and mobile banking as a fourth reason for cyber theft. These products provide hackers with easy access to data from various online platforms, which they can merge with existing account details to achieve successful cyber theft outcomes.

Roberts [16] argues that identity theft involves the unlawful acquisition of an individual’s personal information. He contends that this information, often shared on social media platforms for daily activities related to banking and social interaction, becomes susceptible to theft. While advanced countries recognize such actions as criminal offenses, Roberts asserts that underdeveloped nations need to address this issue more effectively to protect their online audiences.

The responsibility, Roberts contends, falls on companies to safeguard customer data, as customers entrust them with their information. However, gray areas in banking policies contribute to the vulnerability of customer data online, providing hackers with opportunities for exploitation.

According to Victims [17], recent studies confirm that cybercrimes, including identity theft, negatively impact various sectors such as banking, finance, and business in Pakistan. These criminal activities range from the development of illegal networks for sales and purchases to providing illicit services, perpetuating systemic destruction.

Previous research underscores the complexity of combating cybercrimes, as the pervasive nature of hate and criminal intent complicates eradication efforts in society. Effective strategies against cybercrimes, as highlighted by More and Nalawade [18], involve robust public–private partnerships and international cooperation. Psychological manipulation tactics employed by cybercriminals further exacerbate the challenge of combating such crimes, as evidenced in numerous published studies.

Marshall and Tompsett [19] provide a comprehensive analysis of identity theft on social media platforms. They highlight that many victims of cyber identity theft are often unaware of how their personal information was obtained from social media profiles, despite recognizing instances of fraud on these platforms. Previous studies have indicated that a considerable proportion of identity fraud victims remain uncertain about the methods used to steal their information. For example, a report by the American Federal Trade Commission in 2001 revealed that only 1% of cybercrime cases could be directly linked to the Internet. Additionally, an article published on Fox News highlighted that only 8% of identity theft victims believed the Internet played a role in their fraud [19].

According to Lynne D. Roberts from Australia, passports are some of the most secure identity tokens, followed by social security numbers in the United States and tax file numbers in Australia. Assorted studies categorize identity theft into three main types: biometric, biographic, and attribute identity theft. Biometric identity theft involves the use of physiological attributes such as fingerprints and DNA. Biographic identity theft pertains to the theft of documentation like ID cards, while attribute identity theft occurs when an individual’s identity token, such as their name, is obtained at birth.

17. Conclusion and recommendations

While various techniques exist, there are three main types of technologies for addressing identity theft.

First are tamper-proof plastic cards, including debit cards and credit cards, checkbooks, cell phones, national identification cards (CNICs), driver’s licenses, employee IDs, and smart cards, all of which serve as a barrier against unauthorized access to personal information.

Second are tamper-proof documents such as visas, passports, birth and death certificates, letters of credit, pay slips, no-objection certificates (NOCs), documents of ownership, property titles, financial documents, and experience letters, all of which offer additional layers of security to safeguard sensitive information.

Third are firewalls and encryption software that play a crucial role in securing online transactions, such as credit card purchases, online voting, and vehicle registration renewals.

Moreover, the emergence of remote frequency chip IDs enables authorities to track individuals who illegally obtain confidential information. These chips are increasingly utilized in agriculture, automotive, and education sectors to monitor inventory, sales, and student movements.

Considering these advancements, it is imperative for individuals to educate themselves on financial crimes and take proactive measures to protect against identity theft. This includes refraining from sharing personal information with unverified sources on social media platforms, regularly monitoring utility bills, bank accounts, and credit card statements for suspicious activities, and exercising caution when using credit cards in public settings. Additionally, creating complex and secure passwords and limiting online shopping to one credit card can mitigate the risk of misuse. Ultimately, safeguarding documents and personal records from potential offenders is crucial in maintaining security and preventing identity theft.

18. Protection from identity theft

Identity theft can happen to anyone, but you can reduce the risk of becoming a victim by following simple steps to protect your personal information.

• Safeguard your personal information at all times.

• Regularly review your credit card reports and bank account statements for any unauthorized activity.

• Be vigilant for withdrawals on your bank statement that you did not make.

• Always inquire about the purpose before sharing your sensitive information with others.

• Refuse to pay for any items or charges that you did not authorize.

• Be cautious if your loan applications are denied unexpectedly.

• Freeze all accounts that may have been compromised.

• Place a fraud alert on your credit card to alert potentially fraudulent activity.

• Take notice if your mail stops arriving or goes missing from your mailbox.

• Pay attention if your credit card suddenly stops working.

• Be wary if your checks bounce or stores refuse to accept them.

• Take action if your bank, credit card company, or other financial service provider notifies you to reset your password without your initiation.